Directory traversal

DISPUTED Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code...

CVE-2023-24068

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into...

cri-o: incorrect handling of the supplementary groups

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

alf.io 跨站脚本漏洞

alf.io is an open source ticket reservation system. A cross-site scripting vulnerability exists in versions prior to alf.io 2.0-M4-2301, which stems from the fact that its Groups allow attackers to utilize reflective cross-site scripting to achieve HTML injection...

LinkedIn: Attackers do not need to Pay for a Subscription to get the `Discussion Group URL` in `Paid Learning`

Vulnerability description not provided...

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

The U.S. National Security Agency NSA on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller ADC and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518...

CVE-2022-39895

Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent...

OpenStack 资源管理错误漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack openstack-neutron that stems from its uncontrolled resource consumption allowing a remote authenticated user to query a list of security groups...

SUSE SLES15 Security Update : buildah (SUSE-SU-2022:4349-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4349-1 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building ...

SUSE SLES15 Security Update : buildah (SUSE-SU-2022:4350-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4350-1 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building ...

openstack-neutron: unrestricted creation of security groups

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

openstack-neutron: unrestricted creation of security groups

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

Html Injection in Groups

Description Insert XSS payload in groups fieldsName, Description Proof of Concept 1. login to the dashboard 2. navigate to groups 3. insert Name and Description aaaaatest POC: https://drive.google.com/file/d/1ZsxN-zKoyuiosrgfG8a9Z1sFe9mde-8/view?usp=sharing...

CVE-2022-44948

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Entities Group feature at/index.php?module=entities/entitiesgroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

Pywirt - Python Windows Incident Response Toolkit

With this application, it is aimed to accelerate the incident response processes by collecting information in windows operating systems via winrm. Features Information is collected in the following contents. IP Configuration Users Groups Tasks Services Task Scheduler Registry Control Active TCP &...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other functions. Rukovoditel v3.2.1 version has a security vulnerability , the vulnerability stems from the Entities Group...

DRUPAL-CONTRIB-2022-061

Social Flexible Group is an Open Social extension that allows users to create groups with many different configurations. In specific uncommon scenarios, where a platform doesn't have any flexible groups with the "Group members only secret" visibility, community groups are visible to anonymous use...

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061

Social Flexible Group is an Open Social extension that allows users to create groups with many different configurations. In specific uncommon scenarios, where a platform doesn't have any flexible groups with the "Group members only secret" visibility, community groups are visible to anonymous use...

GHSA-755V-R4X4-QF7M Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown

Summary A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release 16.0.1. The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the groups' dropdown...

Multiple cross-site scripting vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in User management CWE-79 - CVE-2022-39325 Stored cross-site scripting vulnerability in Permission Settings CWE-79 - CVE-2022-41994...