18 matches found
CVE-2026-2743 SEPPmail User Web Interface Arbitrary File Write to RCE
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...
EUVD-2017-11829
Malware in sbrugna...
EUVD-2020-4044
Malware in sbrugna...
EUVD-2020-4043
Malware in sbrugna...
CVE-2025-55299
VaulTLS has an authentication issue prior to 0.9.1: user accounts created via the User web UI may have an empty (non-NULL) password, enabling login with an empty password. This is exacerbated by API login still working after frontend password checks were disabled. The vulnerability is fixed in 0....
CVE-2020-11701
An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...
CVE-2020-11702
An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...
CVE-2020-15408
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite...
CVE-2020-15408
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite...
Vastgota-Data ProVide User Web Interface Cross-Site Scripting Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A cross-site request forgery vulnerability exists in the user web interface in Vastgota-Data ProVide 13.1 and prior versions. The vulnerability stems from the WEB application not adequately...
CVE-2020-11701
An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...
CVE-2020-11701
An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...
CVE-2020-11702
An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...
CVE-2020-11701
An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...
CVE-2020-11701
ProVide (formerly zFTPServer) up to version 13.1 contains a CSRF vulnerability in the User Web Interface that allows an attacker to grant filesystem access to the public for uploading and deleting files and directories. The issue is described across multiple sources (NVD entry CVE-2020-11701 and ...
CVE-2020-11702
The CVE-2020-11702 entry affects ProVide (formerly zFTPServer) up to version 13.1, specifically its User Web Interface. The vulnerability consists of multiple stored and reflected cross-site scripting (XSS) flaws. Details from connected sources specify: Collaborate module: reflected via the filen...
CVE-2020-11702
An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...
DLA-562-1 gosa - security update
Bulletin has no description...