20 matches found
CVE-2026-33478
WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The clones.json.php endpoint exposes clone secret keys without...
CVE-1999-0473
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred...
EUVD-1999-0472
Malware in sbrugna...
EUVD-2018-13230
Malware in sbrugna...
EUVD-2025-3680
Malicious code in bioql PyPI...
Improper Input Validation
github.com/drakkan/sftpgo is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of the client-provided rsync command, allowing an authenticated remote user to read or write files with the permissions of the SFTPGo server process...
CVE-2025-24366
SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...
GO-2025-3458 SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo
SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2025-24366
SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...
CVE-2025-24366 Insufficient sanitization of user provided rsync command in SFTPGo
SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...
GHSA-VJ7W-3M8C-6VPX SFTPGo has insufficient sanitization of user provided rsync command
Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote...
SFTPGo has insufficient sanitization of user provided rsync command
Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote...
CVE-2018-20683
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P...
PT-2021-22703 · Octorpki +1 · Octorpki +1
Name of the Vulnerable Software and Affected Versions: octorpki versions up to 1.4.1 Description: The issue arises when octorpki uses the "-a" flag with rsync, which forces the copying of binaries with the suid bit set as root. Given that the service definition defaults to root, this could...
OPENSUSE-SU-2019:0054-1 Security update for gitolite
This update for gitolite fixes the following security issue: - CVE-2018-20683: The rsync command line was not handled correctly, allow malicious rsync options boo1121570 The version update to 3.6.11 also contains a number of upstream bug fixes...
EUVD-2019-13102
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...
MGASA-2019-0058 Updated gitolite packages fixes security vulnerability
In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P CVE-2018-20683...
Security update for gitolite (moderate)
openSUSE Security Update: Security update for gitolite Announcement ID: openSUSE-SU-2019:0054-1 Rating: moderate References: 1121570 Cross-References: CVE-2018-20683 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes one vulnerability is now...
CVE-2018-20683
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P...
CVE-1999-0473
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred...