PYSEC-2022-42971

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's /confirm endpoint...

PYSEC-2022-42971

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's /confirm endpoint...

Open redirect

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's /confirm endpoint...

CVE-2022-43985 Apache Airflow prior to 2.4.2 has an open redirect

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's /confirm endpoint...

PT-2022-27055 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.2 Description: The issue is related to an open redirect in the webserver's "/confirm" endpoint. Recommendations: For versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue...

CVE-2022-43985 Apache Airflow prior to 2.4.2 has an open redirect

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's /confirm endpoint...

CVE-2022-43985

In Apache Airflow, versions prior to 2.4.2 contain an open redirect in the webserver’s /confirm endpoint. Affected component is the Airflow webserver; root cause is an open redirect path in /confirm. The practical impact is an open redirect vulnerability (no exploitation details provided in the s...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 PoC Test Application This is a vulnerable appli...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

Design/Logic Flaw

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

PT-2022-7851

Name of the Vulnerable Software and Affected Versions MVPower CCTV DVR models, including TV-7104HE version 1.8.4 115215B9 and TV7108HE, versions from 2014 through 2019 Description The issue allows a remote unauthenticated attacker to execute arbitrary operating system commands as root via a web...

CVE-2016-20016

CVE-2016-20016 affects MVPower CCTV DVR models (e.g., TV-7104HE 1.8.4 115215B9 and TV7108HE). The flaw is a web shell accessible via a /shell URI that lets a remote unauthenticated attacker execute arbitrary OS commands as root. Public sources (NVD, Red Hat advisories, CVE lists) confirm the vuln...

Zentao Project Management System 17.0 Remote Code Execution Exploit

Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution Exploit Author: mister0xf Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit Tested Using: Python...

Siemens Desigo PXM Devices

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo PXM Devices Vulnerabilities: OS Command Injection, Exposure of Sensitive Information to an Unauthorized Actor, Cross-Site Scripting, Cross-Site Request Forgery, Improper...

GHSA-VH7G-P26C-J2CW Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code

Impact Dex instances with public clients and by extension, clients accepting tokens issued by those Dex instances are affected by this vulnerability. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the...

[SECURITY] [DSA 5243-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5243-1 [email protected] https://www.debian.org/security/ Helmut Grohne September 28, 2022 https://www.debian.org/security/faq -...

Open Redirect

apacheairflow is vulnerable to open redirect attacks. The vulnerability exists in confirm function of views.py because of an open redirect in the webserver's confirm endpoint which allows an attacker to provide malicious URLs...

GHSA-4FG5-J4MM-WFPG Apache Airflow contains open redirect

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...