14 matches found
Exploit for OS Command Injection in Opentsdb
opentsdbkeycmdinjection An exploit for OpenTSDB -l -p -...
Oxeye warns of SSRF Vulnerability in Owncast, SQL Injection Flaws in EaseProbe
By Waqas Owncase is a self-hosted live video streaming software, while EaseProbe is a lightweight and standalone health status checking tool. This is a post from HackRead.com Read the original post: Oxeye warns of SSRF Vulnerability in Owncast, SQL Injection Flaws in EaseProbe...
GHSA-4C32-W6C7-77X4 SQL injection when using MySQL/PostgreSQL data checking
An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0; users should upgrade to this version. The vulnerability was discovered by the Oxeye research team...
SQL injection when using MySQL/PostgreSQL data checking
An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0; users should upgrade to this version. The vulnerability was discovered by the Oxeye research team...
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution
A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of sandbox protections and achieve code execution. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring...
Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform
Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability CVSS score: 9.8, at its core, takes advantage of a critical sandbox escape in vm2...
Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host...
GHSA-XX9W-464F-7H6F Harbor fails to validate the user permissions when updating a robot account
Impact Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. API call: PUT /robots/robotid By sending a request that attempts to update a robot account, and specifying a robot account id and robot...
Harbor fails to validate the user permissions when updating a robot account
Impact Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. API call: PUT /robots/robotid By sending a request that attempts to update a robot account, and specifying a robot account id and robot...
GHSA-8C6P-V837-77F6 Harbor fails to validate the user permissions when updating tag immutability policies
Impact Harbor fails to validate the user permissions when updating tag immutability policies - API call: PUT /projects/projectnameorid/immutabletagrules/immutableruleid By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated...
Harbor fails to validate the user permissions when updating tag immutability policies
Impact Harbor fails to validate the user permissions when updating tag immutability policies - API call: PUT /projects/projectnameorid/immutabletagrules/immutableruleid By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated...
GHSA-JF8P-3VJH-PQ94 Harbor fails to validate the user permissions when viewing Webhook policies
Impact Harbor fails to validate the user permissions to view Webhook policies including relevant credentials configured in different projects the user doesn’t have access to, resulting in malicious users being able to read Webhook policies of other users/projects. API call is GET...
Harbor fails to validate the user permissions when viewing Webhook policies
Impact Harbor fails to validate the user permissions to view Webhook policies including relevant credentials configured in different projects the user doesn’t have access to, resulting in malicious users being able to read Webhook policies of other users/projects. API call is GET...
Harbor fails to validate the user permissions when updating tag retention policies
Impact Harbor fails to validate the user permissions when updating tag retention policies. API call: PUT /retentions/id By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modif...