Zimbra Collaboration - Unrestricted File Upload

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

Security Bulletin: Multiple Vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple Vulnerabilities Addressed in IBM Aspera Enterprise WebApps Version 1.0.3 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization wh...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2.1 Vulnerability Details CVEID:CVE-2026-33306 DESCRIPTION: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat10: tomcat10-10.1.54-1.hum1 noarch tomcat10-admin-webapps-10.1.54-1.hum1 noarch tomcat10-common-10.1.54-1.hum1 noarch tomcat10-docs-webapp-10.1.54-1.hum1 noarch...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat11: tomcat11-11.0.21-0.1.hum1 noarch tomcat11-admin-webapps-11.0.21-0.1.hum1 noarch tomcat11-docs-webapp-11.0.21-0.1.hum1 noarch tomcat11-el-6.0-api-11.0.21-0.1.hum1 noarch...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1496)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1496 advisory. mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprice WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprice WebApps version 1.0.1 Vulnerability Details CVEID:CVE-2025-66567 DESCRIPTION: The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an...

EUVD-2013-1095

Malware in sbrugna...

EUVD-2012-4479

Malware in sbrugna...

EUVD-2013-1094

Malware in sbrugna...

EUVD-2021-0837

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-28163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the...

RHEL 8 : jetty (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty: crafted URIs allow bypassing security constraints CVE-2021-34429 - In Eclipse Jetty 9.4.6.v2017053...

WordPress Poll Maker 5.3.2 SQL Injection

Exploit Title: WordPress Poll Maker Plugin SQL Injection Date: 2024-07-11 Exploit Author: tmrswrr Category : Webapps Vendor: https://ays-pro.com/wordpress/poll-maker Version 5.3.2 1. Access the Admin Panel: - Navigate to the admin panel of your WordPress site. - Go to Poll Maker Results...

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery 2.3.6 SQL Injection Vulnerability

Exploit Title: Wordpress Video Gallery - YouTube Gallery and Vimeo Gallery Plugin SQL Injection Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://total-soft.com/wp-video-gallery/ Version 2.3.6 1. Access the Admin Panel: - Navigate to the admin panel of your WordPress site. - Go ...

WordPress Photo Gallery 1.8.26 Cross Site Scripting

Exploit Title: Wordpress Photo Gallery Version 1.8.26 Stored XSS Date: 2024-07-03 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://10web.io/plugins/wordpress-photo-gallery/ Version 1.8.26 Steps to Execute the Payload: 1. Click Photo Gallery Themes Edit Themes...

WordPress WPCode Lite 2.1.14 Cross Site Scripting

Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS Date: 2024-06-30 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://wpcode.com/?utmsource=wprepo&utmmedium=link&utmcampaign=liteplugin Version 2.1.14 Steps to Execute the Payload: 1. Access the Admin Panel: - Navigate...

Flatboard 3.2 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Flatboard 3.2 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://flatboard.org/ Version: 3.2 PoC: 1-Login admin panel , go to this url : https://127.0.0.1//Flatboard/index.php/forum 2-Click Add Forum and write in...

Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Flatboard 3.2 - Stored Cross-Site Scripting XSS Authenticated Date: 2024-06-23 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://flatboard.org/ Version: 3.2 PoC: 1-Login admin panel , go to this url : https://127.0.0.1//Flatboard/index.php/forum 2-Click Add Forum...

Flatboard 3.2 Cross Site Scripting

Exploit Title: Flatboard v3.2 - Stored XSS Date: 2024-06-23 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://flatboard.org/ Version: 3.2 ---------------------------------------------------------------------------------------------------- 1-Login admin panel , go to this url :...