Race condition

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

PT-2022-13939 · Gruntjs +3 · Gruntjs +3

Name of the Vulnerable Software and Affected Versions: GruntJS versions prior to 1.5.3 Description: The issue concerns a TOCTOU Time-of-Check-to-Time-of-Use race condition in file.copy operations. This can lead to arbitrary file writes, potentially resulting in local privilege escalation if a...

CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

Halo path traversal vulnerability

Halo is a personal blogging system for individual developers. A security vulnerability exists in halo version 1.1.3. An attacker can exploit the vulnerability to overwrite some files in a user's directory, such as ftl files, .bashrc files, and eventually gain access to the operating system...

CVE-2020-21522

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system...

Github-Dorks - Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks

Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to ...

Parrot Security 4.3 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.3 is now available for download. This release provides security and stability updates and is the starting point for the plan to develop an LTS edition of Parrot. Linux 4.18 Linux was updated to the 4.18.10 version, and linux 4.19 will be released soon. Firefox 63 Firefox 63 provides...

UCOPIA Wireless Appliance Elevation of Privilege Vulnerability

The UCOPIA Wireless Appliance is a wireless device from the French company UCOPIA. A security vulnerability exists in the restricted administration shell in the UCOPIA Wireless Appliance versions prior to 4.4.20, 5.0.x versions prior to 5.0.19, and 5.1.x versions prior to 5.1.11, which stems from...

CVE-2017-17743

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing th...