The vulnerability of the rcp.c component in the NetKit-rsh remote execution program allows a attacker to compromise data integrity.

The vulnerability of the rcp.c component in the NetKit-rsh remote execution program is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to compromise data integrity using a dummy file name or the file name “.”...

check-spelling workflow vulnerable to token leakage via symlink attack

Impact For a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the GITHUBTOKEN, it's possible to push commits to the repository bypassing standard approval...

Gogs Git Hooks Remote Code Execution Exploit

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gogs. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the...

Actiontec WCB3000N 0.16.2.5 Privilege Escalation

Device Details Vendor: Actiontec Telus Branded Model: WCB3000N Affected Firmware: v0.16.2.5 Device Manual: http://static.telus.com/common/cms/files/internet/wifiplusextender.pdf Reported: November 2015 Status: Fixed on newest pushed firmware version CVE: Update is handled by the vendor, therefore...