Crater Invoice Crater 代码问题漏洞

Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. A security vulnerability exists in Crater Invoice Crater versions prior to 6.0.6 that stems from insecure deserialization ...

Metasploit Weekly Wrap-Up

Capture Plugin Capturing credentials is a critical and early phase in the playbook of many offensive security testers. Metasploit has facilitated this for years with protocol-specific modules all under the auxiliary/server/capture. Users can start and configure each of these modules individually,...

Pacemaker 授权问题漏洞

Pacemaker is a scalable, high-availability cluster resource manager. An authorization issue vulnerability exists in pcs in the Pacemaker management tool that stems from the pcs daemon allowing accounts with expired accounts and passwords to log in when using PAM authentication...

DRUPAL-CORE-2022-006

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which may affect some Drupal sites. We are issuing this security advisory outside our regular Drupal security release window schedule since Guzzle has...

cc.akkaha:asura-core_2.12 (=0.3.0), cc.akkaha:asura-dubbo_2.12 (>=0.2.0 <=0.6.0) +285 more potentially affected by CVE-2021-25640 via com.alibaba:dubbo (>=2.5.10 <=2.6.8)

com.alibaba:dubbo MAVEN version =2.5.10, =0.2.0, =0.1.5, =0.1.5, =11.0.1-RELEASE, =11.0.1-RELEASE, =1.0, =1.4.0, =1.4.0, =1.4.0, =1.0.0, =1.0.1 and more Source cves: CVE-2021-25640 Source advisory: OSV:GHSA-GW4J-4229-Q4PX...

Metasploit Weekly Wrap-Up

CVE-2022-21999 - SpoolFool Our very own Shelby Pace has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 10.0 Build...

GHSA-8V3J-JFG3-V3FV Prototype Pollution in Sails.js

Sails.js = 1.5.2 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules. A patch is available in the master branch of Sails.js's GItHub repository...

CVE-2021-44908

CVE-2021-44908 describes a prototype pollution flaw in Sails.js where the vulnerability exists in the function loadActionModules() inside controller/load-action-modules.js. The affected software is Sails.js versions up to and including 1.4.0. The underlying cause is prototype pollution, enabling ...

CVE-2021-45791

Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/membertype.php, /admin/modules/system/usergroup.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users...

Sql injection

Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/membertype.php, /admin/modules/system/usergroup.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users...

CVE-2021-45792

Slims9 Bulian 9.4.2 is affected by Cross Site Scripting XSS in /admin/modules/system/customfield.php...

CVE-2021-45791

CVE-2021-45791 affects Slims8 Akasia 8.3.1. A SQL injection exists in multiple admin modules (bibliography, member_type, user_group, membership index) via the dir parameter, due to insufficient input escaping/validation. Exploitation is described as feasible by remotely authenticated librarian us...

Sails.js 注入漏洞

Sails.js is a Node.js-based web application framework from Sails, Inc. Sails.js suffers from an injection vulnerability that originates in the loadActionModules function in controller/load-action-modules.js, which is susceptible to a prototype contamination vulnerability. The vulnerability affect...

Slims8 Akasia SQL注入漏洞

Slims8 Akasia is a software of the Slims community in Indonesia. It is used for library resource management e.g. books, journals, digital documents and other library materials and administration.An SQL injection vulnerability exists in Slims8 Akasia version 8.3.1, which stems from missing SQL...

io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2022-27196 via org.jvnet.hudson.plugins:favorite (>=1.16 <=2.3.1)

org.jvnet.hudson.plugins:favorite MAVEN version =1.16, =1.0-alpha-1, =1.27.17, =1.0.0, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =0.1, =1.0.0 Source cves: CVE-2022-27196 Source advisory: OSV:GHSA-874R-46C6-7P4R...

Huawei Emui and Magic UI Bastet modules have unspecified vulnerabilities

Huawei Emui is a mobile operating system developed on Android.Magic Ui is a mobile operating system developed on Android.Huawei Emui and Magic UI Bastet modules have a security vulnerability that can be exploited by attackers to compromise the integrity...

gnuhealth-all-modules (>=4.0.4 <=4.4.1) potentially affected by CVE-2022-26662 via proteus (=6.0.10)

proteus PYPI version =6.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on proteus and may be impacted: - gnuhealth-all-modules =4.0.4, =4.4.1 Source cves: CVE-2022-26662 Source advisory: OSV:GHSA-PM3H-MM62-PWM8...

gnuhealth-all-modules (>=4.0.4 <=4.4.1) potentially affected by CVE-2022-26661 via proteus (=6.0.10)

proteus PYPI version =6.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on proteus and may be impacted: - gnuhealth-all-modules =4.0.4, =4.4.1 Source cves: CVE-2022-26661 Source advisory: OSV:GHSA-CJ78-RGW3-4H5P...

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...

HUAWEI EMUI和Honor Magic Ui 安全漏洞

Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Wi-Fi modules have a privilege control vulnerability that could be exploited by attackers to obtain sensitive information...