6358 matches found
ROS-2-1203
2.1203 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-566
2.566 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-1443
2.1443 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-1585
2.1585 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-1880
2.1880 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-1545
2.1545 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-2028
2.2028 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...
GHSA-JPGW-2R9M-8QFW Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...
CVE-2023-36809
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...
GHSA-MVJ3-QRQH-CJVR CometBFT PeerState JSON serialization deadlock
Impact An internal modification to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. Via logs Setting the consensus logging module to "debug" level should not happen in production, and...
CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...
CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...
CVE-2023-36809
Kiwi TCMS prior to version 12.5 is impacted by a stored XSS issue tied to how uploaded attachments (test plans, test cases, etc.) are served. The root cause involved an earlier attempt to treat all uploaded files as plain text to prevent script execution, but some browsers (e.g., Firefox) could i...
CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...
PT-2023-8825 · Kiwi Tcms · Kiwi Tcms
Name of the Vulnerable Software and Affected Versions: Kiwi TCMS versions prior to 12.5 Description: The issue is related to the upload of attachments to test plans and test cases in Kiwi TCMS. Earlier versions of Kiwi TCMS had changes to serve all uploaded files as plain text to prevent browsers...
The Bug Report - June 2023 Edition
The Bug Report – June 2023 Edition By Trellix · July 05, 2023 This story was also written by Jesse Chick. Can I have a word with the developers who greenlit these vulns? Why am I here? "To our newcomers, welcome! To our old hands, welcome back!" Iykyk. Every month, we chronicle the disruptive new...
ApPHP MicroCMS 1.0.1 Host Header Injection
==================================================================================================================================== | Title : ApPHP MicroCMS v1.0.1 Host header attack Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Critical Photon OS Security Update - PHSA-2023-3.0-0606
Updates of 'kube-bench', 'linux-rt', 'linux-esx', 'linux-secure', 'nxtgn-openssl', 'nginx-ingress', 'nodejs', 'linux-aws', 'ntp', 'linux' packages of Photon OS have been released...
Bropper - An Automatic Blind ROP Exploitation Tool
An automatic Blind ROP exploitation python tool Abstract BROP Blind ROP was a technique found by Andrew Bittau from Stanford in 2014. Original paper Slides Most servers like nginx, Apache, MySQL, forks then communicates with the client. This means canary and addresses stay the same even if there ...