Lucene search
K

4422 matches found

Github Security Blog
Github Security Blog
added 2022/01/12 10:43 p.m.44 views

Access to restricted PHP code by dynamic static class access in smarty

Impact Template authors could run restricted static php methods. Patches Please upgrade to 3.1.40 or higher. References See the documentation on Smarty security features on the staticclasses access filter. For more information If you have any questions or comments about this advisory please open ...

8.8CVSS1.6AI score0.0222EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/12 10:43 p.m.52 views

Sandbox Escape by math function in smarty

Impact Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Patches Please upgrade to 4.0.2 or 3.1.42 or...

8.8CVSS1.6AI score0.01927EPSS
Exploits0References14Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/01/10 10:48 a.m.30 views

Access to restricted PHP code by dynamic static class access

Impact Template authors could run restricted static php methods. Patches Please upgrade to 3.1.40 or higher. References See the documentation on Smarty security features on the staticclasses access filter. For more information If you have any questions or comments about this advisory please open ...

8.8CVSS9.1AI score0.0222EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/01/10 12:1 a.m.19 views

Sandbox Escape by math function

Impact Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Patches Please upgrade to 4.0.2 or 3.1.42 or...

8.8CVSS8.8AI score0.01927EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 4:37 p.m.164 views

Security Bulletin: There are multiple vulnerabilities in the Apache Log4j used in IBM® QRadar Risk Manager that may allow for remote code execution (RCE).

Summary Apache Log4j is used by IBM® QRadar Risk Manager to log system events. This bulletin provides a remediation to address the multiple Apache Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 by upgrading IBM® QRadar Risk Manager. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION...

10CVSS1.4AI score0.99999EPSS
Exploits349Affected Software1
Circl
Circl
added 2022/01/06 6:41 p.m.10 views

CVE-2021-46073

creationtimestamp| type| source ---|---|--- 2022-01-06 18:41:20+00:00| seen| https://t.me/cibsecurity/35063 2022-01-14 19:52:35+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1330 2023-04-27 09:58:59+00:00| confirmed|...

4.8CVSS4.9AI score0.02759EPSS
Exploits1References3
Circl
Circl
added 2022/01/06 6:41 p.m.11 views

CVE-2021-46069

creationtimestamp| type| source ---|---|--- 2022-01-06 18:41:13+00:00| seen| https://t.me/cibsecurity/35058 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-46069.yaml...

4.8CVSS4.9AI score0.02736EPSS
Exploits1References2
0day.today
0day.today
added 2022/01/05 12:0 a.m.233 views

WordPress WP Visitor Statistics 4.7 Plugin - SQL Injection Exploit

Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CVE: CVE-2021-2475...

8.8CVSS0.5AI score0.38298EPSS
Exploits5
Photon
Photon
added 2021/12/31 12:0 a.m.232 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2022-3.0-0346

An update of 'bluez', 'pkg-config', 'consul', 'httpd', 'vim' packages of Photon OS has been released...

7.5CVSS0.9AI score0.97108EPSS
Exploits11
Gitee
Gitee
added 2021/12/23 6:24 p.m.6 views

vulhub

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for learning and practicing penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2021/12/23 1:52 p.m.16 views

Kubernetes: Github Account Takeover from Docs page of `kubernetes-csi.github.io`

Report Submission Form Summary: Kubernetes in its docs https://kubernetes-csi.github.io have a drivers list. One of the driver was pointing to an external github account. That github account was not registered on github.com So I was able to takeover the account and host PoC Kubernetes Version: NA...

0.5AI score
Exploits0
Code423n4
Code423n4
added 2021/12/19 12:0 a.m.8 views

callFacet is based on unprotected calls

Handle 0x0x0x Vulnerability details callFacet is based on unprotected calls and user funds can get stolen using them. This is unsafe for users and at least this risk has to be better documented. --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/12/18 4:53 p.m.52 views

RubyGems: Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs

Dependency repository hijacking aka repo jacking is an obscure supply chain vulnerability, conceptually similar to subdomain takeover. When the linked repository owner changes their username, it becomes immediately available to be re-registered by anyone. This means that any project that linked...

7.9AI score
Exploits0
Citrix
Citrix
added 2021/12/15 12:0 a.m.6 views

Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 2

Package name: xms10.14.0.10206.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.10118.bin Date: December 2021 Languages supported: English US Important notes about this update As a best practice, Citrix recommends that you install this and other updates to...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2021/12/12 11:30 a.m.53 views

CloudSpec - An Open Source Tool For Validating Your Resources In Your Cloud Providers Using A Logical Language

CloudSpec is an open source tool for validating your resources in your cloud providers using a logical language that everybody can understand. With its reasonably simple syntax, you can validate the configuration of your cloud resources, avoiding mistakes that can lead to availability or...

7.4AI score
Exploits0References1
VMware
VMware
added 2021/12/10 12:0 a.m.352 views

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

9.3CVSS0.4AI score0.99999EPSS
Exploits353References4Affected Software55
VMware
VMware
added 2021/12/10 12:0 a.m.262 views

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

9.3CVSS0.3AI score0.99999EPSS
Exploits351References4Affected Software50
Photon
Photon
added 2021/12/08 12:0 a.m.34 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2022-3.0-0338

An update of 'vim' packages of Photon OS has been released...

9.3CVSS0.9AI score0.01669EPSS
Exploits2
OSV
OSV
added 2021/12/07 11:15 a.m.3 views

CVE-2021-29113

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page...

4.7CVSS5.8AI score0.00815EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/12/03 11:30 a.m.30 views

ClusterFuzzLite - Simple Continuous Fuzzing That Runs In CI

ClusterFuzzLite is a continuous fuzzing solution that runs as part of Continuous Integration CI workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they...

7.6AI score
Exploits0References4
Rows per page
Query Builder