emp3r0r 操作系统命令注入漏洞

emp3r0r is a Linux framework tool developed by Jimmy Mi. Versions of emp3r0r prior to 3.21.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the acceptance of untrusted proxy metadata during the check-in process, which was then inserted int...

lavinmq 安全漏洞

LavinMQ is an open-source message queue and streaming media server developed by CloudAMQP. Versions of LavinMQ prior to 2.6.6 contained a security vulnerability, which stemmed from the ability for authenticated users to access proxy metadata that they were not supposed to access...

USN-2325-1: OpenStack Nova vulnerability

Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration...