Internet Bug Bounty: CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs

In Apache Airflow, prior to version 2.2.4, In DAG script of airflow , there is two command injection vulnerability RCE in the some scripts, which an attacker can execute arbitrary commands on the system. The impact is even greater when airflow is configured for unauthenticated access. These two...

GHSA-3V7G-4PG3-7R6J OS Command injection in Apache Airflow

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

PYSEC-2022-30

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

CVE-2022-24288 Apache Airflow: RCE in example DAGs

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

Apache Airflow 操作系统命令注入漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an operating system command injection vulnerability tha...

Shellcodetester - An Application To Test Windows And Linux Shellcodes

This tools test generated ShellCodes. Usage Exemple ShellCode Tester Linux Instalation git clone https://github.com/helviojunior/shellcodetester.git cd shellcodetester/Linux make Usage Without break-point: shellcodetester file.asm With break-point INT3. The break-point will be inserted before our...

VulnCheck KEV: CVE-2020-11978

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...

Apache Airflow Command Injection

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...

@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.4.1)

@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.0.1, =0.5.0, =3.4.0, =1.5.0, =1.4.0, =1.5.0, =1.4.0, =1.0.0-main.334593a7.46, =2.4.0, =2.0.0, =1.0.0, =2.0.2, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M6W8-FQ7V-PH4M...

@across-ui/example (>=0.0.1-alpha.4 <=0.0.4-alpha.5), @agreejs/api (>=0.0.1 <=3.2.14) +752 more potentially affected by CVE-2020-28500 via lodash-es (>=4.0.0 <=4.17.20)

lodash-es NPM version =4.0.0, =0.0.1-alpha.4, =0.0.1, =0.0.2, =3.2.1, =3.2.1, =3.2.1, =0.0.1, =3.2.1, =3.2.1, =0.1.0, =0.3.14, =0.4.63, =0.4.64 and more Source cves: CVE-2020-28500 Source advisory: OSV:GHSA-29MW-WPGM-HMR9...

SourceLeakHacker - A Multi Threads Web Application Source Leak Scanner

SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage dictionary scale --output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss --threads THREADS, -t THREADS threads numbers, default: 4 --timeout TIMEOUT HTTP request timeout...

Croogo 3.0.2 Remote Code Execution

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Date: 05/12/2021 Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

Crawpy - Yet Another Content Discovery Tool

Yet another content discovery tool written in python. What makes this tool different than others: It is written to work asynchronously which allows reaching to maximum limits. So it is very fast. Calibration mode, applies filters on its own Has bunch of flags that helps you fuzz in detail Recursi...

CVE-2021-43698

phpWhois last update Jun 30 2021 is affected by a Cross Site Scripting XSS vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $GET'query' then there is a XSS vulnerability...

PhpWhois 跨站脚本漏洞

PhpWhois is a Whois library containing Php by Spanish individual developer David Saez Padros. A cross-site scripting vulnerability exists in PhpWhois, which originates in the file example.php, where the exit function will terminate the script and print a message to the user. No detailed...

@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.2)

@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =0.5.0, =3.4.0, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.0.0, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WMPV-C2JP-J2XG...

Exploit for CVE-2017-17562

GoAhead Web Server 2.5 use multi/handler msf6 exploitmulti/h...

PT-2021-22372 · Octorpki · Octorpki

Name of the Vulnerable Software and Affected Versions: OctoRPKI affected versions not specified Description: The issue allows a repository to create a file that can be written to disk outside the base cache folder due to a failure to escape a URI with a filename containing "..". This could enable...

Exploit for Path Traversal in Apache Http_Server

Apachuk - CVE-2021-41773 Grabber with Shodan Grabber Apache Di...

GitOops - All Paths Lead To Clouds

GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls. It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables...