CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

Files Accessible to External Parties in Opencast

Opencast before version 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Impact Before Opencast 10.6, Opencast would open and include local files during...

Apache Log4j Remote Code Execution

Impact Opencast uses an Apache Log4j2 version which, combined with older JDK versions, can be used for remote code execution attacks which have been found to be actively exploited. Apache Log4j2 =2.14.1 JNDI features is not sufficiently protected. An attacker who can control log messages or log...

Simple Issue Tracker System 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Exploit Author: Bekir Bugra TURKOGLU Vendor Homepage: https://www.sourcecodester.com/php/14938/simple-issue-tracker-system-project-using-php-and-sqlite-free-download.html Software Link:...

Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

GHSA-XPWJ-7V8Q-MCGJ Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)

Impact The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Patches The...

GHSA-5PR9-V234-JW36 Remote Code Execution via traversal in TAL expressions

Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...

GHSA-JFF3-MWP3-F8CW Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup

Impact What kind of vulnerability is it? Who is impacted? Information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. Patches Has the problem been patched? What versions should users upgrade to? The problem has been fixed in versi...

Censys-Python - An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine

An easy-to-use and lightweight API wrapper for the Censys Search Engine censys.io. Python 3.6+ is currently supported. Getting Started The library can be installed using pip. $ pip install censys To configure your credentials run censys config or set both CENSYSAPIID and CENSYSAPISECRET environme...

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

Server secret was included in static assets and served to clients

Impact Server JWT signing secret was included in static assets and served to clients. This ALLOWS Flood's builtin authentication to be bypassed. Given Flood is granted access to rTorrent's SCGI interface which is unprotected and ALLOWS arbitrary code execution and usually wide-ranging privileges ...

Information Disclosure

github.com/hashicorp/terraform is vulnerable to information disclosure. Sensitive information can be disclosed to the issue tracker when crash log files are not redacted by the operator...

Diaphora - The Most Advanced Free And Open Source Program Diffing Tool

Diaphora διαφορά, Greek for 'difference' is a program diffing plugin for IDA, similar to Zynamics Bindiff or other FOSS counterparts like YaDiff, DarunGrim, TurboDiff, etc... It was released during SyScan 2015. It works with IDA 6.9 to 7.3. Support for Ghidra is in development. Support for Binary...

Acunetix Vulnerability Scanner Now With Network Security Scans

User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technolo...

Tautulli 2.1.26 Cross Site Scripting

Tautulli https://tautulli.com/ is a Python based monitoring and tracking tool for Plex Media Server. We discovered that an authenticated Plex Media Server user could change their Plex username to include JavaScript and Tautulli would fail to sanitize the username so that when the Plex Media Serve...

Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow you quickly to track down...

W3Brute - Automatic Web Application Brute Force Attack Tool

w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites. Features 1. Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process...

SQLMap v1.2.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...