EUVD-2024-48087

Malicious code in bioql PyPI...

EUVD-2024-47870

Malicious code in bioql PyPI...

CVE-2024-7107

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253...

CVE-2024-13240

Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05...

CVE-2024-13240

Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05...

CVE-2024-13241

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5...

CVE-2024-6400

Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in...

CVE-2024-7107

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253...

CVE-2024-7107

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253...

CVE-2024-7107

CVE-2024-7107 affects National Keep Cyber Security Services’ CyberMath. A directory traversal/file-access vulnerability allows external parties to collect data from common resource locations in CyberMath versions before CYBM.240816253. The issue is described across multiple sources (Red Hat, CVE ...

PT-2024-38080 · National Keep Cyber Security Services · Cybermath

Name of the Vulnerable Software and Affected Versions: CyberMath versions before CYBM.240816253 Description: The issue affects National Keep Cyber Security Services' CyberMath, allowing external parties to access files or directories and collect data from common resource locations. Recommendation...

CVE-2024-6878

Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24...

CVE-2024-6878

Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24...

CVE-2023-1246

Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3...

Xxe

Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3...

CVE-2023-1246 Files or Directories Accessible to External Parties in Saysis Starcities

Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations. This issue affects Starcities: through 1.3...

Keycloak Reflected XSS

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...

Open Source Database Fuzzing: FuzzDB

FuzzDB is the most comprehensive Open Source database of malicious inputs, predictable resource names, greppable strings for server response messages, and other resources like web shells. It’s like an application security scanner, without the scanner. What’s in FuzzDB? Predictable Resource...

Mozilla: resource: // documents can load privileged pages (MFSA 2015-33)

A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox...

[fuzzdb] Attack and Discovery Pattern Database for Application Fuzz Testing

fuzzdb aggregates known attack patterns, predictable resource names, server response messages, and other resources like web shells into the most comprehensive Open Source database of malicious and malformed input test cases. What's in fuzzdb? Predictable Resource Locations - Because of the...