78 matches found
GHSA-H24P-QWF4-84Q8 Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3...
Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3...
Code injection
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...
CVE-2021-25976 Piranha CMS - Site-wide Cross-Site Request Forgery (CSRF)
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery CSRF when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known...
com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2021-37137 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)
io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2021-37137 Source advisory: OSV:GHSA-9VJP-V76F-G363...
CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...
user/group information can be corrupted across storing in fsimage and reading back from fsimage
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage...
Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's...
br.jus.stf.digital:core (>=2.0.0 <=2.3.1), cloud.altemista.fwk.microservices:cloud-altemistafwk-core-microservices-zipkin-conf (>=3.0.0.RELEASE <=3.0.1.RELEASE) +983 more potentially affected by CVE-2019-10184 via io.undertow:undertow-servlet (>=1.0.0.Alpha1 <=2.0.22.Final)
io.undertow:undertow-servlet MAVEN version =1.0.0.Alpha1, =2.0.0, =3.0.0.RELEASE, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.1.4-jdk1.8-RELEASES, =0.0.4, =0.2.7, =0.0.1, =0.0.1, =0.0.1, =0.2.0, =0.7.0 and more Source cves: CVE-2019-10184 Source advisory: OSV:GHSA-W69W-JVC7-WJGV...
GHSA-99QR-9CC9-FV2X Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...
Apache Hadoop Privilege Escalation Vulnerability (Jun 2017)
Apache Hadoop is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:hadoop"; i...
Yaqas CMS Alpha1 Information Disclosure
TITLE ....... Yaqas CMS Alpha1 Information Disclosure .................................... DATE ........ 25.03.2012 .......................................... AUTOHR ...... http://hauntit.blogspot.com ......................... SOFT LINK ... YAQAS - Yet Another Question & Answer System @ google...
ext10-lfi.txt
ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...
ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure
ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...
CVE-2007-2285
CVE-2007-2285 affects the Ext JS example component: layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1. The vulnerability is a directory traversal that allows a remote attacker to read arbitrary files by manipulating the feed parameter via "..". Public sources confirm the same description across...
Ext 1.0 (feed-proxy.php feed) Remote File Disclosure Vulnerability
No description provided by source. ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...
Ext 1.0 - 'feed-proxy.php?feed' Remote File Disclosure
ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...
Ext 1.0 - feed-proxy.php?feed Remote File Disclosure
Ext 1.0 - feed-proxy.php?feed Remote File Disclosure ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In...