com.approvaltests:approvaltests-hadoop (>=2.0.0 <=7.0.0), io.brooklyn.example:brooklyn-example-hello-world-hadoop-webapp (>=0.4.0 <=0.7.0-M1) +6 more potentially affected by CVE-2012-4449 via org.apache.hadoop:hadoop-client (>=1.0.2 <=1.0.3)

org.apache.hadoop:hadoop-client MAVEN version =1.0.2, =2.0.0, =0.4.0, =0.12, =0.13, =0.3.0-incubating, =0.4.0-incubating, =0.3.0-incubating, =0.6.0 Source cves: CVE-2012-4449 Source advisory: OSV:GHSA-Q46V-CJ5V-HVG6...

au.com.skytix:mesos-scheduler-client (>=1.0.11 <=1.0.15), au.com.skytix:velocity-scheduler (>=1.0.34 <=1.0.40) +40 more potentially affected by CVE-2017-7687 via org.apache.mesos:mesos (>=0.9.0-incubating <=1.1.2)

org.apache.mesos:mesos MAVEN version =0.9.0-incubating, =1.0.11, =1.0.34, =2.1.7, =2.1.7, =2.2.0, =2.2.0, =2.1.2, =2.1.2, =0.18.0, =0.1.3, =0.1.3, =0.18.0, =0.18.0, =0.18.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-7687 Source advisory: OSV:GHSA-X869-784M-JMJ2...

africa.absa:inception-reporting (>=1.0.0 <=1.2.0), africa.absa:inception-reporting-api (>=1.0.0 <=1.2.0) +1451 more potentially affected by CVE-2017-9096 via com.lowagie:itext (>=1.3 <=4.2.2)

com.lowagie:itext MAVEN version =1.3, =1.0.0, =1.0.0, =0.1.0, =2.0.7, =1.0.0, =1.0.7, =5.0.0, =1.0.0, =1.0, =1.0, =1.0, =0.0.1, =0.0.1, =1.1.8, =2.4.0 and more Source cves: CVE-2017-9096 Source advisory: OSV:GHSA-86P9-X5PW-94QX...

Securimage HTML Injection

HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...

be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3), com.arsframework:ars-module-cms (>=1.0.0 <=1.1.4) +379 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.1.0.RELEASE <=3.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =3.1.0.RELEASE, =0.3.3, =1.0.0, =1.0.0, =1.0.0, =1.2.1, =1.2.1, =1.3.6, =1.0.0-alpha2, =1.5, =1.0.0, =3.0.4, =3.0.5 - com.github.ptomli.bedrock:bedrock-core =1.0.0 - com.github.yongjacky:jee.borneo.miri =1.1.6 -...

DEBIAN-CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. NOTE: WinRAR and Android RAR are unaffected...

GHSA-G77G-VJJM-X83J Apache Tomcat Example Application CSRF and XSS Vulnerabilities

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

Apache Tomcat Example Application CSRF and XSS Vulnerabilities

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

GHSA-8G4F-FH7F-4FWH Apache Tomcat Default Installation Reveals Sensitive Information

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the 1 SnoopServlet or 2 TroubleShooter example servlets...

Git-Dumper - A Tool To Dump A Git Repository From A Website

A tool to dump a git repository from a website. Install This can be installed easily with pip: pip install git-dumper Usage usage: git-dumper options URL DIR Dump a git repository from a website. positional arguments: URL url DIR output directory optional arguments: -h, --help show this help...

PT-2022-19687 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 2.0.0 Description: The issue is related to a heap-based buffer over-read in the gp rtp builder do hevc function, located in the ietf/rtp pck mpeg4.c file. This problem is demonstrated by MP4Box. Recommendations: For GPAC version...

Maat - Open-source Symbolic Execution Framework

Maat is an open-source Dynamic Symbolic Execution and Binary Analysis framework. It provides various functionalities such as symbolic execution, taint analysis, constraint solving, binary loading, environment simulation, and leverages Ghidra's sleigh library for assembly lifting: https://maat.re...

CVE-2022-24229

A cross-site scripting XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor...

CVE-2022-24229

The CVE-2022-24229 entry describes an XSS vulnerability in ONLYOFFICE Document Server Example prior to version 7.0.0. The affected component/path is the example editor endpoint (/example/editor), allowing remote attackers to inject arbitrary HTML or JavaScript. The issue is tied to an external we...

Ascensio System ONLYOFFICE Document Server 跨站脚本漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets, presentations and more. A cross-site scripting vulnerability exists in ONLYOFFICE Document Server Example versions prior...

Gitbleed_Tools - For Extracting Data From Mirrorred Git Repositories

This repo contains shell scripts that can be used to download and analyze differences between cloned and mirror Git repositories. For more information about the underlying quirk in Git behavior, please visit read our blog post. What Do These Scripts Do? These scripts will clone a copy of the give...

GHSA-XHR8-MPWQ-2RR2 Automatic named constructor discovery in Valinor

Design issue - automatic constructor discovery The issue arises when upgrading from cuyz/valinor:0.3.0 to a newer system on an existing application, which broke due to the wrong constructor being picked. Still, a bigger security concern is problematic, and it is akin to...

Plezi < 1.0.3 - Unauthenticated Stored XSS

The plugin has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue curl -X POST...

Xerte 3.10.3 Directory Traversal

Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE ...

Xerte 3.10.3 - Directory Traversal (Authenticated) Exploit

Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE : CVE-2021-44665...