CVE-2021-43698

phpWhois last update Jun 30 2021 is affected by a Cross Site Scripting XSS vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $GET'query' then there is a XSS vulnerability...

PhpWhois 跨站脚本漏洞

PhpWhois is a Whois library containing Php by Spanish individual developer David Saez Padros. A cross-site scripting vulnerability exists in PhpWhois, which originates in the file example.php, where the exit function will terminate the script and print a message to the user. No detailed...

@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.2)

@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =0.5.0, =3.4.0, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.0.0, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WMPV-C2JP-J2XG...

Exploit for CVE-2017-17562

GoAhead Web Server 2.5 use multi/handler msf6 exploitmulti/h...

PT-2021-22372 · Octorpki · Octorpki

Name of the Vulnerable Software and Affected Versions: OctoRPKI affected versions not specified Description: The issue allows a repository to create a file that can be written to disk outside the base cache folder due to a failure to escape a URI with a filename containing "..". This could enable...

Exploit for Path Traversal in Apache Http_Server

Apachuk - CVE-2021-41773 Grabber with Shodan Grabber Apache Di...

GitOops - All Paths Lead To Clouds

GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls. It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables...

Online Traffic Offense Management System 1.0 - Multiple SQL Injection Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple SQL Injection Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

Libiec_Iccp_Mod 缓冲区错误漏洞

LibiecIccpMod is used to modify Libiec6850 Mms to use the Iccp client. A buffer error vulnerability exists in LibiecIccpMod v1.5, which stems from the software containing a heap buffer overflow component, MMSclientexample1.c. The vulnerability is caused by the following...

Libiec_Iccp_Mod 安全漏洞

LibiecIccpMod is used to modify Libiec6850 Mms to use the Iccp client. A security vulnerability exists in LibiecIccpMod v1.5, which stems from the software including a segmentation violation in the component serverexample1.c. The vulnerability is caused by the following...

Libiec_Iccp_Mod 缓冲区错误漏洞

LibiecIccpMod is used to modify Libiec6850 Mms to use the Iccp client. A buffer error vulnerability exists in LibiecIccpMod v1.5, which stems from the software containing a heap buffer overflow component, MMSclientexample1.c. The vulnerability is caused by the following...

Sentry 8.2.0 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory: https://doc.lagout.org/Others/synacktivadvisorysentrypickle.pdf Tested o...

Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Exampl...

A4: XML External Entities (XXE) ❗️ — Top 10 OWASP 2017

A4: XML External Entities XXE ❗️ — Top 10 OWASP 2017 Introduction XML presents a useful resource for sending data from service to service and for data processing internally but with anything, as soon as user input gets involved, things get dangerous. The processing of these files comes with an...

GHSA-5HJ3-VJJF-F5M7 Heap OOB in `SdcaOptimizerV2`

Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2: python import tensorflow as tf tf.rawops.SdcaOptimizerV2 sparseexampleindices=1, sparsefeatureindices=1, sparsefeaturevalues=1.0,2.0,...

Heap OOB in `SdcaOptimizerV2`

Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2: python import tensorflow as tf tf.rawops.SdcaOptimizerV2 sparseexampleindices=1, sparsefeatureindices=1, sparsefeaturevalues=1.0,2.0,...

Multiple Plugins - Reflected Cross-Site Scripting via PHPRelativePath Library

The plugins are using the PHPRelativePath library, which contain an example file affected a Reflected Cross-Site Scripting PoC POST /wp-content/plugins/mpl-publisher/vendor/grandt/relativepath/RelativePath.Example1.php HTTP/1.1 Accept:...

CVE-2021-37672

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

Karton - Distributed Malware Processing Framework Based On Python, Redis And MinIO

Distributed malware processing framework based on Python, Redis and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware analysis systems into a robust pipeline with very little effort. We've been in the...

MobileTogether Server 7.3 XML Injection

Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one app to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerabili...