CVE-2019-2124

In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure...

uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery or uriComposeQueryEx function because the '&' character is mishandled in certain contexts...

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +11 more potentially affected by CVE-2019-14235 via django (>=2.1.0 <=2.1.10)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-14235 Source advisory: OSV:GHSA-V9QG-3J8P-R63V...

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +11 more potentially affected by CVE-2019-14232 via django (>=2.1.0 <=2.1.10)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-14232 Source advisory: OSV:GHSA-C4QH-4VGV-QC6G...

vulhub

It is an offensive tool for Vulnerability Research. The repository, vulhub, is a collection of pre-built vulnerable environments based on Docker-Compose. It is designed to be used for vulnerability research and testing, allowing users to easily create and manage vulnerable environments without...

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +11 more potentially affected by CVE-2019-12781 via django (>=2.1.0 <=2.1.1)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-12781 Source advisory: OSV:GHSA-6C7V-2F49-8H26...

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The project is designed to help users learn about vulnerabilities and improve their defensive skills. The repository contains a collection of vulnerable environments, each with its own Docker-Compo...

Security Bulletin: Multiple vulnerabilities in Kibana affect IBM Compose for Elasticsearch

Summary Multiple vulnerabilities in Kibana affect IBM Compose for Elasticsearch. Vulnerability Details CVEID: CVE-2019-7609 DESCRIPTION: Elastic Kibana could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Timelion visualizer. By sending a specially-crafte...

CVE-2019-1995

In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges...

VulnCheck KEV: CVE-2012-0791

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname...

DFIRTrack - The Incident Response Tracking Application

DFIRTrack Digital Forensics and Incident Response Tracking application is an open source web application mainly based on Django using a PostgreSQL database backend. In contrast to other great incident response tools, which are mainly case-based and support the work of CERTs, SOCs etc. in their...

Conpot - An Open Industrial Control Honeypot

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems Documentation The build of the documentations source can be found here. There you will also find the instructions on how to install conpot and the FAQ...

JSShell - An Interactive Multi-User Web JS Shell

An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS Cross Site Scripting payload to achieve browser remote code execution similar to the BeeF framework...

DEBIAN-CVE-2018-19199

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery or uriComposeQueryEx function because of an unchecked multiplication...

UBUNTU-CVE-2018-19199

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery or uriComposeQueryEx function because of an unchecked multiplication...

DEBIAN-CVE-2018-19198

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery or uriComposeQueryEx function because the '&' character is mishandled in certain contexts...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an offensive tool for a vulnerability environment. It is a Docker-Compose file for a vulnerability environment. The repository contains a .gitignore file, a README.md file, and several other files that are used to configure the environment. The .gitignore file contains a list o...

vulhub

This is a Docker Compose file for a vulnerability environment. It is a collection of services and their configurations that can be used to test and demonstrate various vulnerabilities. The file is written in YAML format and defines the services, their ports, and their dependencies. The services...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an offensive tool for a vulnerability environment. It is a collection of Docker Compose files for various vulnerabilities, allowing users to easily set up and test vulnerable environments. The repository includes files for vulnerabilities such as CVE-2016-9086, CVE-2017-1000353...

vulhub

It is an offensive tool for web application exploitation. The repository contains a Docker Compose file for a vulnerability environment. The tool is designed to exploit vulnerabilities in web applications. The tool is likely used for testing and demonstrating vulnerabilities in web applications. ...