515 matches found
GHSA-6XF3-5HP7-XQQG Improper token validation leading to code execution in Teleport
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...
CVE-2022-36633
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...
CVE-2022-36633
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...
Command injection
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...
CVE-2022-36633
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...
Teleport 9.3.6 Command Injection
Description:Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user i...
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
Impact Access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Patches - v20.12.7 LTS - v21.12.2 LTS - v22.6.1 References https://github.com/sanic-org/sanic/issues/2478 https://github.com/sanic-org/sanic/pull/2495 For more...
Improper handling of parameter lead to listing any directory
Description In file-manager/list API, the server does not handling path parameters properly lead to allow listing any directory. To exploit, use double URL encoding to bypass filter. Proof of Concept GET /demo/api/file-manager/list?path=%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/...
Gshell - A Flexible And Scalable Cross-Plaform Shell Generator Tool
A simple yet flexible cross-platform shell generator tool. Name: GGreat Shell Description: A cross-platform shell generator tool that lets you generate whichever shell you want, in any system you want, giving you full control and automation. If you find this tool helpful, then please give me a...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 CVE-2021-41773 According to The National Vulne...
Cross-site Scripting in Apache Sling XSS Protection API
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImplgetValidHref and org.apache.sling.xss.impl.XSSFilterImplisValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API...
grafana: directory traversal vulnerability
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...
Exposure of Sensitive Information in Apache Tomcat
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
Reflected XSS
Description Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice Proof of Concept Enter this url :...
RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack
A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...
CVE-2021-31932
Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...
Authentication flaw
Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...
CVE-2021-31932
Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🤝 Show your support - give a ⭐️ if you liked the content | SHARE...
CVE-2021-43813 Directory Traversal in Grafana
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...