Baidu braft 安全漏洞

Baidu braft is an industrial-grade C++ implementation of the RAFT consensus algorithm and brpc-based replicated state machine from the Chinese company Baidu. A security vulnerability exists in Baidu braft version 1.1.2 due to a memory leak in example/atomic/atomicserver using the new operator...

Intro to forensics in the cloud: A container was compromised. What’s next?

Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example...

Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking

Exploit Title: Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking Author: nu11secur1ty Date: 02.23.2023 Vendor: https://www.kimai.org/ Software: https://github.com/kimai/kimai/releases/tag/1.30.10 Reference:...

IpGeo - Tool To Extract IP Addresses From Captured Network Traffic File

IpGeo is a python tool to extract IP addresses from captured network traffic file pcap/pcapng and generate csv report containing details about the geolocation of each ip in the packets. The report contains: 1. Country: 2. Country Code. 3. Region 4. Region Name 5. City 6. Zip 7. Latitude 8...

SUSE CVE-2006-7196

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...

SUSE CVE-2007-2449

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

SUSE CVE-2009-0781

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...

SUSE CVE-2012-5619

The Sleuth Kit TSK 4.0.1 does not properly handle "." dotfile file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame...

SUSE CVE-2014-10000

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references...

GHSA-R77C-QV68-J3PP Cross-site Scripting in MobileDetect

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

CVE-2018-25080 MobileDetect Example session_example.php initLayoutType cross site scripting

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

MobileDetect 跨站脚本漏洞

MobileDetect is a PHP class for detecting mobile devices. A cross-site scripting vulnerability exists in MobileDetect version 2.8.31, which stems from a problem with the initLayoutType function in the file examples/sessionexample.php in the component Example, which can lead to cross-site scriptin...

PT-2023-10821 · Unknown · Mobiledetect

Name of the Vulnerable Software and Affected Versions: MobileDetect version 2.8.31 Description: A problematic issue has been found in MobileDetect, affecting the initLayoutType function of the examples/session example.php file in the Example component. The manipulation of the argument $ SERVER'PH...

Malicious borrower can create pool imbalance by tricking the V2 pool to send lesser number of long tokens in exchange for short tokens

Lines of code Vulnerability details Impact Timeswap V2 Pool works on constant product AMM where total long tokens & short tokens follow the equation total long total short = L. Any increase in long tokens has to be accompanied with a proportionate drop in short tokens and viceversa to ensure that...

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. Open the below URL as an...

cool-php-captcha 跨站脚本漏洞

cool-php-captcha is an application by the individual developer LaoWei. A cross-site scripting vulnerability exists in version 0.2 of cool-php-captcha, which stems from unknown code in the file example-form.php, and can be exploited to cause cross-site scripting using the input of an action-specif...

PT-2023-9869 · Jianlinwei · Cool-Php-Captcha

Name of the Vulnerable Software and Affected Versions: jianlinwei cool-php-captcha versions up to 0.2 Description: A problematic vulnerability was found in the example-form.php file, where the manipulation of the captcha argument with the input %3Cscript%3Ealert1%3C/script%3E leads to cross-site...

PT-2023-6704 · WordPress · Pdf Generator For Wordpress

Name of the Vulnerable Software and Affected Versions: PDF Generator for WordPress plugin versions prior to 1.1.2 Description: The issue is related to a Reflected Cross-Site Scripting susceptibility in a vendored dompdf example file included in the PDF Generator for WordPress plugin. This could b...

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...