Exploit for Code Injection in Apache Airflow

Apache Airflow official report description says: A vulnerab...

copyparty vulnerable to path traversal attack

Summary All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server. Details Unauthenticated users were able to retrieve any files which are accessible according to OS-level permissions from the copyparty process. Usually, this ...

MAL-2023-221 Malicious code in cypress-typed-stubs-example-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d06bdef719edee1677bda9a46ae9d713bed145fb60b910c15f7260b2fca5b18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Affiliate Me 5.0.1 SQL Injection

Exploit Title: Affiliate Me Version 5.0.1 - SQL Injection Exploit Date: May 16, 2023. CVSS 3.1: 6.4 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Tactic: Initial Access TA0001 Technique: Exploit Public-Facing Application T1190 Application Name: Affiliate Me Application Version:...

PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool

This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes. Also, while you doing pentesting it...

Exploit for Path Traversal in Grafana

PoC para CVE-2021-43798 Grafana es una plataforma de código a...

MAL-2023-1111 Malicious code in afterpay-sdk-example-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 555a159aa3b74ea73f8574c05e14aa536948cbe56b0420bcdcc0daa2a911ae2c The OpenSSF Package Analysis project identified 'afterpay-sdk-example-server' @ 20.0.0 npm as malicious. It is considered malicious because: - T...

Malicious code in example-package-taxi-etl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc9af8fd35e3ce951b8d314b087c20afbd1ed1eeb3ff9441b0ea5d5ac5576e5a The OpenSSF Package Analysis project identified 'example-package-taxi-etl' @ 0.0.3 pypi as malicious. It is considered malicious because: - The...

Baidu braft 安全漏洞

Baidu braft is an industrial-grade C++ implementation of the RAFT consensus algorithm and brpc-based replicated state machine from the Chinese company Baidu. A security vulnerability exists in Baidu braft version 1.1.2 due to a memory leak in example/atomic/atomicserver using the new operator...

Intro to forensics in the cloud: A container was compromised. What’s next?

Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example...

Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking

Exploit Title: Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking Author: nu11secur1ty Date: 02.23.2023 Vendor: https://www.kimai.org/ Software: https://github.com/kimai/kimai/releases/tag/1.30.10 Reference:...

IpGeo - Tool To Extract IP Addresses From Captured Network Traffic File

IpGeo is a python tool to extract IP addresses from captured network traffic file pcap/pcapng and generate csv report containing details about the geolocation of each ip in the packets. The report contains: 1. Country: 2. Country Code. 3. Region 4. Region Name 5. City 6. Zip 7. Latitude 8...

SUSE CVE-2006-7196

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...

SUSE CVE-2007-2449

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

SUSE CVE-2009-0781

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...

SUSE CVE-2012-5619

The Sleuth Kit TSK 4.0.1 does not properly handle "." dotfile file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame...

SUSE CVE-2014-10000

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references...

GHSA-R77C-QV68-J3PP Cross-site Scripting in MobileDetect

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

CVE-2018-25080 MobileDetect Example session_example.php initLayoutType cross site scripting

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

PT-2023-10821 · Unknown · Mobiledetect

Name of the Vulnerable Software and Affected Versions: MobileDetect version 2.8.31 Description: A problematic issue has been found in MobileDetect, affecting the initLayoutType function of the examples/session example.php file in the Example component. The manipulation of the argument $ SERVER'PH...