13 matches found
CVE-2024-41799
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...
EUVD-2023-37371
Malicious code in bioql PyPI...
EUVD-2024-2316
Malicious code in bioql PyPI...
CVE-2024-41799 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...
CVE-2024-41799 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...
PT-2024-29565 · Byond +1 · Byond +1
Name of the Vulnerable Software and Affected Versions: tgstation-server versions prior to 6.8.0 Description: The issue allows low permission users with the "Set .dme Path" privilege to potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files...
tgstation-server 安全漏洞
tgstation-server is a toolset for managing production BYOND servers. A security vulnerability exists in tgstation-server that stems from problematic TGS restarts and reconnections...
CVE-2023-32687 Insufficiently Protected ChatBot Credentials in tgstation-server
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
CVE-2023-32687 Insufficiently Protected ChatBot Credentials in tgstation-server
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
CVE-2023-32687
CVE-2023-32687 affects tgstation-server versions 4.7.0 through 5.12.1, where users with the public list chat bots permission can read chat bot connection strings without the required permission. The issue is patched in version 5.12.1. Remediation: update to 5.12.1; as a workaround, remove the lis...
Joomla com_bayesiannaivefilter Component <= 1.1 Inclusion Vulnerability
No description provided by source. Pablin77 - XTech Inc Group combayesiannaivefilter Mambo Component Remote File Inclusion mosConfigabsolutepath Discovered By Pablin77 contact: Pablin77 at Argentina dot com Lebanon-Israel...STOP! No War!!! peace, that's all This is a massive cyber-protest, we are...
joovili-rfi.txt
Bulan : Cr@zyKing Thanks : DreamTurk & CrackersChild & Eno7 & TheBekir & Pablin77 & Byond Crew & sys7ech Script : Joovili Versiyon : v2.1 Google Dork : © Powered by Joovili v.2.1 Risk : Remote File İnclude Error : include $hlp."include/settings.inc.php"; include $hlp."include/replace.inc.php";...
Joomla com_bayesiannaivefilter Component <= 1.1 Inclusion Vulnerability
No description provided by source. Pablin77 - XTech Inc Group combayesiannaivefilter Mambo Component Remote File Inclusion mosConfigabsolutepath Discovered By Pablin77 contact: Pablin77 at Argentina dot com Lebanon-Israel...STOP! No War!!! peace, that's all This is a massive cyber-protest, we are...