GHSA-FR8X-3VFX-F45H gix and gitoxide: unvalidated submodule name traverses out of .git/modules and redirects state() / open() to another repository

Summary attachments: pocs.zip Submodule names coming from .gitmodules are exposed as unvalidated names and are later reused to derive the submodule git directory as: /modules/ Because the submodule name is joined directly as a filesystem path component, a name such as ../../../escaped-target.git...

Zabbix Agent Binaries Path Abuse Scanner

This scanner performs automated static analysis of Zabbix Agent binaries to detect hardcoded OpenSSL configuration paths that may enable provider or engine abuse. It identifies embedded OPENSSLDIR, ENGINESDIR, and MODULESDIR values, extracts OpenSSL version information, and checks for dynamic...

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

CVE-2025-1756

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...

PT-2025-8963 · Mongosh · Mongosh

Name of the Vulnerable Software and Affected Versions: mongosh versions prior to 2.3.0 Description: The issue concerns a local privilege escalation problem that could allow unauthorized actions on a user's system with elevated privileges. This occurs when a crafted file is stored in C: ode module...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

Design/Logic Flaw

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

SUSE CVE-2007-5641

Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter to 1 certinfo/index.php, 2 emails/index.php, 3 events/index.php, 4 fax/index.php, 5 files/index.php, 6...

metasploit-framework

This is an instance of the Metasploit Framework repository, a widely used penetration testing tool. The Metasploit Framework is a comprehensive platform for testing and exploiting vulnerabilities in computer systems and applications. It is a collection of tools and scripts that can be used to...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

Metasploit Web Crawler

This auxiliary module is a modular web crawler, to be used in conjunction with wmap someday or standalone. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Web Crawler. Author: Efrain Torres et at metasploit.com 2010...

DEBIAN-CVE-2008-2147

Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory...

vhostadmin 0.1 - MODULES_DIR Remote File Inclusion

vhostadmin 0.1 - MODULESDIR Remote File Inclusion | | \ | Dr Max Virus | / \ | | / / || \ / \ ------------------------------------------------------------------------------------------------------------------------ Script:vHostAdmin Affected Version:1.0 Risk:Highly Critical...

vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion

| | \ | Dr Max Virus | / \ | | / / || \ / \ ------------------------------------------------------------------------------------------------------------------------ Script:vHostAdmin Affected Version:1.0 Risk:Highly Critical...

CVE-2006-4544

Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbbhomepath parameter in files in the modules directory including 1 birstday/birst.php 2 birstday/select.php, 3...