30 matches found
EUVD-2020-28090
Malware in sbrugna...
EUVD-2022-2378
Malicious code in bioql PyPI...
EUVD-2022-4911
Malicious code in bioql PyPI...
CVE-2020-6949
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account...
CVE-2020-6948
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
CVE-2020-5840
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field...
Fedora 39 : glycin-loaders / gnome-tour / helix / helvum / libipuz / librsvg2 / etc (2024-40ee18b2e7)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-40ee18b2e7 advisory. This update contains builds from a mini-mass-rebuild for Rust applications and some C-style libraries. Rebuilding with the Rust 1.78 toolchain should fix...
Fedora 40 : glycin-loaders / gnome-tour / helix / helvum / libipuz / loupe / etc (2024-ce2936b568)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ce2936b568 advisory. This update contains builds from a mini-mass-rebuild for Rust applications and some C-style libraries. Rebuilding with the Rust 1.78 toolchain should fix...
HashBrown CMS RCE
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
GHSA-4GJV-5JJP-RCGH HashBrown CMS RCE
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
HashBrown CMS Directory Traversal
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field...
GHSA-Q7HX-MRV5-6MRP HashBrown CMS Directory Traversal
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field...
HashBrown CMS Remote Code Execution Vulnerability
HashBrown CMS is an open source headless content management system CMS. HashBrown CMS suffers from a remote code execution vulnerability that stems from the program not performing proper security checks. An attacker could exploit the vulnerability to execute code...
HashBrown CMS 'postUser' function boost vulnerability
HashBrown CMS is an open source headless content management system CMS. A power lifting vulnerability exists in the 'postUser' function in HashBrown CMS version 1.3.3 and earlier. An attacker can exploit this vulnerability to change the hashed password of an administrator account or reset the...
CVE-2020-6948
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
CVE-2020-6949
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account...
CVE-2020-6949
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account...
CVE-2020-6948
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
Remote code execution
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
Privilege escalation
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account...