21 matches found
Astra Linux - уязвимость в rsync
A flaw was discovered in rsync. It allows a server to enumerate the contents of an arbitrary file from the client’s machine. This issue occurs when files are being copied from the client to the server. During this process, the rsync server sends checksums of local data to the client for compariso...
CVE-2026-23485
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...
CVE-2026-23485
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...
EUVD-2026-14539
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...
CVE-2026-23485 Blinko: Unauthorized Path Traversal File Enumeration - music-metadata
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...
CVE-2026-23485
Blinko, a AI-powered card note-taking project , has a path-traversal vulnerability in the filePath parameter prior to version 1.8.4 , enabling enumeration of server files via differing error responses. The issue is patched in version 1.8.4 ; upgrade to 1.8.4 or later to mitigate.
EUVD-2024-32765
Malicious code in bioql PyPI...
CVE-2025-31134
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server...
CVE-2024-4692
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText...
CVE-2024-4211
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation...
SUSE CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...
CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...
ALPINE-CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...
CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...
CVE-2024-4692
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText...
Adobe Campaign path traversal vulnerability
Adobe Campaign is an Adobe Experience Cloud solution for cross-channel campaign management. Learn how to create, coordinate, and deliver dynamic campaigns using rich customer data via email, mobile devices, offline campaigns, and more.A path traversal vulnerability exists in Adobe Campaign 21.2.1...
ObjectPlanet Opinio 7.13 Expression Language Injection Vulnerability
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26565 Exploit Title: ObjectPlanet Opinio version 7.13 allows expression language injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors:...
Gopher gophermap Scanner
This module identifies Gopher servers, and processes the gophermap file which lists all the files on the server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gopher gophermap Scanner',...
Nmap NSE net: smb-psexec
This script implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a...
Microsoft IIS 5.0 - Failure To Log Undocumented TRACK Requests
Microsoft IIS 5.0 - Failure To Log Undocumented TRACK Requests source: https://www.securityfocus.com/bid/9313/info A vulnerability has been reported to affect Microsoft IIS. It has been reported that IIS fails to log HTTP TRACK calls made to the affected server. A remote attacker may exploit this...