Timing Attack

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Timing Attack via the login endpoint. An attacker can determine whether a username or email exists in the database by...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.8.0-alpha.6 and 8.6.74. These vulnerabilities stemmed from differences in login endpoint...

EUVD-2024-38239

Malicious code in bioql PyPI...

BIT-SOLR-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

GHSA-68R2-FWCG-QPM8 Apache Solr vulnerable to Execution with Unnecessary Privileges

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

Apache Solr vulnerable to Execution with Unnecessary Privileges

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

CVE-2024-52012

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

CVE-2024-52012

Apache Solr (Windows) is affected by CVE-2024-52012: a relative path traversal (zip slip) via the configset upload API that can allow arbitrary file writes to the filesystem. Affected versions are Solr 6.6 through 9.7.0. The root cause is insufficient input sanitation in the configset upload path...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS suffers from an incorrectly specified parameter vulnerability that could be exploited by an attacker to cause an...

PT-2024-9300 · Dell · Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.x Description: The issue is related to an improper resource unlocking vulnerability in the PowerScale OneFS operating system. This could allow a remote attacker with low privileges to explo...

WordPress MaxButtons Plugin <= 9.7.8 is vulnerable to Sensitive Data Exposure

Software MaxButtons Type Plugin Vulnerable versions = 9.7.8 Fixed in 9.8.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6499 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c468e4e161ae Credits stealthcopter Required privileg...

WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload

Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...

CVE-2024-39807

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...

CVE-2024-39353

Mattermost Server vulnerability CVE-2024-39353 affects versions 9.5.x (

PT-2024-28677 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue arises from the improper sanitization of recipients of a webhook event, allowing an attacker who is monitoring these events to obtain the channel IDs of...

PT-2024-26936 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue arises when Mattermost is used with shared channels and multiple remote servers are connected. In such cases, the system fails to verify that the remote...

CVE-2024-29170

Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service...

ISC BIND DoS Vulnerability (CVE-2011-2465) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

ISC BIND DoS Vulnerability (CVE-2011-2465) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) - Contributor+ Stored Cross-Site Scripting

Description Post authors are able to bypass KSES restrictions in WordPress = 5.9 and or Gutenberg = 9.8.0 due to the order filters are executed, which could allow them to perform to Stored Cross-Site Scripting attacks As a user without the UNFILTEREDHTML capability, create a post containing the...