Eclipse Jetty Access Control Error Vulnerability (CNVD-2021-27376)

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty versions 9.4.32 through 9.4.38, 10.0.0.beta2 through 10.0.1, and 11.0.0.beta2 through 11.0.1, which originates from the fact that if a us...

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

DEBIAN-CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

UBUNTU-CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

Eclipse Jetty 后置链接漏洞

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty versions 9.4.32 through 9.4.38, 10.0.0.beta2 through 10.0.1, and 11.0.0.beta2 through 11.0.1, which originates from the fact that if a us...

Regis Inventory And Monitoring System 1.0 - (Item List) Stored XSS Vulnerability

Title: Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regisinventory.zip Version : 1.0.0 Tested on: Kali Linux 2020.4...

Regis Inventory And Monitoring System 1.0 Cross Site Scripting

Title: Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS Exploit Author: George Tsimpidas Date: 2021-03-25 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regisinventory.zip Version : 1.0.0 Tested on: Ka...

Cross site scripting

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

UBUNTU-CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

CVE-2020-24899

Nagios XI 5.7.2 is affected by a remote code execution RCE vulnerability. An authenticated user can inject additional commands into normal webapp query...

CVE-2020-24899

Nagios XI 5.7.2 is affected by a remote code execution RCE vulnerability. An authenticated user can inject additional commands into normal webapp query...

Remote code execution

Nagios XI 5.7.2 is affected by a remote code execution RCE vulnerability. An authenticated user can inject additional commands into normal webapp query...

CVE-2020-24899

Nagios XI 5.7.2 is affected by a remote code execution RCE vulnerability. An authenticated user can inject additional commands into normal webapp query...

Nagios XI和Nagios 命令注入漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. A remote code execution vulnerability exists in Nagios XI 5.7.2. An attacker can exploit this vulnerability to inject commands into a...

h1-ctf: [H1 hackyholidays] CTF Writeup

Hello team, Here is my CTF writeup for HackyHolidays. Main page The main page doesn't contain any interesting stuff, just a few assets. Maybe we will find some known files in webapp root: index.php, .htaccess, robots.txt, ...? robots.txt file exists, and there is the first flag: User-agent:...

Apache Tapestry Information Disclosure (CVE-2020-13953)

An information disclosure vulnerability exists in Apache Tapestry. This vulnerability is due to URL manipulation that allows Java webapp files inside WEB-INF to be listed and downloaded...

CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...