BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

EUVD-2020-30845

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...

CVE-2020-36884

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...

CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...

BrightSign Digital Signage Diagnostic Web Server 代码问题漏洞

BrightSign Digital Signage Diagnostic Web Server is a troubleshooting and configuration tool from BrightSign USA. A code issue vulnerability exists in BrightSign Digital Signage Diagnostic Web Server version 8.2.26 and earlier, which stems from a server-side request forgery in the url parameter o...

PT-2025-50508

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...

EUVD-2017-11461

Malware in sbrugna...

EUVD-2020-20581

Malware in sbrugna...

EUVD-2021-27527

Malicious code in bioql PyPI...

EUVD-2024-30660

Malicious code in bioql PyPI...

Malicious code in web-speed-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a061b921a44e1b6ddb0a7050eb5156679a950673f1fcfa787aa15ada94251219 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5188 Malicious code in web-speed-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a061b921a44e1b6ddb0a7050eb5156679a950673f1fcfa787aa15ada94251219 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

CVE-2024-36060

EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters...

CVE-2021-40349

e7d Speed Test aka speedtest 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring...

CVE-2020-28094

On Tenda AC1200 Model AC6 15.03.06.51multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning...

CVE-2019-18370

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...