CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability in the ArtifactReady WebSocket messages. Unsanitized path components in artifact_name (and download_path) allow a malicious build server to write arbitrary content to any location writable by the running process, potentially overwritin...

CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

PT-2026-48673

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact name field of ArtifactReady WebSocket messages. Attackers...

WordPress Digital Climate Strike WP plugin <= 1.0.0 - Redirect to malicious websites

Redirect to malicious websites found by Steve Perry in WordPress Digital Climate Strike WP plugin versions = 1.0.0. Solution 2021-01-21 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of January 20, 2021 and is not available f...

kernel security and bug fix update

4.18.0-193.1.22.OL8 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 4.18.0-193.1.22 - net netlabel: cope with NULL catmap Paolo Abeni 1827249...

teenvogue.com XSS vulnerability

Open Bug Bounty ID: OBB-488689 Description| Value ---|--- Affected Website:| teenvogue.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Where’s My Perry? Free - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Where’s My Perry? Free published at the 'play' market has multiple vulnerabilities...

Katy Perry Pop - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Katy Perry Pop published at the 'play' market has multiple vulnerabilities...

Drupal HTTP Parameter Key/Value SQL Injection Vulnerability

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...

CVE-2014-5606

The Where's My Perry? Free aka com.disney.WMPLite application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5606

The CVE-2014-5606 entry concerns the Android app Where’s My Perry? Free (package com.disney.WMPLite ) version 1.5.1 . The vulnerability arises because the app does not verify X.509 certificates from SSL servers, allowing attackers to perform a man-in-the-middle attack and obtain sensitive informa...

CVE-2014-5606

The Where's My Perry? Free aka com.disney.WMPLite application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Unfixed XSS vulnerability at www.perryrhodan.net

Security researcher Viper.aT, has submitted on 14/08/2008 a cross-site-scripting XSS vulnerability affecting www.perryrhodan.net, which at the time of submission ranked 187665 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/06/2009. It is...