4420 matches found
The creation and success of a documentation site
Gain a better understanding of why collaboration between developers and writers is necessary to create a successful documentation site...
Microsoft ACL Shortcomings
Hi @ll, the following is a substantially shortened version of and Windows NT supports access control for almost all its objects, "How Security Descriptors and Access Control Lists Work" and "How Permissions Work" provide a comprehensive and exhaustive explanation. "Access Control Lists" provides ...
GHSA-RWXP-HWWF-653V Insecure template handling in express-hbs
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
[SECURITY] Fedora 33 Update: kernel-tools-5.11.20-200.fc33
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 34 Update: kernel-tools-5.11.20-300.fc34
This package contains the tools/ directory from the kernel source and the supporting documentation...
Information disclosure
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
CVE-2021-32817 File disclosure in express-hbs
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
Metasploit Wrap-Up
Stopped at the gate? A fun new module from timwr, taking advantage of a technique reported by Cedric Owens, is reminding everyone if there is no fence a gate will not deter us. The new module provides a quick wrapper for payloads that bypasses download origination and authorization requirements...
CVE-2021-26828
creationtimestamp| type| source ---|---|--- 2021-05-14 01:56:05+00:00| seen| https://t.me/pwnwikizhchannel/422 2022-07-04 22:17:17+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3610 2023-12-12 01:23:48+00:00| seen| https://t.me/arpsyndicate/1785 2025-01-06...
Nextcloud: Talk discloses turn server to anybody
The attack is straight forward. 1. send a request to bash curl -H 'OCS-APIREQUEST: true' https://server/ocs/v2.php/apps/spreed/api/v2/signaling/settings And you get back a lot of information. signaling server stun server turn server inc credentials The stun server is harmless enough. I did not lo...
[SECURITY] Fedora 32 Update: kernel-tools-5.11.19-100.fc32
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 33 Update: kernel-tools-5.11.19-200.fc33
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 34 Update: kernel-tools-5.11.19-300.fc34
This package contains the tools/ directory from the kernel source and the supporting documentation...
CVE-2021-21430
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...
Design/Logic Flaw
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...
CVE-2021-21430
OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...
CVE-2021-21428
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
Design/Logic Flaw
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2021-25735)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that could allow node updates to bypass a validating admission webhook CVE-2021-25735 Vulnerability Details CVEID: CVE-2021-25735 Description: Kubernetes kube-apiserver could allow a remote...
Markdown-Explorer 0.1.1 Cross Site Scripting / Code Execution
Exploit Title: Markdown-Explorer 0.1.1 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/jersou/markdown-explorer Version: 0.1.1 Tested on: Windows,...