Wing FTP Server 安全漏洞

Wing FTP Server is a set of cross-platform FTP server software open-sourced by Wing FTP Server. A security vulnerability exists in Wing FTP Server versions prior to 7.4.4, which originates from loginok.html disclosing the local installation path...

[SECURITY] Fedora 40 Update: crosswords-0.3.13-1.fc40

A simple and fun game of crosswords. Load your crossword files, or play one of the included games. Features include: - Support for shaped and colored crosswords - Loading .ipuz and .puz files - Hint support, such as showing mistakes and suggesting words - Dark mode support - Locally installed...

GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints

This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper whe...

CVE-2023-29069

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability...

CVE-2020-14121

A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation...

CVE-2020-14121

A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation...

ROS-2-1336

2.1336 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability

Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2021-23337 Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in...

Design/Logic Flaw

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

Bulwark - An Organizational Asset And Vulnerability Management Tool, With Jira Integration, Designed For Generating Application Security Reports

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira Integration Note Please keep in mind, this project is in early development. Launch with Docker 1. Install Docker 2. Create a .env file and supply the...

OWASP Threat Dragon - Cross-Platform Threat Modeling Application

Threat Dragon is a free, open-source, cross-platform threat modeling application including system diagramming and a rule engine to auto-generate threats/mitigations. It is an OWASP Incubator Project. The focus of the project is on great UX, a powerful rule engine and integration with other...

CVE-2019-17633

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations e.g. ...

Authentication flaw

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations e.g. ...

CVE-2019-17633

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations e.g. ...

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

Dynamic Application Security Test Orchestration: Webbreaker

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Continuous Security Integration Framework: CSI

Continuous Security Integration Framework It’s easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation…broad collaboration is key to any...

YXcms建站系统最新版储存XSS盲打后台（demo+本地演示）

简要描述： 缺个移动硬盘存片子 详细说明： 上次提交说是self-xss没给过，为了证明不是self-xss，这次盲打后台一下吧 demo演示 首先来到YXCMS的demo站点http://demo.yxcms.net 然后注册个账号，在邮箱那里直接插入"/ 可以看到没有任何过滤，直接提示信息编辑成功 返回后直接弹窗 上次截止到这里就停了，并没有看能不能打后台，因为他这个demo是不提供后台演示的（可能怕被后台拿shell吧，哈哈 https://images.seebug.org/upload/201501/20104758ae72a78e0...

Zeeways Adserver Multiple Vulnerabilities

No description provided by source. Exploit Title: Zeeways Adserver Multiple Vulnerabilities Date: 06.11.2010 Author: Valentin Category: webapps/0day Version: Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information...

Oracle WebCenter Sites Local Installation Detection

Binary data oraclewebcentersitesinstalled.nbin...