PYSEC-2021-89

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

CVE-2021-32670 Reflected cross-site scripting issue in Datasette

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities

Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from two restricted shell escape vulnerabilities through the install rpm command present in the clish restricted shell. These issues have been fixed in version 11.1.0.0, released on March 15, 2021. The first, CVE-2021-3198, is an...

Local Service Search Engine Management System 1.0 SQL Injection

Exploit Title: SQL injection, bypass the login page, Local Service Search Engine Management System 1.0 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 06.02.2021 Vendor:...

CVE-2021-33591

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

CVE-2021-33591

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

CVE-2021-33591

CVE-2021-33591 affects Naver Comic Viewer. An exposed remote debugging port before version 1.0.15.0 allows a remote attacker to execute arbitrary code via a crafted HTML page. Impact is remote code execution with network access, as described in multiple sources (NVD/Red Hat/CNNVD). No explicit pa...

CVE-2021-33591

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Pandora FMS 6.0SP3 Cross Site Scripting Vulnerability

Exploit Title: XSS vulnerability for keywords searching parameter in pandorafms-6.0SP3/pandoraconsole Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor: https://pandorafms.com/ Link: https://github.com/pandorafms/pandorafms/releases CVE: 2021-0527-nu11secur1ty Proof:...

OPENSUSE-SU-2021:0787-1 Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to 1.2.17: Avoid triggering DDos detection in firewalls on large systems Use mysql reconnect option properly Fix possible creashes in various operations Fix remote data collectors pushing too much data to main...

Spotweb-Develop 1.4.9 Cross Site Scripting

Exploit Title: Cross Site Scripting DOM Based spotweb-develop 1.4.9 Author: @nu11secur1ty Testing and Debugging: nu11secur1ty $ OWASP-ZAP Date: 05.20.2021 Vendor: https://www.nzbserver.com/ Link: https://github.com/spotweb/spotweb CVE: 2021-XXXX Proof: https://streamable.com/hix5o1 + Exploit...

Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments And Gives Recommendations For Standard Practices

For complete documentation visit www.botkube.io BotKube integration with Slack, Mattermost or Microsoft Teams helps you monitor your Kubernetes cluster, debug critical deployments and gives recommendations for standard practices by running checks on the Kubernetes resources. You can also ask...

TYPO3 6.2.1 SQL Injection Exploit

Exploit Title: TYPO3 6.2.1 allows SQL Injection via a backend user on backend.php Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor: https://typo3.org/ Link: https://get.typo3.org/version/6.2.1 CVE: CVE-2021-31777 Proof: https://streamable.com/8v7v4i + Exploit Source:...

CVE-2020-35757

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...

Nextcloud: Default Nextcloud allows http federated shares

userA on serverA runs on http only 2. userA sends a federated share to userB on serverB 3. userB is a normal user so he has no clue that there is no secure transport used and accepts the share 4. all the data written to and read from is now no longer protected by TLS Impact While maybe a bit far...

Exploit for Path Traversal in Atlassian Confluence_Server

Confluence unauthorize template injection CVE-2019-3396...

Buffalo network devices 安全漏洞

Buffalo firmware is a network device from Buffalo Japan. A security vulnerability exists in Buffalo network devices that could allow a remote attacker to open debugging options and execute arbitrary code or operating system commands to alter the configuration and cause a denial-of-service DoS...

Google Android Authorization Issues Vulnerability (CNVD-2021-31238)

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android suffers from an authorization issue vulnerability that stems from misauthorization of the debugging command, which can be exploited by an attacker to gain unauthorized acces...

IPCDump - Tool For Tracing Interprocess Communication (IPC) On Linux

Announcement post ipcdump is a tool for tracing interprocess communication IPC on Linux. It covers most of the common IPC mechanisms -- pipes, fifos, signals, unix sockets, loopback-based networking, and pseudoterminals. It's a useful tool for debugging multi-process applications, and it's also a...