CVE-2023-39151

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...

GHSA-GW42-F939-FHVM Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

SUSE-SU-2023:2241-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - CVE-2023-21971: Fixed a crash in MySQL Connectors that could be triggered by an authenticated remote user bsc1211247. - Ship protobuf 3.9.2 compatible generated files to support older distro versions. - Update to 8.0.32: -...

Rukovoditel 3.3.1 - Remote Code Execution (RCE)

Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

Rukovoditel 3.3.1 - Remote Code Execution Vulnerability

Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

SUSE CVE-2014-7819

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

SUSE CVE-2016-4070

Integer overflow in the phprawurlencode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service application crash via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this...

SUSE CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

SUSE CVE-2020-12415

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox 78...

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

CVE-2022-3782

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within t...

Path traversal

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within t...

CVE-2022-3782

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within t...

CVE-2022-3782

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within t...

CVE-2022-3782

CVE-2022-3782 affects Keycloak / Red Hat Single Sign-On: path traversal via double URL encoding due to improper validation of redirect URLs, enabling an attacker to traverse to arbitrary files within the domain when wildcard Redirect URIs are used. Connected sources confirm the issue and indicate...

GHSA-G8Q8-FGGX-9R3Q Keycloak vulnerable to path traversal via double URL encoding

Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks...

CVE-2022-43409

Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...

PT-2022-26893 · Jenkins · Jenkins Pipeline: Supporting Apis Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Supporting APIs Plugin versions 838.va 3a 087b 4055b and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Pipeline: Supporting APIs Plugin does not...

Improper token validation leading to code execution in Teleport

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...