Elastic Logstash 8.10.x < 8.11.1 Information Disclosure Vulnerability (ESA-2023-26)

Elastic Logstash is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-46672

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

CVE-2023-46672

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

Design/Logic Flaw

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

CVE-2023-46672 Logstash Insertion of Sensitive Information into Log File

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

Incorrect delegate token URI in MarketMetadata.sol.

Lines of code Vulnerability details Impact Web3 logic may be error prone by the wrong delegate token URL. Proof of Concept In DelegateToken.tokenURL, MarketMetadata.delegateTokenURI is called. MarketMetadata.delegateTokenURI is as follows. File: MarketMetadata.sol 37: function...

CVE-2023-30195

In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...

CVE-2023-30195

In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

GHSA-XMG8-W465-MR56 SQL Injection in Translation Export API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

GVision - A Reverse Image Search App That Use Google Cloud Vision API To Detect Landmarks And Web Entities From Images, Helping You Gather Valuable Information Quickly And Easily

GVision is a reverse image search app that use Google Cloud Vision API to detect landmarks and web entities from images, helping you gather valuable information quickly and easily. About Google Cloud Vision API Google Cloud Vision API is a machine learning-powered image analysis service that...

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

ThreatHound - Tool That Help You On Your IR & Threat Hunting And CA

This tool will help you on your IR & Threat Hunting & CA. just drop your event log file and anlayze the results. New Release Features: support windows ThreatHound.exe C for Linux based new vesion available in C also now you can save results in json file or print on screen it as you want by arg...

Information Disclosure

github.com/anchore/syft is vulnerable to Information Disclosure. The vulnerability exists due to the SYFTATTESTPASSWORD environment variable in the syft logs leaking when -vv or -vvv are used in the syft command which is any log level = DEBUG and in the attestation or SBOM only when the syft-json...

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

SCodeScanner - Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features 1. Supported PHP Language 2...

LDAP Query and Enumeration Module

This module allows users to query an LDAP server using either a custom LDAP query, or a set of LDAP queries under a specific category. Users can also specify a JSON or YAML file containing custom queries to be executed using the RUNQUERYFILE action. If this action is specified, then QUERYFILEPATH...

[SECURITY] Fedora 35 Update: golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc35

Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...

Remote code execution

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle...