Remote code execution

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle...

Open redirect

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

CVE-2021-34083

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

tlog bug fix and enhancement update

An update is available for tlog. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tlog is a terminal I/O recording program similar to "script", but used in place ...

Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments

The software is a booking management system that has a public form to place bookings, and a private area for the calendar and management of services, users, settings, etc. There is a backend API that allows data manipulation, including listing the appointments for a specific time range. This...

in alextselegidis/easyappointments

Description The software is a booking management system that has a public form to place bookings, and a private area for the calendar and management of services, users, settings, etc... There is a backend API that allows data manipulation, including listing the appointments for a specific time...

MISP Cross-Site Scripting Vulnerability (CNVD-2021-61086)

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics, and has features such as threat network security event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP, which stems from...

CVE-2021-37743

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

CVE-2021-37743

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

Cross site scripting

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

CVE-2021-37743

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection

PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to information disclosure. User credentials are printed an error message in JSON format when a user with update permissions to an Application edits the manifest of a Secret resource in the UI with invalid input...

Profil3r - OSINT Tool That Allows You To Find A Person'S Accounts And Emails + Breached Emails

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Prerequisite Python 3 Installation git clone...

Gitlab-Watchman - Monitoring GitLab For Sensitive Data Shared Publicly

GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally. Features It searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP keys and...

MUD-Visualizer - A Tool To Visualize MUD Files

This tool can be used to visualize the MUD files in JSON format. Motivation MUD files are plain text files in JSON format that contain ACL rules for a device. A MUD file can contains tens or hundrends of ACL rules which makes it difficult to read and validate the files manually. mud-visualizer wi...

TikTok: CSRF To Add New App In Developer Account And Bypassing Json Format

The researcher found a CSRF issue allowing a malicious user to add arbitrary applications to a developer's account...

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

CVE-2020-16240

GE Digital APM Classic (Versions 4.4 and prior) is vulnerable to CVE-2020-16240: an Authorization Bypass Through User-Controlled Key (IDOR) that allows unauthorized users to download sensitive user‑account data in JSON . Root cause: insecure IDOR enabling data exfiltration. Affected product: GE D...