Exploit for Cross-site Scripting in Dandulaney Dan\'S_Embedder_For_Google_Calendar

CVE-2023-51504 This is a dockerized reproduction of the MotoCM...

Docker Desktop 代码注入漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

PT-2023-7362 · Docker · Play With Docker

Name of the Vulnerable Software and Affected Versions: Play With Docker versions prior to 0.0.2 Description: The issue is related to an insecure CAP SYS ADMIN privileged mode in Play With Docker, which is associated with inadequate access control. This can be exploited by a remote attacker to...

This Week in Spring - June 6th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what an insane week it's been! Long story short, I've spent 10-12 hours a day over the last five days migrating a dozen differnet applications and services from one GKE cluster to another, taking the time to update things...

Security Bulletin: IBM Edge Application Manager has a vulnerability listed in CVE 2023-28154. IBM has addressed this vulnerability.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in CVE 2023-28154. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment feature by the...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-33246 RocketMQ Remote Code Execution Exploit CVE-2023...

CVE-2023-33979

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

Information disclosure

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

CVE-2023-33979 gpt_academic's Configuration File vulnerable to File Information Disclosure

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

CVE-2023-33979

The CVE-2023-33979 issue affects gpt_academic (3.37 and earlier), where improper handling of the Configuration File Handler allows manipulation of the file argument resulting in information disclosure. Read access via the /file route can leak sensitive information from working directories, partic...

CVE-2023-33979 gpt_academic's Configuration File vulnerable to File Information Disclosure

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS...

Security Bulletin: IBM Edge Application Manager is vulnerable to an Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') due to Node.js ejs

Summary IBM Edge Application Manager 4.5 addresses the vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary code on the system, caused by a server-side template injection flaw in...

Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-23436 DESCRIPTION: Node.js immer module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw...

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of objec...

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2021-42740 DESCRIPTION: Node.js shell-quote module could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw with windows drive...

Code injection

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

CVE-2023-32696 Excessive permissions for ckan user

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

CVE-2023-32696 Excessive permissions for ckan user

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

PT-2023-23970 · Ckan · Ckan

Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.9.9 CKAN versions prior to 2.10.1 Description: CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user, equivalent to www-data, owned co...