20 matches found
CVE-2026-33478
WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The clones.json.php endpoint exposes clone secret keys without...
CVE-1999-0473
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred...
EUVD-1999-0472
Malware in sbrugna...
EUVD-2018-13230
Malware in sbrugna...
EUVD-2025-3680
Malicious code in bioql PyPI...
Improper Input Validation
github.com/drakkan/sftpgo is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of the client-provided rsync command, allowing an authenticated remote user to read or write files with the permissions of the SFTPGo server process...
CVE-2025-24366
SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...
GO-2025-3458 SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo
SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2025-24366
SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...
CVE-2025-24366 Insufficient sanitization of user provided rsync command in SFTPGo
SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...
SFTPGo has insufficient sanitization of user provided rsync command
Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote...
GHSA-VJ7W-3M8C-6VPX SFTPGo has insufficient sanitization of user provided rsync command
Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote...
CVE-2018-20683
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P...
PT-2021-22703 · Octorpki +1 · Octorpki +1
Name of the Vulnerable Software and Affected Versions: octorpki versions up to 1.4.1 Description: The issue arises when octorpki uses the "-a" flag with rsync, which forces the copying of binaries with the suid bit set as root. Given that the service definition defaults to root, this could...
OPENSUSE-SU-2019:0054-1 Security update for gitolite
This update for gitolite fixes the following security issue: - CVE-2018-20683: The rsync command line was not handled correctly, allow malicious rsync options boo1121570 The version update to 3.6.11 also contains a number of upstream bug fixes...
EUVD-2019-13102
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...
MGASA-2019-0058 Updated gitolite packages fixes security vulnerability
In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P CVE-2018-20683...
Security update for gitolite (moderate)
openSUSE Security Update: Security update for gitolite Announcement ID: openSUSE-SU-2019:0054-1 Rating: moderate References: 1121570 Cross-References: CVE-2018-20683 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes one vulnerability is now...
CVE-2018-20683
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P...
CVE-1999-0473
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred...