164 matches found
Command Execution Vulnerability in jeewms
jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms has a command execution vulnerability. Attackers can use this vulnerability to obtain server privileges...
Design/Logic Flaw
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary...
Threatspec - Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source...
Alibaba Canal suffers from information leakage vulnerability
canal is an open source project under Alibaba , pure Java development. Alibaba Canal has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Canal has an unauthorized access vulnerability
canal is an open source project under Alibaba , pure Java development. canal has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...
vulhub
It is an offensive tool for Docker environments. The primary vulnerability is not specified, but the repository contains a collection of vulnerable Docker environments, including CouchDB, FFmpeg, Git, InfluxDB, and others. The environments are designed to be vulnerable to various attacks, allowin...
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...
ReconNote - Web Application Security Automation Framework Which Recons The Target For Various Assets To Maximize The Attack Surface For Security Professionals & Bug-Hunters
Web Application Security ReconAutomation Framework It takes user input as a domain name and maximize the attack surface area by listing the assets of the domain like - Subdomains from - Amass ,findomain, subfinder & resolvable subdomains using shuffledns Screenshots Port Scan JS files Httpx Statu...
Microsoft Azure Flaws Open Admin Servers to Takeover
Researchers have disclosed two flaws in Microsoft’s Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft...
Design/Logic Flaw
In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...
Arbitrary Code Execution Vulnerability in imcat
Intimate cat imcat is a PHP + MySQL architecture and design of a general-purpose website system, simple, lightweight, practical, sharing, permanent open source free of charge. imcat arbitrary code execution vulnerabilities , attackers can exploit the vulnerability to write malicious code to obtai...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...
Security advisory YSA-2020-01 | Yubico
Yubico received a report from LinkedIn Information Security indicating there is insufficient data validation in the open-source project for YubiKey Validation Server git: yubikey-val. Yubico verified the issue and has made a security update available to mitigate this issue and enhance the...
WebKit Multiple Cross Site Scripting and Memory Corruption Vulnerabilities
Description WebKit is prone to multiple cross-site scripting and memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple iCloud 6.0 Appl...
Docker Command Injection Vulnerability
Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...
File upload vulnerability in yzncms system
YznCMS also known as Otaku Male cms is a completely open source project , based on ThinkPHP5.1.X latest version , the framework is easy to expand the functionality , code maintenance , to facilitate the secondary development To help developers simply and efficiently reduce the cost of the seconda...
Smoothwall Express 3.1-SP4-polar-x86_64-update9 Cross Site Scripting
Exploit Title: Smoothwall Express 3.1-SP4-polar-x8664-update9 | Cross-Site Scripting Date: 06.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.smoothwall.org Software Link: https://sourceforge.net/projects/smoothwall/files/SmoothWall/3.1%20SP4/Express-3.1-SP4-x8664.iso/download...
CloudSploit Scans - AWS Security Scanning Checks
CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks. Installation Ensure that NodeJS is installed. If not, instal...
Android Security Bulletin—December 2017Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2017-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check & update your Android version. Android partners are...
Google Android AOSP Messaging Information Disclosure Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA in the U.S. AOSP Messaging is one of the SMS sending applications. An information disclosure vulnerability exists in Google Android AOSP Messaging. Attackers can use this...