CVE-2022-24229

The CVE-2022-24229 entry describes an XSS vulnerability in ONLYOFFICE Document Server Example prior to version 7.0.0. The affected component/path is the example editor endpoint (/example/editor), allowing remote attackers to inject arbitrary HTML or JavaScript. The issue is tied to an external we...

Ascensio System ONLYOFFICE Document Server 跨站脚本漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets, presentations and more. A cross-site scripting vulnerability exists in ONLYOFFICE Document Server Example versions prior...

Gitbleed_Tools - For Extracting Data From Mirrorred Git Repositories

This repo contains shell scripts that can be used to download and analyze differences between cloned and mirror Git repositories. For more information about the underlying quirk in Git behavior, please visit read our blog post. What Do These Scripts Do? These scripts will clone a copy of the give...

GHSA-XHR8-MPWQ-2RR2 Automatic named constructor discovery in Valinor

Design issue - automatic constructor discovery The issue arises when upgrading from cuyz/valinor:0.3.0 to a newer system on an existing application, which broke due to the wrong constructor being picked. Still, a bigger security concern is problematic, and it is akin to...

Plezi < 1.0.3 - Unauthenticated Stored XSS

The plugin has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue curl -X POST...

Xerte 3.10.3 - Directory Traversal (Authenticated) Exploit

Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE : CVE-2021-44665...

Xerte 3.10.3 Directory Traversal

Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE ...

Internet Bug Bounty: CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs

In Apache Airflow, prior to version 2.2.4, In DAG script of airflow , there is two command injection vulnerability RCE in the some scripts, which an attacker can execute arbitrary commands on the system. The impact is even greater when airflow is configured for unauthenticated access. These two...

GHSA-3V7G-4PG3-7R6J OS Command injection in Apache Airflow

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

PYSEC-2022-30

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

CVE-2022-24288 Apache Airflow: RCE in example DAGs

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

Apache Airflow 操作系统命令注入漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an operating system command injection vulnerability tha...

Shellcodetester - An Application To Test Windows And Linux Shellcodes

This tools test generated ShellCodes. Usage Exemple ShellCode Tester Linux Instalation git clone https://github.com/helviojunior/shellcodetester.git cd shellcodetester/Linux make Usage Without break-point: shellcodetester file.asm With break-point INT3. The break-point will be inserted before our...

VulnCheck KEV: CVE-2020-11978

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...

Apache Airflow Command Injection

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...

@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.4.1)

@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.0.1, =0.5.0, =3.4.0, =1.5.0, =1.4.0, =1.5.0, =1.4.0, =1.0.0-main.334593a7.46, =2.4.0, =2.0.0, =1.0.0, =2.0.2, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M6W8-FQ7V-PH4M...

@across-ui/example (>=0.0.1-alpha.4 <=0.0.4-alpha.5), @agreejs/api (>=0.0.1 <=3.2.14) +748 more potentially affected by CVE-2020-28500 via lodash-es (>=4.0.0 <=4.17.20)

lodash-es NPM version =4.0.0, =0.0.1-alpha.4, =0.0.1, =0.0.2, =3.2.1, =3.2.1, =3.2.1, =0.0.1, =3.2.1, =3.2.1, =0.1.0, =0.3.14, =0.4.63, =0.4.64 and more Source cves: CVE-2020-28500 Source advisory: OSV:GHSA-29MW-WPGM-HMR9...

SourceLeakHacker - A Multi Threads Web Application Source Leak Scanner

SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage dictionary scale --output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss --threads THREADS, -t THREADS threads numbers, default: 4 --timeout TIMEOUT HTTP request timeout...

Croogo 3.0.2 Remote Code Execution

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Date: 05/12/2021 Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

Crawpy - Yet Another Content Discovery Tool

Yet another content discovery tool written in python. What makes this tool different than others: It is written to work asynchronously which allows reaching to maximum limits. So it is very fast. Calibration mode, applies filters on its own Has bunch of flags that helps you fuzz in detail Recursi...