Oracle Linux 8 : subversion:1.10 (ELSA-2020-4712)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4712 advisory. - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request...

GHSA-9832-MGG4-3GR6 Apache Superset has improper default REST API permission for Gamma users

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

CVE-2023-39264 Apache Superset: Stack traces enabled by default

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0...

CVE-2023-40743

Apache Axis 1.x is affected by CVE-2023-40743 due to unsafe handling in ServiceFactory.getService, which can enable DoS, SSRF, and remote code execution when untrusted input is used. The issue arises from LDAP-like lookups via the API. Mitigation is to migrate to a maintained SOAP engine (e.g., A...

CVE-2023-41180

CVE-2023-41180 affects Apache NiFi MiNiFi C++: InvokeHTTP in versions 0.13 to 0.14 has incorrect certificate validation, allowing an intermediary to present a forged certificate during TLS handshake because the Disable Peer Verification setting was effectively flipped, disabling verification by d...

CVE-2023-40567

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the cleardecompressbandsdata function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds...

CVE-2023-40188

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalLumaToYUV444 function. This Out-Of-Bounds Read occurs because processing is done on the in variable without checking if it...

CVE-2023-40188

CVE-2023-40188 affects FreeRDP (freerdp2) and is caused by an Out-Of-Bounds Read in the general_LumaToYUV444 function when processing the in buffer without sufficient length validation. Affected versions are addressed in 2.11.0 and 3.0.0-beta3; upgrading to these or later versions is advised. Con...

Apache Airflow code execution vulnerability (CNVD-2023-85614)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow Spark Provider, which can b...

Apache NiFi H2 Connection String Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache NiFi H2 Connection String Remote Code Execution', 'Description' = %q The DBCPConnectionPool and HikariCPConnectionPool Controller Services...

Apache NiFi H2 Connection String Remote Code Execution Exploit

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells 5-7. Successfully test...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP request splitting attacks due to an error using modproxy as described in the vulnerability details section. IBM i has addressed the vulnerability by providing a fix to the Apache HTTP Server implementation as described in t...

Internet Bug Bounty: CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE

Apache Airflow Spark Provider before 4.1.3 was affected by a deserialization vulnerability that allowed remote code execution RCE. Attackers could exploit this vulnerability by configuring a malicious Spark server address through the Airflow UI, which would then manipulate the PySpark clients...

GHSA-8Q28-PW9G-W82C Apache Airflow vulnerable arbitrary code execution via Spark server

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

CVE-2023-40195

CVE-2023-40195 describes a deserialization-based RCE in the Apache Airflow Spark Provider. When the Spark provider is installed, an Airflow user authorized to configure Spark hooks can point a Spark client at a malicious Spark server, allowing arbitrary Java method execution on the Airflow node v...

Exploit for Path Traversal in Apache Http_Server

🚨 CVE-2021-42013 - Apache 2.4.49 & 2.4.50 Remote Code Executio...

Uvdesk 1.1.4 - Stored XSS (Authenticated) Vulnerability

Exploit Title: Uvdesk 1.1.4 - Stored XSS Authenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.uvdesk.com/ Software Link: https://github.com/MegaTKC/AeroCMS Version: 1.1.4 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64...

Uvdesk 1.1.4 - Stored XSS (Authenticated)

Exploit Title: Uvdesk 1.1.4 - Stored XSS Authenticated Date: 14/08/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.uvdesk.com/ Software Link: https://github.com/MegaTKC/AeroCMS Version: 1.1.4 Testeted on: Windows 10 using XAMPP,...

Apache Airflow missing Certificate Validation

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepte...

Apache XML Graphics Batik Server-Side Request Forgery vulnerability

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...