76 matches found
Our secret ingredient for reverse engineering
Nowadays, a lot of cybersecurity professionals use IDA Pro as their primary tool for reverse engineering. While IDA is a complex tool that implements a multitude of features useful for dissecting binaries, many reverse engineers use various plugins to add further functionality to this software. W...
CVE-2023-48193
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to...
CVE-2023-48193
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to...
Design/Logic Flaw
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function...
CVE-2023-48193
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to...
CVE-2023-48193
The CVE-2023-48193 entry concerns JumpServer GPLv3, version 3.8.0, with an Insecure Permissions vulnerability that allows a remote attacker to execute arbitrary code by bypassing the command filtering function. This is described across multiple sources (NVD/OSV) as a high-severity issue (CVSS 9.8...
Fedora: Security Advisory for golang (FEDORA-2022-6d2b6ad1a6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Zenbuster - Multi-threaded URL Enumeration/Brute-Forcing Tool
ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin @0xTas. I wrote this tool as a way to deepen my familiarity with Python, and to help increase my understanding of Cybersecurity tooling in general. ZenBuster may not be the fastest or most...
Galette Cross-Site Scripting Vulnerability (CNVD-2021-101699)
Galette is a membership management web application built for nonprofit organizations and released under the GPLv3. A cross-site scripting vulnerability exists in versions of Galette prior to 0.9.6. An attacker could use this vulnerability to launch a cross-site scripting attack via the preference...
Galette SQL Injection Vulnerability
Galette is a membership management web application built for non-profit organizations and released under the GPLv3. A SQL injection vulnerability exists in versions of Galette prior to 0.9.6. An attacker with "member" privileges could use this vulnerability to launch an SQL injection attack...
CVE-2021-41262
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known...
CVE-2021-41261
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...
CVE-2021-41261
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...
CVE-2021-41262
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known...
Sql injection
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known...
CVE-2021-41261
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...
CVE-2021-41260
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue...
CVE-2021-41260
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue...
CVE-2021-41261
CVE-2021-41261 affects Galette prior to version 0.9.6, where a stored cross-site scripting vulnerability exists in the preferences footer that can be modified by a site admin. The issue has been fixed in 0.9.6; upgrade all installations to that release. The public sources confirm the vulnerabilit...
CVE-2021-41261 Stored Cross-site Scripting in Galette
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...