17427 matches found
ethical-hacking-excersises
Exploitation Techniques – Course Exercises Repository Over...
Malicious Package
Overview @t4i-cms-components/contact-card is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the VerifyBundle function in the verify.go file. An attacker can bypass artifact integrity checks by crafting a bundle that includes any arbitrary Rekor entry, allowing successful...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the VerifyBundle function in the verify.go file. An attacker can bypass artifact integrity checks by crafting a bundle that includes any arbitrary Rekor entry, allowing successful...
CVE-2023-31584
GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting XSS vulnerability via the User Input field...
CVE-2023-4879
Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...
CVE-2021-28954
In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository...
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...
CVE-2022-38795
In Gitea through 1.17.1, repo cloning can occur in the migration function...
CVE-2022-23738
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to crea...
CVE-2022-23739
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that a...
CVE-2022-31548
The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31584
The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31513
The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31504
The ChangeWeDer/BaiduWenkuSpiderflaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31566
The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31522
The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31568
The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31586
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31551
The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...