7821 matches found
Code injection
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...
Improper Authentication
github.com/treeverse/lakefs is vulnerable to Improper Authentication. The vulnerability is due to the NewSecureString function in securestring.go lacking the security measures handle environment variables. Specifically, it directly accesses environment variables using os.LookupEnv without any for...
BeyondTrust Privilege Management Security Vulnerability
BeyondTrust Privilege Management is the BeyondTrust Privilege Management tool for Windows and Mac SaaS from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privilege Management Windows versions prior to 5.6 SR2, which stems from a vulnerability that allows an attacker to bypass so...
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2023-3296)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PYSEC-2023-292
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...
ownCloud Phpinfo Reader Exploit
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...
Information Disclosure
microsoft/microsoft-graph is vulnerable to Information Disclosure. The vulnerability exists in the phpinfo function of GetPhpInfo.php, allowing an attacker to access unauthorized system information such as configuration details, modules, and environment variables. This vulnerability is only...
CVE-2023-49291
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The tj-actions/branch-names GitHub Actions improperly references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variab...
Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Graphics Component msgraph-sdk-php that originates from a vulnerability that allows an attacker to craft HTTP requests to be able to access syste...
Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Graphics Component microsoft-graph-core that originates from a vulnerability that allows an attacker to craft HTTP requests to be able to access...
GHSA-WJ7F-468M-6MV8 Environment variables still accessible through /proc
Impact Environment variables can be read from procfs unless a new process is started. PoC use birdcage::Birdcage, Sandbox; use std::env, fs; fn main Birdcage::new.lock.unwrap; asserteq!env::varos"SECRET", None; let environ = fs::readtostring"/proc/self/environ".unwrap;...
CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API
Rapid7 is responding to CVE-2023-49103, an unauthenticated information disclosure vulnerability impacting ownCloud. Background ownCloud is a file sharing platform designed for enterprise environments. On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosu...
PT-2023-33066 · Birdcage · Birdcage
Name of the Vulnerable Software and Affected Versions: birdcage affected versions not specified Description: The issue allows environment variables to be read from procfs unless a new process is started. This can be demonstrated through a proof of concept that shows how a secret environment...
Joomla! 1.6.0 - 4.4.0, 5.0.0 Information Disclosure Vulnerability
Joomla! is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...
CVE-2023-40626
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...
CVE-2023-40626
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...
Information disclosure
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...
CVE-2023-40626 [20231101] - Core - Exposure of environment variables
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...
CVE-2023-40626
CVE-2023-40626 concerns Joomla! information disclosure via the language file parsing process, which can be manipulated to expose environment variables. The vulnerability affects Joomla! instances that self-report as vulnerable versions (e.g., Joomla! 5.x prior to 5.0.1 and 1.6.x prior to 4.4.1) p...
Joomla CMS Security Vulnerability
Joomla is an open source, cross-platform content management system CMS developed by the US Open Source Matters team using PHP and MySQL. A security vulnerability exists in Joomla CMS versions 1.6.0 through 4.4.0, and 5.0.0. The vulnerability stems from the fact that an attacker can disclose...