CVE-2023-44161 (cyber_protect)
Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Read MoreSensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Read MoreStored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Read MoreSiberianCMS – CWE-284 Improper Access Control Authorized user may disable a security feature over the network
Read MoreAn OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the...
Read MoreSiberianCMS – CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) by an unauthenticated user
Read MoreSiberianCMS – CWE-434: Unrestricted Upload of File with Dangerous Type – A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method
Read MoreIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server’s Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP...
Read MoreIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server...
Read MoreIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and...
Read MoreIn WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server’s Management module. An attacker with administrative privileges could import a SSL certificate with...
Read MoreIn WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
Read MoreIn WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the ‘WebServiceHost’ directory listing.
Read More