63 matches found
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...
CVE-2026-49842
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
CVE-2026-49842
CVE-2026-49842 - FreeSWITCH mod_verto pre-auth bandwidth amplification : Before v1.11.1, FreeSWITCH’s mod_verto WebSocket frame loop processed a #-prefixed speed-test protocol (#SPU/#SPB/#SPE) prior to authentication. The payload size in #SPU was parsed with atoi() and non-positive values were re...
CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
EUVD-2026-35473
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
CVE-2026-49842
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
EUVD-2020-30845
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
CVE-2020-36884
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
BrightSign Digital Signage Diagnostic Web Server 代码问题漏洞
BrightSign Digital Signage Diagnostic Web Server is a troubleshooting and configuration tool from BrightSign USA. A code issue vulnerability exists in BrightSign Digital Signage Diagnostic Web Server version 8.2.26 and earlier, which stems from a server-side request forgery in the url parameter o...
PT-2025-50508
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
EUVD-2017-11461
Malware in sbrugna...
EUVD-2020-20581
Malware in sbrugna...
EUVD-2021-27527
Malicious code in bioql PyPI...
EUVD-2024-30660
Malicious code in bioql PyPI...
Malicious code in web-speed-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a061b921a44e1b6ddb0a7050eb5156679a950673f1fcfa787aa15ada94251219 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5188 Malicious code in web-speed-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a061b921a44e1b6ddb0a7050eb5156679a950673f1fcfa787aa15ada94251219 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-36061
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...
CVE-2024-36060
EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters...