CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-28116 Buffer overflow in L2CAP due to misconfigured MTU

Contiki-NG is an open-source, cross-platform operating system for internet of things IoT devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer packetbuf for processing o...

Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries

Overview Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...

GHSA-GCJF-29M9-888Q PaddlePaddle vulnerable to Code Injection

Code injection in paddle.audio.functional.getwindow in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. A patch is available on the develop branch of the repository and anticipated to be part of a 2.4 release...

PaddlePaddle vulnerable to Code Injection

Code injection in paddle.audio.functional.getwindow in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. A patch is available on the develop branch of the repository and anticipated to be part of a 2.4 release...

Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...

Privilege escalation in easyappointments

The Easy!Appointments API authorization is checked against the user's existence, without validating the permissions. As a result, a low privileged user eg. provider can create a new admin user via the "/api/v1/admins/" endpoint and take over the system. A patch is available on the develop branch ...

Skycaiji 安全漏洞

Skycaiji Blue Sky Collector is a free data collection and publishing crawler software from China Nanchang Zhuolan Technology Co., Ltd, developed with php+mysql and can be deployed on cloud servers. A security vulnerability exists in Skycaiji version 2.4, which originated from the discovery that...

Spotweb-Develop 1.4.9 Cross Site Scripting

Exploit Title: Cross Site Scripting DOM Based spotweb-develop 1.4.9 Author: @nu11secur1ty Testing and Debugging: nu11secur1ty $ OWASP-ZAP Date: 05.20.2021 Vendor: https://www.nzbserver.com/ Link: https://github.com/spotweb/spotweb CVE: 2021-XXXX Proof: https://streamable.com/hix5o1 + Exploit...

Rocket.Chat: User Impersonation through sendMessage options

The Meteor call "sendMessage" allowed clients to use custom avatar and alias parameters, which could be used to impersonate other chat room members. This vulnerability has been patched...

[SECURITY] Fedora 31 Update: prosody-0.11.7-1.fc31

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Fsociety - A Modular Penetration Testing Framework

Install pip install fsociety Update pip install --upgrade fsociety Usage usage: fsociety -h -i -s A Penetration Testing Framework optional arguments: -h, --help show this help message and exit -i, --info gets fsociety info -s, --suggest suggest a tool Develop git clone...

ctf_repo

This is a Python script for a CTF Capture The Flag challenge called "FunPwn". The script is designed to automate the game by interacting with the game's console. Here's a breakdown of the script: 1. The script starts by importing the pwn module, which is a Python library for exploitation. 2. The...

PYSEC-2020-268

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

Information disclosure

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

PYSEC-2020-41

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

Fedora Update for ImageMagick FEDORA-2019-ba7247edcf

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Frappe ERPNext Cross-Site Scripting Vulnerability

Frappe ERPNext is an open source ERP Enterprise Resource Planning system. The system includes functions for financial management, inventory management, customer relationship management, project management and human resource management. A cross-site scripting vulnerability exists in Frappe ERPNext...

Cross site scripting

An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment...

develop-online.net XSS vulnerability

Open Bug Bounty ID: OBB-177695 Description| Value ---|--- Affected Website:| develop-online.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...