73 matches found
EUVD-2017-12391
Malware in sbrugna...
CVE-2024-47182
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...
CVE-2023-37260
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...
CVE-2019-6142
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue...
Important: Red Hat Security Advisory: Red Hat Data Grid 8.5.3 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2024-47182 Dozzle uses unsafe hash for passwords
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...
PT-2024-32464 · Dozzle +1 · Dozzle +1
Name of the Vulnerable Software and Affected Versions: Dozzle versions prior to 8.5.3 Description: The issue concerns the use of an insecure hash for passwords. Specifically, the app uses sha-256, which is susceptible to rainbow table attacks due to its design as a fast message digest hash. This...
Atlassian Confluence < 8.5.3 - Remote Code Execution
Exploit Title: CVE-2023-22527: Atlassian Confluence RCE Vulnerability Date: 25/1/2024 Exploit Author: MaanVader Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://www.atlassian.com/software/confluence Version: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3 Teste...
Exploit for Injection in Atlassian Confluence_Data_Center
Project Introduction This project refers to the project of B...
Atlassian Confluence SSTI Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence SSTI Injection', 'Description' = %q This module exploits an SSTI injection in Atlassian Confluence servers. A specially...
Atlassian Confluence SSTI Injection
This module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. Module Options msf use...
Atlassian Confluence 7.19.x < 7.19.16 / 8.3.x < 8.5.3 / 8.6.x < 8.6.1 (CONFSERVER-93163)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93163 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploit...
CVE-2023-46753 affecting package frr for versions less than 8.5.3-3
CVE-2023-46753 affecting package frr for versions less than 8.5.3-3. A patched version of the package is available...
CVE-2023-46752 affecting package frr for versions less than 8.5.3-3
CVE-2023-46752 affecting package frr for versions less than 8.5.3-3. A patched version of the package is available...
CVE-2023-41360 affecting package frr for versions less than 8.5.3-2
CVE-2023-41360 affecting package frr for versions less than 8.5.3-2. An upgraded version of the package is available that resolves this issue...
CVE-2023-41359 affecting package frr for versions less than 8.5.3-2
CVE-2023-41359 affecting package frr for versions less than 8.5.3-2. An upgraded version of the package is available that resolves this issue...
CVE-2023-37260 league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...
Cross site scripting
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
PT-2022-24576 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: Zkteco BioTime versions prior to 8.5.3 Build:20200816.447 Description: The issue concerns Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can exploit XSS into a pdf generator when exporting data as a PDF to...
Fortinet FortiWLC安全漏洞
The Fortinet FortiWLC is a wireless LAN controller from Fortinet, Inc. A security vulnerability exists in FortiWLC that originates from a boundary error in the FortiWLC command line interface, which allows a local user to run specially crafted CLI commands to trigger a stack-based buffer overflow...