EUVD-2018-0271

Malware in sbrugna...

EUVD-2018-11907

Malware in sbrugna...

EUVD-2019-16143

Malware in sbrugna...

EUVD-2004-2651

Malware in sbrugna...

EUVD-2004-1507

Malware in sbrugna...

EUVD-2025-16064

Malicious code in bioql PyPI...

CVE-2023-41219 D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. T...

GHSA-P6P2-QQ95-VQ5H Remote Code Execution in Custom Integration Upload

Impact The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox...

PT-2022-27942 · Allen Bradley · Micrologix 1400 +1

Name of the Vulnerable Software and Affected Versions: MicroLogix 1100 and 1400 controllers affected versions not specified Description: The issue is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver of the controllers. This may allow an attacker to accomplish...

GHSA-9VXQ-MXW5-MCGP Typo3 Arbitrary File Delete

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver...

XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)

Exploit Title: XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion Authenticated Date: 2021-07-25 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://xos-shop.com Software Link: https://github.com/XOS-Shop/xosshopsystem/releases/tag/v1.0.9 Version: 1.0.9 Tested on:...

CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion Date: 2021-07-20 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.cszcms.com Software Link: https://sourceforge.net/projects/cszcms/files/latest/download Version: 1.2.9 Tested on: Windows 10,...

ICSA-21-138-01_Emerson Rosemount X-STREAM

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Rosemount X-STREAM Gas Analyzer Vulnerabilities: Inadequate Encryption Strength, Unrestricted Upload of File with Dangerous Type, Path Traversal, Use of Persistent Cookies Containing...

Code injection

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver...

CVE-2017-13717

The CVE-2017-13717 issue affects Starry Station (Starry Router). The product exposes a webserver with Access-Control-Allow-Origin: *, enabling cross-origin requests from any hosted page. This misconfiguration allows an attacker to access device endpoints via the user’s browser, and, as described,...

SUSE-SU-2015:1851-1 Security update for apache2

The Apache2 webserver was updated to fix several issues: Security issues fixed: - The chunked transfer coding implementation in the Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to...

Accellion File Transfer Appliance web_client_user_guide.html lang Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote...

List of 8,000 FTP Credentials for Sale in Underground Forums

Hackers are targeting FTP upload sites with the hopes of redirecting victims to spam or even infecting webservers that rely on FTP applications for updates. Hold Security reported yesterday it had secured a list of credentials for close to 7,800 FTP sites being circulated in cybercrime forums. Th...

LibrettoCMS 2.2.2 - Arbitrary File Upload

LibrettoCMS 2.2.2 - Arbitrary File Upload Exploit Title : LibrettoCMS 2.2.2 Malicious File Upload Date : 14 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://libretto.artwebonline.com/ Software Link :...

[OWASP HTTP Post Tool] DoS Apache Webserver Attack

This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection. This is NO Slowloris Attack! Limitations of HTTP GET DDOS attack: - Does not work on IIS web servers or web servers with timeout limits for HTTP headers. - Easily...