7 matches found
EUVD-2002-0169
Malware in sbrugna...
CVE-2022-28802
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's...
Privilege Escalation
github.com/pipe-cd/pipecd is vulnerable to Insecure Permissions. The vulnerability is due to insecure permissions, which allow attackers to access the service account's token and escalate privileges...
CVE-2024-53350
Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges...
Zapier 安全漏洞
Zapier is a product of Zapier, Inc. that allows end users to integrate the We b applications they use and automate workflows. A security vulnerability exists in versions of Zapier prior to 2022-08-17 that stems from code written to allow in-account privilege escalation. An attacker exploited the...
HackerOne: Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs
Hello, Hope you are doing well, SUMMARY -In hackerone user doesn't have permission to do any action like "disclosing/undiclosing" in disclosed report. -Here user can send the "cancel-disclosure-request" request to the server and server accepts the request gave 200ok response with ""flash":"The...
用友软件旗下一网站存在一个Struts2漏洞可拿服务器
简要描述: 用友软件旗下一网站存在一个Struts2漏洞可拿服务器。主要因为漏洞不及时打上,账户权限过大。 详细说明: 今天闲来无事,在网上随意点了几下,发下了个漏洞。 存在漏洞的网址:http://pu.yonyouup.cn/login!loginIndexPage.action 漏洞证明: 首先,这是存在漏洞的网页:http://pu.yonyouup.cn/ 点进去后,会跳转到http://pu.yonyouup.cn/login!loginIndexPage.action ,于是我就猜想,是不是存在Struts2漏洞呢?就试了一下。 结果如图:...