DerbyNet 9.0 print/render/racer.inc SQL Injection

CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...

GO-2024-2670 ACL security vulnerability in github.com/hashicorp/nomad

An ACL policy using a block without label can be applied to unexpected resources in Nomad, a distributed, highly available scheduler designed for effortless operations and management of applications...

GO-2024-2669 API token secret ID leak to Sentinel in github.com/hashicorp/nomad

A vulnerability exists in Nomad where the API caller's ACL token secret ID is exposed to Sentinel policies...

GHSA-WPFF-WM84-X5CX Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possib...

Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possib...

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

Impact Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. Patches This has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75. Fixes has been released in v5.28.4 and v6.11.1. Workarounds...

Null Dereference

github.com/kubevirt/kubevirt is vulnerable to Null Dereference. The vulnerability is due to improper handling of calls to vm-dump-metrics --virtio, allowing an attacker to cause a denial of service by issuing a high number of such calls and subsequently deleting the virtual machine...

Google Chrome gets ‘Device Bound Session Credentials’ to stop cookie theft

Google has announced the introduction of Device Bound Session Credentials DBSC to secure Chrome users against cookie theft. In January we reported how hackers found a way to gain unauthorized access to Google accounts, bypassing multi-factor authentication MFA, by stealing authentication cookies...

Exploit for Embedded Malicious Code in Tukaani Xz

xz-backdoor-CVE-2024-3094-Check Verify if your installed versi...

Cross Site Scripting(XSS)

github.com/ca17/teamsacs is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the errmsg parameter, allowing remote attackers to execute arbitrary code through a crafted script...

Connection ID Exhaustion

github.com/quic-go/quic-go is vulnerable to a Connection ID exhaustion. The vulnerability is caused by an attacker manipulating of the round-trip time RTT estimate of the peer by sending a large number of NEWCONNECTIONID frames to exhaust the memory of the receiver, which allows an attacker to...

Cross Site Request Forgery (CSRF)

github.com/mudler/localai is vulnerable to Cross Site Request Forgery CRSF. The vulnerability is due to a lack of CSRF tokens, allowing an attacker to host malicious JavaScript on a host. When visited by a LocalAI user, this could allow the attacker to fill disk space to deny service or abuse...

GHSA-75HQ-H6G9-H4Q5 Wasmtime vulnerable to panic when using a dropped extenref-typed element segment

Impact The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. The panic in question is caused when a...

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated) Exploit

Exploit Title: Online Hotel Booking In PHP 1.0 - Blind SQL Injection Unauthenticated Exploit Author: Gian Paris C. Agsam Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://projectworlds.in/wp-content/uploads/2019/06/hotel-booking.zip Version: 1.0 Tested on:...

Online Hotel Booking In PHP 1.0 SQL Injection

Exploit Title: Online Hotel Booking In PHP 1.0 - Blind SQL Injection Unauthenticated Google Dork: n/a Date: 04/02/2024 Exploit Author: Gian Paris C. Agsam Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://projectworlds.in/wp-content/uploads/2019/06/hotel-booking.zip...

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

Exploit Title: Online Hotel Booking In PHP 1.0 - Blind SQL Injection Unauthenticated Google Dork: n/a Date: 04/02/2024 Exploit Author: Gian Paris C. Agsam Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://projectworlds.in/wp-content/uploads/2019/06/hotel-booking.zip...

FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

Exploit Title: FoF Pretty Mail 1.1.2 - Server Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2023-32233 5.x Kernel Adaptation Existing Exploitation...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 vul check tools This vulnerability allows an at...