Monsta FTP downloadFile Remote Code Execution

This module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions use exploit/multi/http/monstaftpdownloadfilerce msf exploitmonstaftpdownloadfilerce show targets ...targets... msf exploitmonstaftpdownloadfilerce set TARGET msf exploitmonstaftpdownloadfilerce sho...

CVE-2022-34158

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

GHSA-G3RQ-G295-4J3M Regular Expression Denial of Service (ReDoS) in Jinja2

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiti...

Jinja2 Resource Management Error Vulnerability

Jinja2 is a Python based template engine. It has full Unicode support and provides an optional sandboxed template execution environment. A resource management error vulnerability exists in jinja2 from 0.0.0 and before 2.11.3, which stems from a ReDOS vulnerability in regex...

SAP Cloud Connector Code Injection Vulnerability

SAP Cloud Connector is a connector for connecting to the SAP Cloud Platform from SAP Germany. A code injection vulnerability exists in SAP Cloud Connector versions prior to 2.11.3, which can be exploited by a remote attacker to execute the injected code and compromise the operation of the...