Striker - A Command And Control (C2)

Striker is a simple Command and Control C2 program. Disclaimer This project is under active development. Most of the features are experimental, with more to come. Expect breaking changes. Features A Agents Native agents for linux and windows hosts. Self-contained, minimal python agent should you...

CVE-2023-28962 Junos OS: Unauthenticated access vulnerability in J-Web

An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...

CVE-2023-2059

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/selecttemplets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has...

Path traversal

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/selecttemplets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has...

CVE-2023-2059 DedeCMS select_templets.php path traversal

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/selecttemplets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has...

CVE-2023-2059

CVE-2023-2059 affects DedeCMS 5.7.87. A directory-traversal vulnerability exists in the file uploads/include/dialog/select_templets.php, exploitable via the $activepath parameter to read sensitive files. The Nuclei template confirms remote exploitation potential and provides an remediation path: ...

Huawei EulerOS: Security Advisory for mod_security (EulerOS-SA-2023-1601)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : mod_security (EulerOS-SA-2023-1601)

According to the versions of the modsecurity package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application...

CVE-2023-27602

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

CVE-2023-27602

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

springframework: DoS via data binding to multipartFile or servlet part

A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

CVE-2023-28837

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...

CVE-2023-28837 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...

CopySafe Web Protection < 3.14 - Unauthenticated Reflected XSS

The plugin does not properly sanitize and escape the file name in it's file uploads functionality before reflecting it back on the page, allowing an unauthenticated attacker to inject arbitrary web scripts via the filename of uploaded files...

PT-2023-21998 · Unknown +3 · Cloudflared +4

Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 4.1.4 and 4.2.2 Description: A memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing....

CVE-2023-23594

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...

Authentication flaw

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...

Security fix for the ALT Linux 10 package python3-module-django version 3.2.18-alt1

3.2.18-alt1 built March 31, 2023 Alexey Shabalin in task 317508 March 24, 2023 Alexey Shabalin - New version 3.2.18. - Fixes for the following security vulnerabilities: + CVE-2023-23969 Potential denial-of-service via Accept-Language headers + CVE-2023-24580 Potential denial-of-service...

PT-2023-19066 · Cl4Nx · Cl4Nx

Name of the Vulnerable Software and Affected Versions: CL4NX printer versions prior to 1.13.3-u724 r2 Description: An authentication bypass issue in the web client interface of the CL4NX printer allows remote unauthenticated attackers to execute commands intended for valid and authenticated users...

CVE-2023-23594

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...