229 matches found
CVE-2022-29622
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...
CVE-2022-29622
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...
CVE-2022-29622
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...
MGASA-2022-0109 Updated stunnel packages fix security vulnerability
Update to 5.62 including new features and bugfixes: Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests bsc1182529. - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service bsc1181400. New features - Added new "protocol ...
Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag!
Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag! By Trellix · February 8, 2022 Research Contributions and Analysis: Filippo Sitzia This story was written by Arnab Roy Threat Summary Blackcat also known as ALPHV/Noberus is a Ransomware as a Service...
Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag!
Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag! By Trellix · February 8, 2022 Research Contributions and Analysis: Filippo Sitzia This story was written by Arnab Roy Threat Summary Blackcat also known as ALPHV/Noberus is a Ransomware as a Service...
Sphinx Technologies Sphinx 路径遍历漏洞
Sphinx Technologies Sphinx is a full-text F/OSS search engine from Sphinx Technologies, USA. Sphinx Technologies Sphinx suffers from a path traversal vulnerability that stems from the discovery that sphinxsearch, a fast standalone full-text SQL search engine, can be allowed to abuse configuration...
SUSE-SU-2021:4147-1 Security update for chrony
This update for chrony fixes the following issues: Chrony was updated to 4.1: Add support for NTS servers specified by IP address matching Subject Alternative Name in server certificate Add source-specific configuration of trusted certificates Allow multiple files and directories with trusted...
CVE-2021-22868 Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...
Template Injection
hbs is vulnerable to template injection. The vulnerability exists due to a lack of sanitization of configuration options when input into the system via the Express render API. An attacker is able to view a file by overwriting an internal configuration option...
TryGhost express-hbs information disclosure vulnerability
TryGhost express-hbs is an Express handlebar template engine with multiple layouts, blocks and cache sections. tryGhost express-hbs suffers from an information disclosure vulnerability that stems from the product's Express render API mixing pure template data with engine configuration options,...
CVE-2021-32822 File disclosure in hbs
The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express rende...
CVE-2021-22867 Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Squirrelly
CVE-2021-32819 CVE-2021-32819 : SquirrellyJS mixes pure templa...
Remote Code Execution (RCE)
squirrelly is vulnerable to remote code execution. The vulnerability exists because of an insecure template handling, allowing overwriting of internal configuration options that can trigger remote code execution...
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
Remote code execution
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
CVE-2021-32820 File disclosure in Express Handlebars
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
CVE-2021-32819 Remote code execution in squirrelly
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...