CVE-2023-34111 Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...

CVE-2023-34111

The CVE-2023-34111 entry concerns a command-injection in the taosdata/grafanaplugin Release PR Merged GitHub Action workflow. Insecurely passing the PR title via ${{ github.event.pull_request.title }} into a bash command allows an attacker to execute arbitrary code within the workflow context, po...

CVE-2023-34111

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...

PT-2023-24683 · Unknown · Taosdata/Grafanaplugin

Name of the Vulnerable Software and Affected Versions: taosdata/grafanaplugin affected versions not specified Description: The issue concerns a command injection vulnerability in the Release PR Merged workflow. This vulnerability allows for arbitrary code execution within the GitHub action contex...

Exploit for Cross-site Scripting in Ourphp

PoC exploit for CVE-2023-30212, a Cross-Site Scripting XSS vul...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

Design/Logic Flaw

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

KaiOS 命令注入漏洞

KaiOS is an application software. application for smart feature phones. A security vulnerability exists in KaiOS version 3.0 prior to KaiOS 3.1, which stems from the server accepting arbitrary Bash commands and executing them as root, which can be exploited by an attacker to compromise the system...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

PT-2023-24275 · Kaios · Kaios

Name of the Vulnerable Software and Affected Versions: KaiOS versions 3.0 through 3.0 Description: An issue was discovered in the /system/bin/tctweb server binary, which exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:2203-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2203-1 advisory. - Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : helm (SUSE-SU-2023:2179-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2179-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

A Linux Bash script to discover the netblocks, or ranges, in CIDR notation owned by the target organization during the intelligence gathering phase of a penetration test. This information is maintained by the five Regional Internet Registries RIRs: ARIN North America RIPE Europe/Asia/Middle East...

Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Vulnerability

Exploit Title: Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Date: 2023/04/22 Exploit Author: msd0pe Vendor Homepage: https://www.arcsoft.com/ My Github: https://github.com/msd0pe-1 Arcsoft PhotoStudio: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto |...

wip 命令注入漏洞

wip is a simple WIP Github operation written in Bash by the German individual developer Michael Gasch. A command injection vulnerability exists in versions prior to wip v2, which stems from string interpolation leading to a command injection vulnerability...

Exploit for Download of Code Without Integrity Check in Dlink Dnr-322L_Firmware

CVE-2022-40799 Title: D-Link DNR-322L - Authenticated Remote...

Security Bulletin: IBM System Networking Products not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)

Summary IBM System Networking Products are not vulnerable to the Bash vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and the two memory corruption vulnerabilities. Vulnerability Details Abstract IBM System Networking Products are not vulnerable to the Bash vulnerabilitie...

Security Bulletin: Vulnerability in bash affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-9401)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in bash. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in bash. Vulnerability Details CVEID: CVE-2016-9401 Description: GNU Bas...

Security Bulletin: Vulnerabilities in bash affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in bash. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in bash. Vulnerability Details: CVEID: CVE-2014-6277 Description: GN...

Unix Command Shell, Reverse SCTP (via socat)

Creates an interactive shell via socat Module Options msf use payload/cmd/unix/reversesocatsctp msf payloadreversesocatsctp show actions ...actions... msf payloadreversesocatsctp set ACTION msf payloadreversesocatsctp show options ...show and set options... msf payloadreversesocatsctp run This...