CVE-2026-5131 Server-Side Request Forgery in GREENmod

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

EUVD-2006-6450

Malware in sbrugna...

EUVD-2021-13762

Malware in sbrugna...

EUVD-2014-2424

Malware in sbrugna...

CVE-2025-32103

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions...

CVE-2025-32103

CrushFTP is affected: versions 9.x through 11.3.1 contain a directory-traversal flaw accessible via the /WebInterface/function/ URI that can read files exposed by SMB UNC paths, bypassing SecurityManager restrictions. Impact: potential unauthorized reading of files outside the intended directory....

SUSE CVE-2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...

Oracle Solaris Critical Patch Update : jul2022_SRU11_4_45_119_2

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with networ...

Code injection

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Oracle Solaris. Successful attacks of this vulnerability can...

CVE-2021-26989

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service DoS on clustered Data ONTAP configured for SMB access...

Code injection

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service DoS on clustered Data ONTAP configured for SMB access...

CVE-2021-26989

CVE-2021-26989 affects NetApp Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8. A remote authenticated attacker could cause a Denial of Service in clustered Data ONTAP configured for SMB access. Connected sources reiterate impacted versions and DoS impact; some advisor...

curl: SMB access smuggling via FILE URL on Windows

Summary: While CURL 7.62 parses URLs that have an ? parameter separator char after the fragment separator, CURL urlapi code treats the path with the hash part as it being the same one, this may allow some problem on specific protocols that may have a security impact. On HTTP, an attacker may be...

Update Rollup for Azure File Sync Agent – June 2019

Update Rollup for Azure File Sync Agent – June 2019 Introduction This article describes the issues that are fixed in the Update Rollup for Azure File Sync Agent that is dated June 2019. Additionally, this article contains installation instructions for the update. Improvements and issues that are...

Oracle Job Scheduler Named Pipe Command Execution

This module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex" and execute arbitrary commands received over this channel via CreateProcess. In order to connect to the Named...

iomega Home Media Network Hard Drive unauthorized access

Web interface allows SMB access to device and network it's connected to...

CVE-2006-6467

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to 1 visibility of the SMB "Home...