Design/Logic Flaw

Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and...

CVE-2021-33669

Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and...

CVE-2021-33669

The CVE-2021-33669 entry concerns SAP Mobile SDK Certificate Provider, where insecure temporary file storage can be abused by a local, unprivileged attacker. Exploitation requires user interaction from another user and is described to potentially impact confidentiality, integrity, and availabilit...

5 #TrendTips For Better File Storage Security

Here are 5 TrendTips to secure valuable files and objects stored in the cloud via services like Amazon S3...

Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage

Git-lfs Remote Code Execution RCE exploit CVE-2020-27955 .b...

Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage

Git-lfs Remote Code Execution RCE exploit CVE-2020-27955 .b...

SnipCommand 0.1.0 - Persistent Cross-Site Scripting

Exploit Title: SnipCommand 0.1.0 - XSS to RCE Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/gurayyarar/SnipCommand Version: 0.1.0 Tested on: Windows, Linux, MacOs Software Description: Open source comman...

Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage

Git-lfs Remote Code Execution RCE exploit CVE-2020-27955 .b...

OESA-2021-1105 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

PT-2021-14439 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.40 TYPO3 versions prior to 9.5.25 TYPO3 versions prior to 10.4.14 TYPO3 versions prior to 11.1.1 Description: The issue arises from the lack of ensuring file extensions belong to configured allowed mime-types,...

Information disclosure

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions includ...

AWS File Storage Security & Scanning Basics

Keep up with how each new AWS service affects the security posture of your applications and development processes...

UBUNTU-CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

note-mark

Note Mark !License: AGPL V3https://img.shields.io/github/li...

CVE-2020-16144

When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the...

CVE-2020-16144

When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the...

CVE-2020-26286

HedgeDoc prior to 1.7.1 allows unauthenticated arbitrary file uploads to the upload storage backend (HTML/JS/PHP). It is patched in 1.7.1. Verify that stored files are allowed, as uploaded files might still be served. Workarounds: block the /uploadimage endpoint via a reverse proxy and/or restric...

Grawler - Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File

Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file. General info Grawler aims to automate the task of using google dorks with a web interface, the main idea is to provide a simple yet...

CVE-2020-26260

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...

Information disclosure

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...