22 matches found
ClipBucket V5 SQL注入漏洞
ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3–129 contained a SQL injection vulnerability. This vulnerability stems from a blind SQL injection vulnerability in the actions/progressvideo.php endpoint, which could...
The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
Multi-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence...
cPanel SQL注入漏洞
cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a SQL injection vulnerability, which stems from insufficient SQL query cleaning in the sqloptimizer tool script. If the slow...
WebPros WHMCS 安全漏洞
WebPros WHMCS is a customer management and automated billing platform provided by the Swiss company WebPros, aimed at hosting providers and domain service providers. There is a security vulnerability in WebPros WHMCS, which stems from insufficient ownership checks in the clientarea.php file. This...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
CVE-2022-31185
mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...
GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories
GitHub on Thursday announced that it's enabling secret scanning push protection by default for all pushes to public repositories. "This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you dee...
GitHub Announces Free Secret Scanning for All Public Repositories
GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of...
The vulnerability of the import function in GitHub’s software platform, based on Git, for collaborative code development on GitLab, allows a perpetrator to execute arbitrary code.
The vulnerability of the import function in GitHub’s software platform for GitLab-based collaborative code development is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2022-31185
mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...
Design/Logic Flaw
mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...
CVE-2022-31185
CVE-2022-31185 affects the mprweb hosting platform (makedeb Package Repository). The issue is an information-disclosure where email addresses were not hidden as configured, potentially leaking user emails. The vulnerability is mitigated for official mprweb instances, while self-hosted deployments...
CVE-2022-20726
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...
Foxlor Cross-Site Scripting Vulnerability
Foxlor is This open source GPL panel was developed by experienced server administrators to simplify the job of managing hosting platforms. A security vulnerability exists in Foxlor, which can be exploited by an attacker to execute arbitrary web script or HTML by entering a payload in the name,...
Unspecified vulnerability in cPanel (CNVD-2019-27417)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 60.0.15. An attacker could exploit this vulnerability to cause a...
cPanel Input Validation Error Vulnerability (CNVD-2019-27602)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 60.0.25. The vulnerability can be exploited by an attacker to execute...
cPanel Security Feature Issue Vulnerability (CNVD-2019-29632)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 62.0.4. No detailed vulnerability details are provided at this time...
cPanel Input Validation Error Vulnerability (CNVD-2019-33874)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in cPanel. An attacker can exploit this vulnerability to execute code in the conte...
cPanel Formatting String Error Vulnerability (CNVD-2019-33887)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A formatting string error vulnerability exists in cPanel. Detailed vulnerability details are not available at this time...
cPanel cross-site scripting vulnerability (CNVD-2019-33871)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel. An attacker can exploit this vulnerability to execute client-side code...