262 matches found
Discourse 安全漏洞
Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from a security vulnerability. An attacker exploited the vulnerability to read the cache of an anonymous i.e., not logged in user, thereby...
PT-2022-16903 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue affects Discourse, an open source platform for community discussion. An attacker can poison the cache for anonymous users, causing them to se...
Scrapy Information Disclosure Vulnerability (CNVD-2022-17012)
Scrapy is a free and open-source web crawler framework written in Python.An information disclosure vulnerability exists in versions of Scrapy prior to 2.6.1, which stems from the product's failure to effectively protect sensitive information. An attacker could use this vulnerability to obtain...
CVE-2021-32849
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...
CVE-2021-32849
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...
PYSEC-2022-17
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...
CVE-2021-32849
Gerapy (distributed crawler management framework) contains an authenticated arbitrary command execution vulnerability tracked as CVE-2021-32849. Prior to version 0.9.9, an authenticated user could execute commands on the server. The issue has been fixed in version 0.9.9. Public sources in the con...
CVE-2021-32849 Arbitrary command execution in Gerapy
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...
Gerapy 命令注入漏洞
Gerapy is a crawler framework based on the Scrapy Scrapyd Scrapyd Client Scrapyd API Django. Gerapy authenticates remote command execution vulnerabilities, which can be exploited by attackers to gain control of the server...
CVE-2021-43857
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...
CVE-2021-43857
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...
PYSEC-2021-867
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...
CVE-2021-43857
CVE-2021-43857 affects Gerapy, a distributed crawler management framework. Affected versions prior to 0.9.8 are vulnerable to remote code execution due to an OS command injection flaw in the spider/config flow. The issue is patched in version 0.9.8; users should upgrade to 0.9.8 or later to mitig...
What is a search engine and why does anyone care which one you use?
An attempt at a simple definition: a search engine is a software system that allows users to find content on the Internet based on their input. The introduction of the major search engines brought about huge changes in the way we use the Internet. There is a wealth of knowledge available for thos...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. A buffer overflow vulnerability exists in Google TensorFlow, which stems from the fact that during the crawler optimization phase of the affected version of TensorFlow, constant folding may attempt to...
Skycaiji 路径遍历漏洞
Skycaiji Blue Sky Collector is a free data collection and publishing crawler software in China, developed with php+mysql and can be deployed on cloud servers. A path traversal vulnerability exists in Skycaiji version 1.3, which stems from. The vulnerability stems from a failure of a network syste...
Description of the security update for SharePoint Enterprise Server 2016: July 13, 2021 (KB5001981)
Description of the security update for SharePoint Enterprise Server 2016: July 13, 2021 KB5001981 Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
Xxe
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...