Rocky Linux 8 : unbound (RLSA-2024:1751)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1751 advisory. - A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...

Important: unbound

Issue Overview: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw...

CVE-2024-4128

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

Firebase CLI 安全漏洞

Firebase CLI is a command line tool from Firebase Inc. in the United States. A security vulnerability exists in Firebase CLI, which originated from a vulnerability that allows a user who is running the emulator to exploit the vulnerability to navigate to a malicious website on a browser that allo...

Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2024-604)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-604 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over...

Exploit for Improper Access Control in Joomla Joomla\!

Installation sh git clone h...

Privilege Escalation

Ant Media Server is vulnerable to Privilege Escalation. The vulnerability is caused by running Java Management Extensions JMX with authentication disabled on localhost on port 5599. This allows unprivileged users to connect locally and leverage MLet Bean within JMX to load a remote MBean from an...

unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

AlmaLinux 8 : unbound (ALSA-2024:1751)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1751 advisory. - A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...

unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

Lektor does not sanitize database path traversal

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

GHSA-WV28-7FPW-FJ49 Lektor does not sanitize database path traversal

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

PYSEC-2024-49

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

UBUNTU-CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

PYSEC-2024-49

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...