Exploit for Unrestricted Upload of File with Dangerous Type in Embedthis Goahead

Goahead webserver pre v5.1.5 RCE PoC CVE-2021-42342 A rec...

If newRatio > ibRatio after a settlement the protocol could lose its funds.

Handle tensors Vulnerability details Suppose that after a certain settleAuction call we have that newRatio ibRatio. I don't see any reason why this couldn't be possible, going through the math and solving for this condition we can see that: if b ibRatio then newRatio ibRatio assuming...

Medium: curl

Issue Overview: A flaw was found in curl in the way curl handles a file hash mismatch after downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to trick users into downloading malicious content. The highest threat from this vulnerability ...

CVE-2021-39458

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...

Apache Airflow 访问控制错误漏洞

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored. Apache Airflow is vulnerable to an authorization issue that stems from a lack of authorization protection on the product's...

Yakamara Media Redaxo CMS 安全漏洞

Yakamara Media Redaxo CMS is Yakamara Media organization of a set of open source Web portal content management system . The system supports custom modules, plugin extensions, project backups and more. A security vulnerability exists in Yakamara Media Redaxo CMS version 5.12.1, which originates fr...

nodejs-lodash: command injection via template

A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables...

CvxLocker.setBoost wrong validation

Handle cmichel Vulnerability details Vulnerability Details The CvxLocker.setBoost function does not validate the max, rate parameters, instead it validates the already set storage variables. // @audit this is checking the already-set storage variables, not the parameters requiremaximumBoostPaymen...

PT-2021-6359 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 97.0.4692.71 Description: The issue is related to an inappropriate implementation in the File System API of Google Chrome on Windows, allowing a remote attacker to obtain potentially sensitive information via a...

Qualcomm 芯片 缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a buffer error vulnerability that...

CVE-2021-28559

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...

Information disclosure

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...

CVE-2021-28559 Adobe Acrobat Reader privacy violation vulnerability could lead to privilege escalation

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...

Path Traversal in yogeshojha/rengine

✍️ Description Local File Inclusion through Path Traversal 🕵️‍♂️ Proof of Concept While logged in into a Rengine instance, go to /api/getFileContents/?nucleitemplate&name=../../../../../../../../etc/passwd. The contents of /etc/passwd are included into the response. 💥 Impact This vulnerability is...

CVE-2021-35223

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution...

Remote code execution

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution...

CVE-2021-35223 Execute Command Function Allows Remote Code Execution (RCE)Vulnerability

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution...

GHSA-88F9-7XXH-C688 Cachet configuration leak

Impact Authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. Patches This issue was addressed by improving UpdateConfigCommandHandler and...

CVE-2021-39174

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...

Default configuration

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...