4200 matches found
python: urllib: Regular expression DoS in AbstractBasicAuthHandler
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...
CVE-2020-20645
Cross Site Scripting XSS vulnerability exists in EyouCMS1.3.6 in the basicinformation area...
EyouCMS 跨站脚本漏洞
EyouCMS is an open source content management system CMS based on ThinkPHP.EyouCMS has a cross-site scripting vulnerability in version 1.3.6, which stems from a lack of validation of user input data and filtering of input data in the basicinformation area. An attacker could use this vulnerability ...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.4 release and security update
A minor version update from 1.3 to 1.4 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...
[ASA-202108-9] lynx: information disclosure
Arch Linux Security Advisory ASA-202108-9 ========================================= Severity: High Date : 2021-08-10 CVE-ID : CVE-2021-38165 Package : lynx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2261 Summary ======= The package lynx before version...
Sourcecodester Basic Shopping Cart SQL Injection Vulnerability
SourceCodester Basic Shopping Cart is a Web application from SourceCodester USA. The program allows visitors to your online shopping site to collect items in a virtual shopping cart through multiple product pages without losing ordered items. A SQL injection vulnerability exists in SourceCodester...
Cerbrutus - Network Brute Force Tool, Written In Python
Modular brute force tool written in Python, for very fast password spraying SSH, and FTP and in the near future other network services. COMING SOON: SMB, HTTPs POST, HTTPs GET, HTTP BASIC AUTH Thanks to @0dayctf, Rondons, Enigma, and 001 fortesting and contributing Installation: cd /opt git clone...
Improper Privilege Management in amirsanni/mini-inventory-and-sales-management-system
💥 BUG unprivileged user can add item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ So, user-B cant add new item.\ 2. Now goto user-B account and here user-B cant see...
CVE-2020-20699
A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...
SourceCodester Basic Shopping Cart SQL注入漏洞
SourceCodester Basic Shopping Cart is a Web application from SourceCodester USA. The program allows visitors to your online shopping site to collect items in a virtual shopping cart through multiple product pages without losing ordered items. A SQL injection vulnerability exists in SourceCodester...
S-CMS 跨站脚本漏洞
S-CMS 3.0 has a cross-site scripting vulnerability, which can be exploited by attackers via the "Copyright" text box under "Basic Settings" to execute arbitrary Web scripts or HTML. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the "Copyright" text box under "Bas...
CVE-2021-34165
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin...
CVE-2021-34165
CVE-2021-34165 details a SQL Injection vulnerability affecting the Sourcecodester Basic Shopping Cart 1.0. The vulnerability allows a remote attacker to bypass authentication and become an administrator. According to NVD metrics, the issue has high/critical impact (CVSS v3.1: 9.8) with network ac...
S-CMS Cross-Site Scripting Vulnerability (CNVD-2021-58258)
S-CMS 3.0 has a cross-site scripting vulnerability, which can be exploited by attackers via the "Copyright" text box under "Basic Settings" to execute arbitrary Web scripts or HTML. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the "Copyright" text box under "Bas...
ElasticSearch 7.13.3 - Memory disclosure
Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...
Ubuntu 16.04 ESM : systemd vulnerabilities (USN-5013-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5013-2 advisory. USN-5013-1 fixed several vulnerabilities in systemd. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the...
Sensitive Data Exposure
Overview The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...
GHSA-RQJW-P5VR-C695 Basic-auth app bundle credential exposure in gatsby-source-wordpress
Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...
Basic-auth app bundle credential exposure in gatsby-source-wordpress
Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...
CVE-2021-32770
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...