WordPress Apocalypse Meow plugin <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'type' Parameter vulnerability discovered by Louis Deschanel - Patrowl in WordPress Plugin Apocalypse Meow versions = 22.1.0...

EUVD-2021-30708

Malicious code in bioql PyPI...

EUVD-2021-30709

Malicious code in bioql PyPI...

CVE-2021-43829

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and...

CVE-2021-43828

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

PatrOwl privilege management error vulnerability

PatrOwl is a scalable, free and open source solution for orchestrating secure operations. patrOwl is vulnerable to a privilege management error, which could be exploited by an attacker to download all lookup import files...

PatrOwl code issue vulnerability

PatrOwl is an extensible, free and open source solution for orchestrating secure operations. PatrOwl is vulnerable to a code issue vulnerability that allows dangerous types of files to be uploaded to the server, which could be exploited by an attacker to cause XSS attacks and potentially other...

CVE-2021-43829

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and...

CVE-2021-43828

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

CVE-2021-43829

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and...

CVE-2021-43828

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

Design/Logic Flaw

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

Design/Logic Flaw

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and...

CVE-2021-43829

PatrOwl/PatrowlManager is affected by CVE-2021-43829 (unrestricted file upload in the findings import feature). The issue enables uploading dangerous file types to the server, leading to XSS and potential code-injection vectors. Affected version range includes prior to 1.7.7; mitigation is to upg...

CVE-2021-43828 Improper Privilege Management in Patrowl

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

CVE-2021-43828

PatrOwl PatrowlManager contains an IDOR in versions prior to 1.77/1.7.7 that lets unauthenticated users download all finding import files. The files are stored in /media/imports//, with predictable owner_id and tmp_file formats (e.g., import__.json), enabling unauthorized access to the import fin...

PT-2021-23960 · Patrowl · Patrowl

Name of the Vulnerable Software and Affected Versions: PatrOwl versions prior to 1.77 Description: The issue is related to improper privilege management in PatrowlManager, allowing unlogged-in users to download all finding import files. The files are stored under /media/imports//, where owner id ...

PatrOwl 代码问题漏洞

PatrOwl is an extensible, free and open source solution for orchestrating secure operations. PatrOwl is vulnerable to a code issue vulnerability that allows dangerous types of files to be uploaded to the server, which could be exploited by an attacker to cause XSS attacks and potentially other...

PatrOwl 安全漏洞

PatrOwl is a scalable, free and open source solution for orchestrating secure operations. patrOwl is vulnerable to a privilege management error, which could be exploited by an attacker to download all lookup import files...

Cross-site Scripting (XSS) - Stored in patrowl/patrowlmanager

Description PatrOwl is vulnerable to stored XSS in asset group name. The payload will be triggered when someone try to delete the asset group. Proof of Concept https://drive.google.com/file/d/1F7m9g7s6xp-L5QKy5ACOvndWAj8g20s/view?usp=sharing Impact This vulnerability permit to an authenticate use...