WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications

WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done x Scan Static Files. Scan Metadata Of Public Documents pdf,doc,xls,ppt,docx,pptx,xlsx etc. Create a New Associated Wordlist with the Wordlist Given as a...

The vulnerability of the official interface for developing container applications in Plone Docker allows a hacker to gain access to modify or delete files.

The vulnerability of the official Plone Docker image for container applications lies in the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify or delete files using PUT a...

CVE-2024-1355

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

Command injection

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

CVE-2024-1355

CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access

Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access updates. Vulnerability Details CVEID:CVE-2023-31003 DESCRIPTION: IBM Security Access Manager Container IBM Security Verify Access...

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Windows is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacke...

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Mac is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

Design/Logic Flaw

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

Exploit for Code Injection in Apache Commons_Text

Install maven - maven-linuxhttps://www.digitalocean.com/c...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone official Docker version 5.2.13 5221, which stems from a vulnerability that allows an unauthenticated attacker to upload files to the server or delete files...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

Spring Tips: Spring Boot Testjars

Hi, Spring fans! In this installment we look at the brand new Spring Boot Testjars project, which greatly simplifies standing up and reusing satellite Java-based services like other Spring Boot-based microservices or infrastructure like the Spring Authorization Server. springboot java java21...

CVE-2024-23756

The CVE-2024-23756 issue affects Plone official Docker version 5.2.13 (5221) where HTTP PUT and DELETE methods are enabled, allowing unauthenticated attackers to upload or delete files on the server. Descriptions across multiple sources corroborate that the vulnerability enables dangerous actions...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...