org.jupiter-rpc:jupiter-example (>=1.2.0 <=1.2.7), org.jupiter-rpc:jupiter-extension-tracing (>=1.2.12 <=1.3.1-beta-2) +3 more potentially affected by CVE-2023-48887 via org.jupiter-rpc:jupiter-rpc (>=1.2.0 <=1.3.1)

org.jupiter-rpc:jupiter-rpc MAVEN version =1.2.0, =1.2.0, =1.2.12, =1.2.0, =1.2.0, =1.2.0, =1.3.1-beta-2 Source cves: CVE-2023-48887 Source advisory: OSV:GHSA-6PQX-V9G4-5HC8...

Title of issue/finding

Lines of code , Vulnerability details Impact description for the issue found Content includes @Audit stack and code example of the issue Content includes @Audit stack and code example of the issue Assessed type other --- The text was updated successfully, but these errors were encountered: All...

Unchecked return value of low-level

Lines of code Vulnerability details Impact description of issue/finding Content includes @Audit stack and code example of the issue Assessed type other --- The text was updated successfully, but these errors were encountered: All reactions...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2022-41678 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2022-41678 Source advisory: OSV:GHSA-53V4-42FG-G287...

GHSA-Q3QX-C6G2-7PW2 aiohttp's ClientSession is vulnerable to CRLF injection via version

Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...

UBUNTU-CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...

Malicious code in kratos-nextjs-react-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002a702a76a5afe71ba598cb987b7d8cb8624bd74161c63a0e642fb288083bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8553 Malicious code in kratos-nextjs-react-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002a702a76a5afe71ba598cb987b7d8cb8624bd74161c63a0e642fb288083bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PathFinder - Tool That Provides Information About A Website

Web Path Finder is a Python program that provides information about a website. It retrieves various details such as page title, last updated date, DNS information, subdomains, firewall names, technologies used, certificate information, and more. Retrieve important information about a website Gain...

Lender can cause unintended behavior for the borrower's transaction

Lines of code Vulnerability details This vulnerability comes in the form of when a borrower wants to remove a lender as a both deposit and withdraw and set them as a withdraw only, to avoid paying more interest on their funds in the market, this plan may not go as planned, based on the nature of...

Exploit for CVE-2023-38646

CVE-2023-38646 - Metabase RCE Metabase open source before 0.46...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

CVE-2023-22515 Exploit Script 🔐 This script is designed to ex...

Vyper's `_abi_decode` input not validated in complex expressions

Impact abidecode does not validate input when it is nested in an expression. the following example gets correctly validated bounds checked: vyper x: int128 = abidecodeslicemsg.data, 4, 32, int128 however, the following example is not bounds checked vyper @external def abidecodex: uint256 - uint25...

HTMLSmuggler - HTML Smuggling Generator And Obfuscator For Your Red Team Operations

The full explanation what is HTML Smuggling may be found here. The primary objective of HTML smuggling is to bypass network security controls, such as firewalls and intrusion detection systems, by disguising malicious payloads within seemingly harmless HTML and JavaScript code. By exploiting the...

Apache Airflow 1.10.10 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Airflow 1.10.10 - Example DAG Remote Code Execution', 'Description' = %q This module exploits an unauthenticated command injection...

Malicious code in puppeteer-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86dc3a8e94227c886be1f23f2acbcbfcf8e01dd2664461ea24aff9236351b195 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.0 <=1.0.0-alpha.3), sneakmax (=0.1.0) +3 more potentially affected by CVE-2023-38507 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.11.2)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =1.0.0-alpha.3 - sneakmax =0.1.0 - sneakmaxtesttemplate =0.1.0 - sneakmaxtesttemplatev2 =0.1.0 - sveltekit-strapi =0.1.0 Source cves: CVE-2023-38507 Source advisory: OSV:GHSA-24Q2-59HM-RH9R...

SQL Injection Vulnerability in Content Page

In menu Content page, there is a SQL Injection Vulnerability at Filter function. To exploit this vulnerability, attacker injection query into filter field. Proof of Concept 1. Login with admin 2. Go to "http://127.0.0.1/icms2/admin/content/5". In this case, the number 5 is content's id Can be...

Exploit for Command Injection in Apache Airflow

Apache Airflow SQL injection PoC CVE-2023-22884 PoC for C...

Bashfuscator - A Fully Configurable And Extendable Bash Obfuscation Framework

Documentation What is Bashfuscator? Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by generating convoluted, randomized Bash...