Apache Airflow 1.10.10 Remote Code Execution

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...

@aws-crypto/example-node (>=0.2.0-preview.1 <=0.2.0-preview.5), @aws-crypto/integration-node (>=0.2.0-preview.1 <=0.2.0-preview.5) potentially affected by unknown CVE via @aws-crypto/client-node (=0.1.0-preview.5)

@aws-crypto/client-node NPM version =0.1.0-preview.5 is affected by a known vulnerability. The following packages have a transitive dependency on @aws-crypto/client-node and may be impacted: - @aws-crypto/example-node =0.2.0-preview.1, =0.2.0-preview.1, =0.2.0-preview.5 Source cves: unknown CVE...

@aws-crypto/example-browser (>=0.1.0-preview.1 <=0.1.0-preview.5), @aws-crypto/integration-browser (>=0.2.0-preview.1 <=0.2.0-preview.5) potentially affected by unknown CVE via @aws-crypto/client-browser (=0.1.0-preview.5)

@aws-crypto/client-browser NPM version =0.1.0-preview.5 is affected by a known vulnerability. The following packages have a transitive dependency on @aws-crypto/client-browser and may be impacted: - @aws-crypto/example-browser =0.1.0-preview.1, =0.2.0-preview.1, =0.2.0-preview.5 Source cves:...

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

Input validation

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

CVE-2021-32642

radsecproxy is affected by CVE-2021-32642 due to missing input validation in the internal dyndisc scripts naptr-eduroam.sh and radsec-dynsrv.sh, which can allow configuration injection via crafted radsec peer discovery DNS records. reported impacts include information disclosure, DoS, and the red...

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

Exploit for OS Command Injection in Apache Airflow

CVE-2020-11978: Remote code execution in Apache Airflow's Exa...

@across-ui/example (>=0.0.1-alpha.4 <=0.0.4-alpha.5), @agreejs/api (>=0.0.1 <=3.2.14) +797 more potentially affected by CVE-2021-23337 via lodash-es (>=3.0.0 <=4.17.20)

lodash-es NPM version =3.0.0, =0.0.1-alpha.4, =0.0.1, =0.0.2, =3.2.1, =3.2.1, =3.2.1, =0.0.1, =3.2.1, =3.2.1, =0.1.0, =0.3.14, =0.4.63, =0.4.64 and more Source cves: CVE-2021-23337 Source advisory: OSV:GHSA-35JH-R3H4-6JHM...

Sub404 - A Python Tool To Check Subdomain Takeover Vulnerability

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomainse.g more than 10k. It is not possible to test each manually or with traditional requests or...

Open redirect in Slashify

The package is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, or a...

SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools

New and improved C Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for...

Exploit for CVE-2021-3129

CVE-2021-3129exploit Exploit for CVE-2021-3129 Lab setup:...

Exploit for CVE-2021-3129

CVE-2021-3129exploit Exploit for CVE-2021-3129 Lab setup:...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2020-9484 Click the image to watch the vide...

Prototype Pollution in immer

Overview Affected versions of immer are vulnerable to Prototype Pollution. Proof of exploit js const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " + obj.polluted; applyPatches, op: 'add', path: "proto", "polluted" , value: "yes" ; // applyPatches,...

Car Rental Management System 1.0 - SQL Injection / Local File include

Exploit Title: Car Rental Management System 1.0 - SQL Injection / Local File include Date: 22-10-2020 Exploit Author: Mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...

Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user admin+. Vulnerable functions: removeLogs and removeSpam at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php Sleep query: POST...

DRUPAL-CONTRIB-2020-035

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can...

Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can...