1747 matches found
SUSE CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...
SUSE CVE-2021-34337
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
Authorization
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
DFShell - The Best Forwarded Shell
██████╗ ███████╗███████╗██╗ ██╗███████╗██╗ ██╗ ██╔══██╗██╔════╝██╔════╝██║ ██║███╔═══╝██║ ██║ ██║ ██║█████╗ ███████╗███████║█████╗ ██║ ██║ ██║ ██║██╔══╝ ╚════██║██╔══██║██╔══╝ ██║ ██║ ██████╔╝██║ ███████║██║ ██║███████╗████████╗███████╗ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚══════╝╚══════╝ D3Ext's...
CVE-2022-4335
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host...
CVE-2022-4335
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host...
RHEL 7 / 8 : OpenShift Container Platform 4.3.31 openshift (RHSA-2020:3183)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:3183 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...
Input validation
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
MashShare < 3.8.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...
quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE
A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...
quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE
A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...
PT-2022-6395 · Schneider Electric · Ecostruxure Power Commission
Name of the Vulnerable Software and Affected Versions: EcoStruxure Power Commission versions prior to V2.25 Description: A vulnerability exists that could cause unauthorized access to certain software functions when an attacker gains access to the localhost interface of the EcoStruxure Power...
Judging Management System 1.0 SQL Injection Vulnerability
Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Judging Management System v1.0 - Authentication Bypass Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection
The plugin does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. POST...
Contest Gallery < 19.1.5.1 - Author+ SQL Injection
The plugins do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php?page=/index.php&editgallery=1&wpmad...
Contest Gallery < 19.1.5 - Author+ SQL Injection
The plugins do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php...
Contest Gallery < 19.1.5 - Author+ SQL Injection
The plugins do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...
Contest Gallery < 19.1.5.1 - Author+ SQL Injection
The plugins do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...