Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain write access to all gauges in a dashboard via the Add Gauge function of Create...

Apache Superset vulnerable to Cross-site Scripting

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

UBUNTU-CVE-2019-17382

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously. All created elements...

PHPRunner 10.1 - Denial of Service (PoC)

Exploit Title: PHPRunner 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/phprunner/download.htm Tested Version: 10.1 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the...