Lucene search
K

947 matches found

Veracode
Veracode
added 2021/01/05 7:2 a.m.15 views

Information Disclosure

github.com/go-vela/compiler is vulnerable to information disclosure. An attacker is able to obtain server configuration information using the Sprig's env function...

7.4CVSS2AI score0.01777EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/01/04 7:15 p.m.21 views

Code injection

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...

5CVSS5.2AI score0.01777EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/01/04 6:35 p.m.63 views

CVE-2020-26294

Vela compiler before version 0.6.1 allows exposure of server configuration via Sprig's env function in templates. The vulnerability affects the Vela server/component and enables an attacker to retrieve configuration information, exposing sensitive data. The issue has been fixed in version 0.6.1; ...

7.4CVSS5.4AI score0.01777EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/01/04 6:35 p.m.47 views

CVE-2020-26294 Exposure of server configuration

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...

7.4CVSS7.3AI score0.01777EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.6 views

Target Vela Operating System Command Injection Vulnerability

Target Vela is a pipeline automation CI/CD framework based on Go language, Linux container technology from Target Canada. Vela suffers from a security vulnerability that allows the disclosure of server configuration. An attacker could exploit the vulnerability to retrieve configuration informatio...

7.4CVSS5.8AI score0.01777EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/01/04 12:0 a.m.6 views

PT-2021-11235 · Unknown +2 · Vela Compiler +2

Name of the Vulnerable Software and Affected Versions: Vela versions prior to 0.6.1 Vela compiler versions prior to 0.6.1 Description: The issue allows exposure of server configuration, impacting all users of Vela. An attacker can use Sprig's env function to retrieve configuration information. Th...

7.4CVSS6.7AI score0.01777EPSS
Exploits1References9
Rockylinux
Rockylinux
added 2020/11/03 12:31 p.m.16 views

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2020/10/26 9:23 p.m.20 views

Stripo Inc: Memory Dump and Env Disclosure via Spring Boot Actuator

Memory Dump and Env Disclosure via Spring Boot Actuator Spring boot actuator files/endpoints can be accessed via path like stripo.email/██████/actuator/, including a 110 MB heapdump file, which expose source code, private keys and some internal data! The maximum severity of this asset is medium, ...

1.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/10/04 9:21 a.m.7 views

env-team.com Cross Site Scripting vulnerability OBB-1380897

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
OSV
OSV
added 2020/10/01 6:15 p.m.5 views

CVE-2020-15228

In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...

5CVSS5.9AI score0.01501EPSS
Exploits2References2
Prion
Prion
added 2020/10/01 6:15 p.m.18 views

Design/Logic Flaw

In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...

4CVSS5.3AI score0.01501EPSS
Exploits2References2Affected Software1
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.243 views

Bagisto Credential Disclosure

Vendor: Bagisto https://bagisto.com/ Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database a...

7.4AI score
Exploits0
OSV
OSV
added 2020/08/25 11:40 p.m.11 views

GHSA-HRPQ-R399-WHGW Sandbox Breakout / Arbitrary Code Execution in safe-eval

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload js function var ex = new Error...

9.8CVSS6.2AI score0.0143EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2020/07/09 12:0 a.m.236 views

CompleteFTP Professional 12.1.3 - Remote Code Execution

Exploit Title: CompleteFTP Professional 12.1.3 - Remote Code Execution Date: 2020-03-11 Exploit Author: 1F98D Original Author: Rhino Security Labs Vendor Homepage: https://enterprisedt.com/products/completeftp/ Version: CompleteFTP Professional Tested on: Windows 10 x64 CVE: CVE‑2019‑16116...

4.3CVSS4.7AI score0.03679EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2020/07/07 10:31 a.m.5 views

php: underflow in env_path_info in fpm_main.c

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

9.8CVSS7.7AI score0.9947EPSS
Exploits55References6
vulnersOsv
vulnersOsv
added 2020/05/19 9:0 p.m.15 views

@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +10 more potentially affected by CVE-2020-7660 via serialize-javascript (>=7.0.0 <=7.0.2)

serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =0.7.5, =1.3.0, =0.1.0, =1.0.7, =0.2.0, =0.7.0-alpha.6 Source cves: CVE-2020-7660 Source advisory: SNYK:JS-SERIALIZEJAVASCRIPT-570062...

8.1CVSS7.2AI score0.03009EPSS
Exploits0
Packet Storm
Packet Storm
added 2020/05/18 12:0 a.m.192 views

Oracle Hospitality RES 3700 5.7 Remote Code Execution

Exploit Title: Oracle Hospitality RES 3700 5.7 - Remote Code Execution Date: 2019-10-01 Exploit Author: Walid Faour Vendor Homepage: https://www.oracle.com/industries/food-beverage/products/res-3700/ Software Link: N/A Available to customers Version: \ \ MDSSYSUTILS \ TransferFile \ Session \ \ '...

6.8CVSS0.1AI score0.14457EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2020/02/03 9:29 p.m.5 views

php: underflow in env_path_info in fpm_main.c

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

9.8CVSS7.7AI score0.9947EPSS
Exploits55References6
Kitploit
Kitploit
added 2020/01/13 8:51 p.m.82 views

laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host

Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug mode in victim host. Scan rationale Scan host. Resolve IP adress and check .env file in IP Adress Checking debug mode Laravel Read .env variables Installation...

7.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/06 2:4 p.m.14 views

php: underflow in env_path_info in fpm_main.c

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

9.8CVSS7.7AI score0.9947EPSS
Exploits55References6
Rows per page
Query Builder