230 matches found
CVE-2022-31139 No security checking for UnsafeAccess.getInstance() in UnsafeAccessor
UnsafeAccessor UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up SecurityCheck.AccessLimiter for UA to...
PT-2022-20558 · Unknown · Unsafeaccessor
Name of the Vulnerable Software and Affected Versions: UnsafeAccessor versions 1.4.0 through 1.6.x Description: The issue concerns UnsafeAccessor UA, a bridge to access jdk.internal.misc.Unsafe and sun.misc.Unsafe. Normally, when UA is loaded as a named module, its internal data is protected by t...
U.S. Dept Of Defense: .git folder exposed [HtUS]
Heyy there, I have found a exposed .git folder on https://█████ https://████████/.git/config core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true remote "origin" url = https://████ fetch = +refs/heads/:refs/remotes/origin/ Using gitdumper...
Code injection
Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...
CVE-2022-29597
Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...
GHSA-5XM3-48V5-6H7V Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...
GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens
GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku an...
Remote Code Execution (RCE)
razorengine is vulnerable to remote code execution. The vulnerability exists because it does not sanitize the CAS code access security of an insecure sandboxed environment, allowing an attacker to execute maliciously crafted .NET code into the system...
PT-2021-23924 · Aim · Aim
Name of the Vulnerable Software and Affected Versions: Aim versions prior to 3.1.0 Description: Aim is an open-source, self-hosted machine learning experiment tracking tool. The issue allows for a path traversal attack, which can be exploited by manipulating variables that reference files with...
Alquist Path Traversal Vulnerability (CNVD-2022-10717)
Alquist is an advanced conversational Ai bot used to have fun and engaging conversations with humans about popular topics such as movies, sports, news, etc. A security vulnerability exists in the Alquist Manager. The security vulnerability in Alquist Manager stems from a lack of effective filteri...
CVE-2021-43495
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...
CVE-2021-43495
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...
Directory traversal
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...
CVE-2021-43495
CVE-2021-43495 is associated with AlquistManager and a directory-traversal vulnerability in the alquist/IO/input.py component. The vulnerability could allow disclosure of sensitive secrets stored anywhere on the system and may facilitate remote code access, as noted in multiple sources (NVD/Nucle...
CVE-2021-43495
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...
CVE-2021-43492
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access...
Directory traversal
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access...
CVE-2021-43492
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access...
CVE-2021-43492
Technical details about CVE-2021-43492 are not publicly provided in the connected documents. No concrete information on affected products/versions or remediation is present. Monitor for updates from the sources listed.