95 matches found
Gogs allows deletion of internal files
Impact Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUNUSER in the configuration. It allows attackers to access and alter any users' code hosted on the same instance. Patches Deletion of .git files has been prohibit...
RHEL 6 : spamassassin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: Local user code injection in the meta rule syntax CVE-2018-11781 - A denial of service...
Sven gopeak masterlab code issue vulnerability
Sven gopeak masterlab is a Sven open source application. Provides simple and efficient , agile development based project management tools . Sven gopeak masterlab version 3.3.10 and earlier versions of the code problematic vulnerability , the vulnerability stems from app/ctrl/User.php...
CVE-2023-30588
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key inf...
PT-2023-9258
Name of the Vulnerable Software and Affected Versions Gogs versions through 0.13.0 Description The issue is related to argument injection during the previewing of changes, which can allow a remote attacker to execute arbitrary commands. Unprivileged user accounts can write to arbitrary files on t...
K27228191: Node.js vulnerability CVE-2018-7159
Security Advisory Description The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the...
znfit Home improvement ERP management system SQL注入漏洞
znfit Home improvement ERP management system is a home ERP management system from znfit Shanghai, China. A security vulnerability exists in znfit Home improvement ERP management system version V5020220207, v42. An attacker exploited the vulnerability to execute arbitrary sql commands via the...
The vulnerability of Websoft HCM’s automation software for HR processes stems from errors in filtering user code within the XML tag processor. This allows attackers to execute arbitrary code.
The vulnerability of Websoft HCM’s automation software for HR processes is related to errors in filtering user code within the XML tag handler. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2022-39382
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
Design/Logic Flaw
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/email protected || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what you...
MyAdmin 安全漏洞
MyAdmin is a backend management system for cdfan personal developers. A security vulnerability exists in MyAdmin v1.0, which stems from an incorrect access control vulnerability when viewing the Personal Center in /api/user/userData?userCode=admin...
Rockwell Automation Logix Controllers 安全漏洞
Rockwell Automation Logix Controllers is a high-performance control platform from Rockwell Automation. Use this single platform to perform sequence, process, drive, or motion control in any combination. A security vulnerability exists in Rockwell Automation Logix Controllers that originates from...
HMA VPN 5.3 - Unquoted Service Path Vulnerability
Exploit Title: HMA VPN 5.3 - Unquoted Service Path Exploit Author: Saud Alenazi Vendor Homepage: https://www.hidemyass.com/ Software Link: https://www.hidemyass.com/en-us/downloads Version: 5.3.5913.0 Tested: Windows 10 Pro x64 es C:\Users\saudhsc qc HmaProVpn SC QueryServiceConfig SUCCESS...
CVE-2021-3726
Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...
Format string
Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...
CVE-2021-3726
This CVE affects Oh My Zsh: the vulnerable component is the title function in lib/termsupport.zsh, which uses print to set the terminal title from a user-supplied string. The root cause is unsafe handling of a user-provided value within this function, potentially enabling a vulnerability through ...
Vulnerabilities fixed in Wind River Linux
Vulnerabilities have been fixed in Wind River Linux. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Netgear Genie 2.4.64 Unquoted Service Path
Exploit Title: Netgear Genie 2.4.64 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 2.4.64 Date: 23.10.2021 Vendor Homepage: https://www.netgear.com/ Tested on: Windows 10 C:\Users\Mertsc qc NETGEARGenieDaemon SC QueryServiceConfig SUCCESS SERVICENAME: NETGEARGenieDaemon TYPE : 10...
Description of the security update for SharePoint Server 2019: August 10, 2021 (KB5002000)
Description of the security update for SharePoint Server 2019: August 10, 2021 KB5002000 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see the Microsoft Common Vulnerabilities and Exposures CVE-2021-36940. Note: ...
Eaton Intelligent Power Manager Eval Injection Vulnerability
Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...