CVE-2024-0864 RCE in Laragon

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution RCE attack via an improper input validation in a fileupload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned...

com.bitbreeds.webrtc:webrtc-example (=0.2.5), com.bitbreeds.webrtc:webrtc-signaling (=0.2.5) +504 more potentially affected by CVE-2024-22371 via org.apache.camel:camel-core (>=3.0.0 <=3.21.3)

org.apache.camel:camel-core MAVEN version =3.0.0, =3.0.0-M1, =3.11.0, =2.0.0, =2.0.0, =3.0.0, =2.3.0, =2.3.0, =2.3.0, =1.44.0-M1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-22371 Source advisory: OSV:GHSA-QPXM-689R-3849...

Exploit for Injection in Atlassian Confluence_Data_Center

Atlassian Confluence CVE-2023-22527 Scanner 🛡️ Overview 🌟...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

Exploit CVE-2023-22515 A simple basch script exploit for CV...

MAL-2024-1 Malicious code in squaredev-next-online-payments-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c12aadbc7b6d08bd4746e705c7507074eb759ac60f260bdf9a59cd85d966a45b The OpenSSF Package Analysis project identified 'squaredev-next-online-payments-example' @ 99.0.0 npm as malicious. It is considered malicious...

Malicious code in squaredev-next-online-payments-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c12aadbc7b6d08bd4746e705c7507074eb759ac60f260bdf9a59cd85d966a45b The OpenSSF Package Analysis project identified 'squaredev-next-online-payments-example' @ 99.0.0 npm as malicious. It is considered malicious...

Exploit for Code Injection in Sitecore Experience_Commerce

CVE-2023-35813 Exploit for CVE-2023-35813 example use:...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Confluence Pre-Auth Remote Code Execution via OGNL Injection...

Malicious code in app-next-example-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8ca79ef64add6f7047e7d406bfa4128511f415f4e21c16722d1da3c6d4d14721 The OpenSSF Package Analysis project identified 'app-next-example-plugin' @ 3.3.3 npm as malicious. It is considered malicious because: - The...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 A scanning utility and PoC for CVE-2023-50164...

The vulnerability in the /lib/tinymce/examples/index.html component of SysAid’s software for support and control of hardware and software systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the /lib/tinymce/examples/index.html component of SysAid’s automation software relates to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...

org.jupiter-rpc:jupiter-example (>=1.2.0 <=1.2.7), org.jupiter-rpc:jupiter-extension-tracing (>=1.2.12 <=1.3.1-beta-2) +3 more potentially affected by CVE-2023-48887 via org.jupiter-rpc:jupiter-rpc (>=1.2.0 <=1.3.1)

org.jupiter-rpc:jupiter-rpc MAVEN version =1.2.0, =1.2.0, =1.2.12, =1.2.0, =1.2.0, =1.2.0, =1.3.1-beta-2 Source cves: CVE-2023-48887 Source advisory: OSV:GHSA-6PQX-V9G4-5HC8...

Unchecked return value of low-level

Lines of code Vulnerability details Impact description of issue/finding Content includes @Audit stack and code example of the issue Assessed type other --- The text was updated successfully, but these errors were encountered: All reactions...

Title of issue/finding

Lines of code , Vulnerability details Impact description for the issue found Content includes @Audit stack and code example of the issue Content includes @Audit stack and code example of the issue Assessed type other --- The text was updated successfully, but these errors were encountered: All...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2022-41678 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2022-41678 Source advisory: OSV:GHSA-53V4-42FG-G287...

GHSA-Q3QX-C6G2-7PW2 aiohttp's ClientSession is vulnerable to CRLF injection via version

Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...

UBUNTU-CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...

Malicious code in kratos-nextjs-react-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002a702a76a5afe71ba598cb987b7d8cb8624bd74161c63a0e642fb288083bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8553 Malicious code in kratos-nextjs-react-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002a702a76a5afe71ba598cb987b7d8cb8624bd74161c63a0e642fb288083bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PathFinder - Tool That Provides Information About A Website

Web Path Finder is a Python program that provides information about a website. It retrieves various details such as page title, last updated date, DNS information, subdomains, firewall names, technologies used, certificate information, and more. Retrieve important information about a website Gain...