CVE-2026-4196 D-Link DNS-1550-04 remote_backup.cgi cgi_set_rsync_server command injection

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...

Rsync: rsync server leaks arbitrary client files

...

CVE-2024-12086 Rsync: rsync server leaks arbitrary client files

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

Engineering Firm Leaks Data on Dell, SBC and Oracle

A Texas-based firm called Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet. Firms impacted by the leak were Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin. Chris Vickery, cyber risk analyst at security...

ProFTPD 1.3.3c Trojan Source Code

== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...

Debian Security Advisory DSA 404-1 (rsync)

The remote host is missing an update to rsync announced via advisory DSA 404-1. OpenVAS Vulnerability Test $Id: deb4041.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 404-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

RHEL 2.1 / 3 : rsync (RHSA-2003:399)

Updated rsync packages are now available that fix a heap overflow in the Rsync server. rsync is a program for sychronizing files over the network. A heap overflow bug exists in rsync versions prior to 2.5.7. On machines where the rsync server has been enabled, a remote attacker could use this fla...

rsync Traversal Arbitrary File Creation

The remote rsync server might be vulnerable to a path traversal issue. An attacker may use this flaw to gain access to arbitrary files hosted outside of a module directory. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid12230; scriptversion "1.15";...

DEBIAN-CVE-2003-0962

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail...

rsync security advisory

rsync 2.5.6 security advisory ----------------------------- December 4th 2003 Background ---------- The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While the...

rsync buffer overflow in server mode

When rsync is run in server mode, a buffer overflow could allow a remote attacker to execute arbitrary code with the privileges of the rsync server. Anonymous rsync servers are at the highest risk...