Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)

Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...

Gitea 1.16.6 Remote Code Execution

Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...

CVE-2022-38770

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to fetch other users' data upon a successful login request...

CVE-2022-38770

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to fetch other users' data upon a successful login request...

The vulnerability of the Background Fetch component in Google Chrome and Microsoft Edge browsers allows attackers to disclose protected information.

The vulnerability of the Background Fetch component in Google Chrome and Microsoft Edge is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to disclose protected information through a specially created web page...

Malicious code in fetch-xd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50f954028686092185e082e62b12f2ed4971d5786028fa45ef7e77579fe916b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3014 Malicious code in fetch-xd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50f954028686092185e082e62b12f2ed4971d5786028fa45ef7e77579fe916b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3967 Malicious code in isomorphi-cetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e1e43045eadbf99f5d51f8f96699e59c9865577b1351c4fab7b826366b109e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3966 Malicious code in isomorphceftch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89443e6b76432ccff6b8c99525082bc916344a2a69f27d8d5191c326023a27c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fetch-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ae97c4c34e165dcc455869fbf2da4d3535aff6c425c2add9379cd2b8b9cfe7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3013 Malicious code in fetch-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ae97c4c34e165dcc455869fbf2da4d3535aff6c425c2add9379cd2b8b9cfe7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10092-1 Rating: important References: 1202075 Cross-References: CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612...

The vulnerability of the TIFFFetchStripThing() function in the LibTIFF library on Amazon Linux systems allows a hacker to trigger a service failure.

The vulnerability of the TIFFFetchStripThing function in the LibTIFF library is related to the use of uninitialized resources during the processing of TIFF files. Exploiting this vulnerability could allow an attacker to cause service failures...

Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts The postid is the ID of a saved layout As a contributor, get a REST nonce via...

CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

DEBIAN-CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Design/Logic Flaw

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...