55 matches found
EUVD-2019-8681
Malware in sbrugna...
EUVD-2021-29341
Malicious code in bioql PyPI...
EUVD-2021-29342
Malicious code in bioql PyPI...
XORUX LPAR2RRD 安全漏洞
XORUX LPAR2RRD is a server performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX LPAR2RRD that stems from a combination of directory traversal and file upload functionality that could lead to remote code execution...
📄 Xorux LPAR2RRD 8.04 Denial of Service
Xorux LPAR2RRD versions 8.04 and below have an issue where an authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user. KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service Title: Xorux LPAR2RRD Read Only User Denial of...
📄 Xorux XorMon-NG 1.8 Information Disclosure
Xorux XorMon-NG versions 1.8 and below has an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...
XORUX LPAR2RRD 安全漏洞
XORUX LPAR2RRD is a server performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX LPAR2RRD that stems from improper privilege management and could lead to process termination...
XORUX LPAR2RRD 安全漏洞
XORUX LPAR2RRD is a server performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX LPAR2RRD that stems from improper access control of API endpoints, which could lead to the disclosure of sensitive information...
📄 Xorux LPAR2RRD 8.04 Information Disclosure
Xorux LPAR2RRD versions 8.04 and below have an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive...
📄 Xorux LPAR2RRD 8.04 File Upload / Directory Traversal
Xorux LPAR2RRD versions 8.04 and below allow an authenticated, read-only user to upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code...
CVE-2025-54769 KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution RCE by an attacker...
CVE-2025-54769 KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution RCE by an attacker...
CVE-2025-54768 KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information...
CVE-2025-54768 KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information...
CVE-2025-54767 KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service
An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user...
CVE-2025-54767 KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service
An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user...
CVE-2025-54765 KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include...
CVE-2025-54766 KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...
Xorux XorMon-NG Web Application Privilege Escalation to Administrator
Vulnerability Details Affected Vendor: Xorux Affected Product: XorMon-NG Affected Version: 1.8 and prior Platform: Debian CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54765 2. Vulnerability Description An API endpoint that should be limited to web application...
Xorux LPAR2RRD File Upload Directory Traversal
Vulnerability Details Affected Vendor: Xorux Affected Product: LPAR2RRD Affected Version: 8.04 and prior Platform: Rocky Linux 8.10 CWE Classification: CWE-24: Path Traversal: '../filedir', CWE-434: Unrestricted Upload of File with Dangerous Type, CWE-648: Incorrect Use of Privileged APIs CVE...