CVE-2022-30286

pyscriptjs aka PyScript Demonstrator in PyScript through 2022-05-04 allows a remote user to read Python source code...

Code injection

pyscriptjs aka PyScript Demonstrator in PyScript through 2022-05-04 allows a remote user to read Python source code...

CVE-2022-30286

pyscriptjs aka PyScript Demonstrator in PyScript through 2022-05-04 allows a remote user to read Python source code...

CVE-2022-30286

CVE-2022-30286 affects pyscriptjs (PyScript Demonstrator) in PyScript up to 2022-05-04. Multiple connected sources document that a remote attacker could read Python source code from the victim’s environment via PyScript usage. The available records do not provide detailed root-cause analysis beyo...

PyScript 安全漏洞

PyScript is a framework for writing interactive web applications in PyScript. A security vulnerability exists in PyScript version 2022-05-04 and prior versions. An attacker can exploit this vulnerability to remotely read or disclose Python source code...

ChatBot Application With A Suggestion Feature 1.0 SQL Injection

Exploit Title: ChatBot Application with a Suggestion Feature 1.0 - 'id' Blind SQL Injection Date: 05/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html...

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

Covid 19 Travel Pass Management System v1.0 SQL injection Vulnerability

Title: Covid 19 Travel Pass Management System v1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15308/covid-19-travel-pass-management-system-phpoop-free-source-code.html Reference:...

Alkacon OpenCms Exposes JSP Source Code

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

GHSA-C5VW-342H-X5RX Alkacon OpenCms Exposes JSP Source Code

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

Improper Input Validation in Mortbay Jetty

jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...

Mortbay Jetty Discloses JSP Source Code

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash %5C characters. NOTE: this might be the same issue as CVE-2006-2758...

GHSA-CWQ3-QP8V-W8Q3 Mortbay Jetty Discloses JSP Source Code

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash %5C characters. NOTE: this might be the same issue as CVE-2006-2758...

Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

GHSA-8V5P-2CPV-C2X6 Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

Apache Tomcat Source Code Disclosure

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

GHSA-JXCV-V856-J5VG Apache Tomcat Source Code Disclosure

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

Jakarta Tomcat Directory Listing vulnerability

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character...

Amazon Linux 2 : gcc10, gcc (ALAS-2022-1784)

The version of gcc installed on the remote host is prior to 7.3.1-14. The version of gcc10 installed on the remote host is prior to 10.3.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1784 advisory. A flaw was found in the way Unicode standards are implemented ...

Lapsus$ Hackers Stole T-Mobile’s Source Code and Systems Data

By Deeba Ahmed T-Mobile has acknowledged the breach which occurred before police arrested some of the Lapsus$ members last month. The… This is a post from HackRead.com Read the original post: Lapsus$ Hackers Stole T-Mobiles Source Code and Systems Data...