32 matches found
challenge-yourself-level-1
Attack Path Lab !GitHubhttps://img.shields.io/badge/GitHu...
EUVD-2024-34459
Malicious code in bioql PyPI...
CVE-2024-33897
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024...
Silverstripe framework is vulnerable to XSS in install.php
During installation, certain parameters adminusername and adminpassword are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server...
GHSA-MQF5-275H-GF6R Silverstripe framework is vulnerable to XSS in install.php
During installation, certain parameters adminusername and adminpassword are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server...
CVE-2024-32047
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server...
CVE-2024-32047
The CVE concerns CyberPower PowerPanel Business software where hard-coded credentials for the test server exist in production code. Affects PowerPanel business (versions up to 4.9.0 and earlier per CNNVD/ICS notes) and could allow an attacker to bypass authentication and access testing or product...
CVE-2024-32047 CyberPower PowerPanel business Active Debug Code
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server...
CVE-2024-32047 CyberPower PowerPanel business Active Debug Code
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server...
Mail.ru: [app-01.youdrive.club] RCE in CI/CD via dependency confusion
Dependency confusion allowed remote code execution in youdrive CI/CD pipeline as was demonstrated by researcher via creation of public npmjs.com package matching internal dependancy. I've extracted and saved the content of package.json file for further research during investigating the previous...
MTN Group: Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history
Summary: Dear Security Team, I found some dangerous urls on your servers that reveal important informations about the servers configuration themself and that are very interesting from a hacker point of view. Steps To Reproduce: http://21days2017.mtncameroon.net/.bashhistory Remediation disable th...
Engel & Völkers Technology GmbH BBP: Source Code Disclosure at http://service.engelvoelkers.com/alert/_backups/app
Summary: I found the source code of http://service.engelvoelkers.com/, compressed in the file app.gz, which can be downloaded at http://service.engelvoelkers.com/alert/backups/app. It contains the source code, some source code back ups and other sensitive information such as production server mys...
GitLab: Access Projects And create projects in gitlab pre production server
Steps to reproduce Go to https://pre.gitlab.com Here any one can register and can view the pre production projects of gitlab developers. I have registered in https://pre.gitlab.com/users/signin and have created one test group and test project go to https://pre.gitlab.com/explore/groups i have...
rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...
Ruby on Rails 路径穿越与任意文件读取漏洞(CVE-2018-3760)分析
漏洞公告 该漏洞由安全研究人员 Orange Tsai发现。漏洞公告来自 https://groups.google.com/forum/!topic/rubyonrails-security/ftJ--l55fM There is an information leak vulnerability in Sprockets. This vulnerability has been assigned the CVE identifier CVE-2018-3760. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower,...
rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...
CVE-2018-3760
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...
Information disclosure
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...
CVE-2018-3760
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...
CVE-2018-3760
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...