1634 matches found
Lender can cause unintended behavior for the borrower's transaction
Lines of code Vulnerability details This vulnerability comes in the form of when a borrower wants to remove a lender as a both deposit and withdraw and set them as a withdraw only, to avoid paying more interest on their funds in the market, this plan may not go as planned, based on the nature of...
Exploit for CVE-2023-38646
CVE-2023-38646 - Metabase RCE Metabase open source before 0.46...
Exploit for Improper Input Validation in Atlassian Confluence_Data_Center
CVE-2023-22515 Exploit Script 🔐 This script is designed to ex...
Vyper's `_abi_decode` input not validated in complex expressions
Impact abidecode does not validate input when it is nested in an expression. the following example gets correctly validated bounds checked: vyper x: int128 = abidecodeslicemsg.data, 4, 32, int128 however, the following example is not bounds checked vyper @external def abidecodex: uint256 - uint25...
HTMLSmuggler - HTML Smuggling Generator And Obfuscator For Your Red Team Operations
The full explanation what is HTML Smuggling may be found here. The primary objective of HTML smuggling is to bypass network security controls, such as firewalls and intrusion detection systems, by disguising malicious payloads within seemingly harmless HTML and JavaScript code. By exploiting the...
Apache Airflow 1.10.10 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Airflow 1.10.10 - Example DAG Remote Code Execution', 'Description' = %q This module exploits an unauthenticated command injection...
Malicious code in puppeteer-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86dc3a8e94227c886be1f23f2acbcbfcf8e01dd2664461ea24aff9236351b195 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.0 <=1.0.0-alpha.3), sneakmax (=0.1.0) +3 more potentially affected by CVE-2023-38507 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.11.2)
@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =1.0.0-alpha.3 - sneakmax =0.1.0 - sneakmaxtesttemplate =0.1.0 - sneakmaxtesttemplatev2 =0.1.0 - sveltekit-strapi =0.1.0 Source cves: CVE-2023-38507 Source advisory: OSV:GHSA-24Q2-59HM-RH9R...
SQL Injection Vulnerability in Content Page
In menu Content page, there is a SQL Injection Vulnerability at Filter function. To exploit this vulnerability, attacker injection query into filter field. Proof of Concept 1. Login with admin 2. Go to "http://127.0.0.1/icms2/admin/content/5". In this case, the number 5 is content's id Can be...
Exploit for Command Injection in Apache Airflow
Apache Airflow SQL injection PoC CVE-2023-22884 PoC for C...
Bashfuscator - A Fully Configurable And Extendable Bash Obfuscation Framework
Documentation What is Bashfuscator? Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by generating convoluted, randomized Bash...
Exploit for Code Injection in Apache Airflow
Apache Airflow official report description says: A vulnerab...
copyparty vulnerable to path traversal attack
Summary All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server. Details Unauthenticated users were able to retrieve any files which are accessible according to OS-level permissions from the copyparty process. Usually, this ...
MAL-2023-221 Malicious code in cypress-typed-stubs-example-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d06bdef719edee1677bda9a46ae9d713bed145fb60b910c15f7260b2fca5b18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +300 more potentially affected by CVE-2023-34149 via org.apache.struts:struts2-core (>=2.0.5 <=2.5.30)
org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2023-34149 Source advisory: OSV:GHSA-8F6X-V685-G2XC...
Affiliate Me 5.0.1 SQL Injection
Exploit Title: Affiliate Me Version 5.0.1 - SQL Injection Exploit Date: May 16, 2023. CVSS 3.1: 6.4 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Tactic: Initial Access TA0001 Technique: Exploit Public-Facing Application T1190 Application Name: Affiliate Me Application Version:...
PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool
This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes. Also, while you doing pentesting it...
Exploit for Path Traversal in Grafana
PoC para CVE-2021-43798 Grafana es una plataforma de código a...
MAL-2023-1111 Malicious code in afterpay-sdk-example-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 555a159aa3b74ea73f8574c05e14aa536948cbe56b0420bcdcc0daa2a911ae2c The OpenSSF Package Analysis project identified 'afterpay-sdk-example-server' @ 20.0.0 npm as malicious. It is considered malicious because: - T...
Malicious code in example-package-taxi-etl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc9af8fd35e3ce951b8d314b087c20afbd1ed1eeb3ff9441b0ea5d5ac5576e5a The OpenSSF Package Analysis project identified 'example-package-taxi-etl' @ 0.0.3 pypi as malicious. It is considered malicious because: - The...