CVE-2021-32742

Vapor (Swift) vulnerability: In versions 4.47.1 and earlier, a bug in Data.init(base32Encoded:) can expose server memory or cause Denial of Service when untrusted data is processed. Vapor itself does not use this function, so impact arises only if applications call the impacted function directly ...

The vulnerability of the Icinga Web2 PHP framework allows a hacker to gain access to arbitrary files.

The vulnerability of the PHP framework Icinga Web2 exists due to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to arbitrary files that can be read by the Icinga Web2 process...

[SECURITY] Fedora 34 Update: python-fastapi-0.65.2-1.fc34

FastAPI is a modern, fast high-performance, web framework for building AP Is with Python 3.6+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with Node JS and Go thanks to Starlette and Pydantic. One of the fastest Python...

[SECURITY] [DSA 4929-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4929-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2021 https://www.debian.org/security/faq -...

CVE-2021-32677

CVE-2021-32677 affects FastAPI

CVE-2021-32677

FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. I...

Microsoft ASP.NET Core 输入验证错误漏洞

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. An input validation error vulnerability exists in Microsoft ASP.NET...

CVE-2021-32645

Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the...

Fedora: Security Advisory for python-databases (FEDORA-2021-e7fabd81fb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: python-fastapi-0.65.1-2.fc34

FastAPI is a modern, fast high-performance, web framework for building AP Is with Python 3.6+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with Node JS and Go thanks to Starlette and Pydantic. One of the fastest Python...

Laravel has a directory traversal vulnerability

Laravel is a free and open source PHP web framework created by Taylor Otwell, designed to implement the MVC architecture of web software and serve as an alternative to CodeIgniter. Laravel suffers from a directory traversal vulnerability that can be exploited by an attacker to obtain sensitive...

[SECURITY] Fedora 34 Update: python-django-3.1.9-1.fc34

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Cross-Site Request Forgery in Vert.x-Web framework

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...

Command execution vulnerability in jfinal framework

jfinal is based on the Java language of the very fast WEB + ORM framework. A command execution vulnerability exists in the jfinal framework. An attacker can exploit this vulnerability to gain server privileges...

CVE-2021-21416 Potential sensitive information disclosed in error reports

django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters...

[SECURITY] Fedora 34 Update: python-django-3.1.7-1.fc34

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 32 Update: python-django-3.0.13-1.fc32

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Fedora: Security Advisory for python-django (FEDORA-2021-1bb399a5af)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Exploit for Improper Restriction of XML External Entity Reference in Apache Solr

注意: 切勿利用本工具对未授权的网站进行非法攻击。由此产生的法律后果由使用者自行承担!!! AttackWebFrameworkTools 1.0 2021-03-06 AttackWebFrameworkTools For RedTeam 更新状态日志: 2021-03-06 新增DVR 摄像头exp 新增Nexus Repository Manager exp。修改默认线程数为20。增加超时时间。增加界面显示shell的路径。修复cookie bug 2021-03-03 修复某些类延时时间过短导致漏洞检测不准确。下一个版本将调整默认线程数字预计是20或者10 2021-02-27 ...

Henriquedornas Cross-Site Scripting Vulnerability

Henriquedornas is a web framework from Henriquedornas Brazil. Provides a framework for building websites. A cross-site scripting vulnerability exists in Henriquedornas that stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerabilit...