267 matches found
Skycaiji 路径遍历漏洞
Skycaiji Blue Sky Collector is a free data collection and publishing crawler software in China, developed with php+mysql and can be deployed on cloud servers. A path traversal vulnerability exists in Skycaiji version 1.3, which stems from. The vulnerability stems from a failure of a network syste...
Description of the security update for SharePoint Enterprise Server 2016: July 13, 2021 (KB5001981)
None None...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
Xxe
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
CVE-2021-22140
Elastic App Search (web crawler beta) versions 7.11.0–7.12.0 are affected by an XML External Entity (XXE) injection in the crawler, allowing an attacker crawling the site via a manipulated sitemap.xml to read files on the host. Root cause: insufficient validation of XML in the crawler. Impact: po...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
Elastic App Search web crawler 代码问题漏洞
Elastic App Search web crawler is an application from Elastic USA. provides greater scalability and performance enhancements. A code issue vulnerability exists in App Search web crawler that stems from insufficient validation of user-supplied XML input in Enterprise Search. The following products...
GHSA-JXG6-FHWC-9V9C Regular Expression Denial of Service (ReDoS) in es6-crawler-detect
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
Regular Expression Denial of Service (ReDoS) in es6-crawler-detect
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
Elastic: XXE in Enterprise Search's App Search web crawler
Summary Hello team! The latest version of Enterprise Search 7.12.0 is vulnerable to XXE when parsing sitemaps. Up to now I'm only able to read file that contain one line. I'm reporting now to avoid duplicates, but I'll keep working to find a way to extract entire files or HTTP request bodies...
CVE-2020-28501
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
CVE-2020-28501 Regular Expression Denial of Service (ReDoS)
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
CVE-2020-28501
The CVE-2020-28501 issue affects es6-crawler-detect prior to 3.1.3. The root cause is a lack of length limitation on the user agent string when fed to regex operators, producing Regular Expression Denial of Service (ReDoS). Reported references from GHSA (Regular Expression Denial of Service in es...
Npm es6-crawler-detect 安全漏洞
Npm es6-crawler-detect is an application from Npm. It can help detect bots, crawlers and spiders by scanning user agent strings or from the global ... A security vulnerability exists in es6-crawler-detect before 3.1.3, which stems from the lack of a limit on the length of the user agent string...
Command Execution Vulnerability in Pyspider Crawler System
Pyspider is a web crawler system. Pyspider crawler system has a command execution vulnerability that can be exploited by an attacker to remotely execute code by injecting malicious code into the project manager, controlling the entire server, and carrying out intranet infiltration, DDos and other...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:PYSEC-2021-5...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:GHSA-HQ37-853P-G5CF...
h1-ctf: How The Hackers Saved Christmas
F1139789 Challenge I 🤖 "What are you doing?" I asked myself. I was about to trespass a clear warning to keep out. F1139744 "Have you lost your mind?" But I couldn't help it. I was born for this. And I wasn't going to back down. There are 12 more days until Christmas Eve, and I wasn't going to let...
Regular Expression Denial of Service (ReDoS)
Overview es6-crawler-detect is an ES6 version of the original PHP class @CrawlerDetect, it helps you detect bots/crawlers and spiders only by scanning the user-agent string or from the global request.headers. Affected versions of this package are vulnerable to Regular Expression Denial of Service...