10 matches found
CVE-2023-22651
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...
Privilege escalation
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...
CVE-2022-31012
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into C:\mingw64\bin\git.exe by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is...
CVE-2022-31012
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into C:\mingw64\bin\git.exe by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is...
CVE-2022-31012 Git for Windows' installer can be tricked into executing an untrusted binary
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into C:\mingw64\bin\git.exe by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is...
PT-2022-3619 · Unknown · Git For Windows
Name of the Vulnerable Software and Affected Versions: Git for Windows versions prior to 2.37.1 Description: The issue is related to the Git for Windows installer executing a binary into C:mingw64bingit.exe by mistake, which occurs only during a fresh install, not when upgrading. This is due to a...
in dompdf/dompdf
Description The Scenario 3 you described in this report https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e/ actually opens up the ability to bypass chroot checks. Proof of Concept 1: Make sure you install Dompdf from GitHub https://github.com/dompdf/dompdf/ and include the following...
CVE-2021-20025
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the...
Setting a custom FileVault (macOS FDE) passphrase
FileVault 2 is the full-disk encryption system of macOS. Normally, it's turned on from System Preferences, and locks the disk with the passwords of all the users allowed to unlock the machine. Overloading the login/unlock/sudo password is an understandable UX simplicity choice, but makes it very...
chillyCMS 1.3.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Vulnerability Failure to Restrict URL Access chillyCMS uses 302 redirects to restrict access to the unautorized pages. Exploit Step 1: Create a rule in No-Redirect Add-on: ^http://localhost/chillyCMS/ Step 2: Access...