CVE-2024-6829

CVE-2024-6829 affects aimhubio/aim 3.19.3. The vulnerability arises in tarfile.extractall(), allowing an attacker-controlled tarfile to be extracted to arbitrary locations on the host by manipulating repo.path and run_hash. This bypasses directory existence checks and can result in arbitrary file...

CVE-2025-1799

A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function previewAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument data leads to server-side request forgery. It is possible to initiate the attack...

Malicious Package

Overview sae-viewer is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

CVE-2023-1971

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

log4j CVE-2021-44228 + polkit CVE-2021-4034 Vulnerable instan...

Timing Attack

symfony/symfony is vulnerable to timing attack. When checking the signature of an URI an ESI fragment URL for instance, the URISigner did not used a constant time string comparison function, allowing a remote attacker to guess the URI by analyzing the server response time...

Siaberry 1.2.2 - Command Injection Vulnerability

Exploit for hardware platform in category web applications Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying a...

CVE-2014-2903

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Debian Debian_Linux

PoC attack server for CVE-2015-7547 vulnerability in glibc DNS...

QR Tags Can Hide Malicious Links, Experts Warn

QR tags have become the next big thing in interactive marketing. But as smart phone users flock to the trendy, postage-stamp sized bar codes, researchers are warning that they could be used to hijack mobile phones by directing them to malicious Web pages. In a post on the mobile security blog...

CVE-2003-0051

parsexml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter...

CVE-2002-0282

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via 1 a direct request to adduser.php, or via an invalid newlanguage parameter in 2 contents.php, 3 categories.php, or 4 files.php, which leaks the path in an error message...

CVE-2001-0303

tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file...

CVE-2001-0224

Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter...