Arbitrary File Download Vulnerability in Shopping System of Beijing Liangjing Zhicheng Technology Co.

Liangjing Mall online store shopping system is a set of multi-functional online store system that can be suitable for different types of commodities, super flexible, three-tier distribution PC+mobile+micro-site, which provides a complete online store solution. There is an arbitrary file download...

Information Exposure

Overview Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. Recommendation Upgrade to version 0.17.6 or later...

Source Code Passive Disclosure

Scanner has detected server-side source code within the server's response. A modern web application will be reliant on several different programming languages. These languages can be broken up in two flavours. These are client-side languages such as those that run in the browser -- like JavaScrip...

SilverStripe Versioned Files module Unpublished files are exposed publicly

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

CVE-2019-14366

WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

CVE-2019-14366

WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

CVE-2019-14367

Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

CVE-2019-14365

The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

WP Slacksync < 1.8.6 - Slack Access Token Disclosure

The wpslacksync leaked a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

WP Intercom Slack <= 1.2.2 - Slack Access Token Disclosure

The Intercom plugin through 1.2.2 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

LavaLite CMS 5.7 Cross Site Scripting

Exploit Title: LavaLite CMS - 5.7 - Cross-Site Scripting Date: 09-10-2019 Exploit Author: Ismail Tasdelen Vendor Homepage: https://lavalite.org/ Software Link : https://github.com/LavaLite/cms Software : LavaLite CMS - v 5.7 Version : v 5.7 Vulernability Type : Cross-site Scripting Vulenrability ...

Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory

Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...

ClamAV 0.102.0 - bytecode_vm Code Execution

ClamAV 0.102.0 - bytecodevm Code Execution !/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...

ClamAV &lt; 0.102.0 - &#039;bytecode_vm&#039; Code Execution

!/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...

Sandbox Breakout in realms-shim

Versions of realms-shim prior to 1.2.1 are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the rewriting...

CVE-2019-13410

TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...

CVE-2019-13410

TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...

Information disclosure

TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...

CVE-2019-13410 TOPMeeting version before version 8.8 (2019/08/19) allows an attacker to obtain sensitive information

TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...