Geoserver Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geoserver unauthenticated Remote Code Execution', 'Description' = %q GeoServer is an open-source software server written in Java that provides th...

How to Configure Automatic Virtual Disk Updates

This article contains information about how to use the Provisioning Services Automatic vDisk Update process. Background The vDisks assigned to the clients during the Automatic vDisk Update process are new versions of the vDisks currently assigned to the clients; allowing for the automatic...

CVE-2024-6035

A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...

PYSEC-2024-61

A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...

CVE-2024-6035 Stored XSS in gaizhenbiao/chuanhuchatgpt

A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...

CVE-2024-6035 Stored XSS in gaizhenbiao/chuanhuchatgpt

A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...

CVE-2024-6035

CVE-2024-6035 is a Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410. An attacker can inject malicious JavaScript into the chat history file, and when a victim uploads this file the script executes in the victim’s browser, potentially enabling user data theft, session hijack...

ChuanhuChatGPT Cross-Site Scripting Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A cross-site scripting vulnerability exists in ChuanhuChatGPT version 20240410, which originated from allowing an attacker to inject malicious JavaScript code into a chat log file,...

[SECURITY] [DSA 5727-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5727-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 10, 2024 https://www.debian.org/security/faq -...

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the...

Microsoft SQL Server Security Vulnerability

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker exploiting this vulnerability could remotely execute code. The following products and editions are...

Debian dsa-5726 : krb5-admin-server - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5726 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5726-1 [email protected]...

The vulnerability of the IBM WebSphere Application Server Liberty application server, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the IBM WebSphere Application Server Liberty application server is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

CVE-2024-5936 Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

CVE-2024-5936 Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

CVE-2024-5936

CVE-2024-5936 affects imartinez/privategpt

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...