URVE Smart Office 跨站脚本漏洞

URVE Smart Office is a smart office resource management system from URVE Smart Office, Poland. A cross-site scripting vulnerability exists in URVE Smart Office versions prior to 1.1.24, which stems from the presence of stored cross-site scripting in the function reporting the issue, which could...

[SECURITY] Fedora 41 Update: envision-2.0.0-4.20241209git2.0.0.fc41

UI for building, configuring, and running Monado, the open source OpenXR runtime. This is still highly experimental software, while it's unlikely that anything bad will happen, it's still unstable and there is no guarantee that it will work on your system, with your particular hardware. If you...

CVE-2018-9477

creationtimestamp| type| source ---|---|--- 2024-11-20 17:35:25+00:00| seen| https://infosec.exchange/users/cve/statuses/113516486661985667 2024-11-20 19:36:29+00:00| seen| https://t.me/cvedetector/11649...

apollo-portal has potential unauthorized access issue

Impact A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. Patches The issue was addressed with an input parameter check in...

UK PSTI? You’ll need a Vulnerability Disclosure Program!

If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program VDP In the supporting materials for the Act,...

CVE-2023-41969

The CVE-2023-41969 entry describes an arbitrary file deletion vulnerability in ZSATrayManager used by Zscaler Client Connector (Win ZApp). Affected component is ZSATrayManager within Zscaler ZApp prior to version 4.3.0; the underlying issue is that it protects the temporary encrypted ZApp issue r...

CVE-2023-41969 ZSATrayManager Arbitrary File Deletion

An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later...

OpenSearch has time discrepancy in authentication responses

Impact There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider IdP, and not other externally configured IdPs. Patches OpenSearch 1.3.9...

GHSA-22M9-M3WW-53H3 Flarum post mentions can be used to read any post on the forum without access control

Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into...

nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...

`undici.request` vulnerable to SSRF using absolute URL on `pathname`

Impact undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici = require"undici" undici.requestorigin: "http://example.com",...

GHSA-52QP-GWWH-QRG4 Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

grok:grk_decompress_fuzzer: Use-of-uninitialized-value in grk::TileProcessor::prepare_sod_decoding

Detailed Report: https://oss-fuzz.com/testcase?key=5154931768819712 Project: grok Fuzzing Engine: libFuzzer Fuzz Target: grkdecompressfuzzer Job Type: libfuzzermsangrok Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: grk::TileProcessor::preparesoddecoding...

Chromepass - Hacking Chrome Saved Passwords

Chromepass is a python-based console application that generates a windows executable with the following features: Decrypt Chrome saved paswords Send a file with the login/password combinations remotely email or reverse-http Custom icon Completely undetectable by AntiVirus Engines AV Detection! Du...

WiFi Passview v2.0 - An Open Source Batch Script Based WiFi Passview For Windows!

WiFi Passview is an open source batch script based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview softwares such as webpassview and mailpassview. Disclaimer : WiFi Passview is NOT...

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

DrMITM - Program Designed To Globally Log All Traffic Of A Website

DrMITM is a program designed to globally log all traffic. How it works DrMITM sends a request to website and returns the IP of the website just in case the server of the website is designed to rely on the website IP for requests, and the request that goes to the website also ends up being sent to...

Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Video Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

CVE-2019-11634 - Improper Access Control Vulnerability in AppDNA

Description of Problem A vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution. This vulnerability has been assigned the following CVE number: •...

imagemagick/encoder_mvg_fuzzer: Heap-buffer-overflow in DrawDashPolygon

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5640076797673472 Project: imagemagick Fuzzer: aflimagemagickencodermvgfuzzer Fuzz target binary: encodermvgfuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...