Lucene search
K

229 matches found

OSV
OSV
added 2021/03/03 4:15 a.m.5 views

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

6.5CVSS6.6AI score0.00919EPSS
Exploits0References4
NVD
NVD
added 2021/03/03 4:15 a.m.27 views

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

6.5CVSS0.00919EPSS
Exploits0References4
Prion
Prion
added 2021/03/03 4:15 a.m.25 views

Improper access control

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

4CVSS6.5AI score0.00919EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/03/03 3:25 a.m.40 views

CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

8.2AI score0.00968EPSS
Exploits0References4
CVE
CVE
added 2021/03/03 3:25 a.m.111 views

CVE-2021-22861

GitHub Enterprise Server vulnerability CVE-2021-22861: An improper access control issue allowed authenticated users to write to unauthorized repositories via crafted pull requests and REST API calls. Affected versions include ranges listed in PT-2021-15234: 2.4.21–2.20.23, 2.21.0–2.21.14, 2.22.0–...

6.5CVSS6.5AI score0.00919EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/03/03 12:0 a.m.4 views

GitHub Enterprise Server 安全漏洞

GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server that allows instances of authenticated users to gain write access to unauthorized repositories via specially designed pull requests and REST API...

6.5CVSS6.5AI score0.00919EPSS
Exploits0References4
Kitploit
Kitploit
added 2021/03/01 8:30 p.m.84 views

Halogen - Automatically Create YARA Rules From Malicious Documents

Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 halogen.py -h usage: halogen.py -h -f FILE -d DIR -n NAME --png-idat --jpg-sos Halogen: Automatically create yara rules based on images embedded in office...

7.4AI score
Exploits0References1
Hacker One
Hacker One
added 2020/12/23 6:42 p.m.148 views

GitHub Security Lab: 3,880 Pull Requests Generated to fix JHipster RNG Vulnerability CVE-2019-16303

This bug was reported directly to GitHub Security Lab...

7.5CVSS1.1AI score0.03673EPSS
Exploits1
Kitploit
Kitploit
added 2020/07/14 12:30 p.m.37 views

X64Dbg - An Open-Source X64/X32 Debugger For Windows

An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog! Screenshots Installatio...

7.3AI score
Exploits0References19
Kitploit
Kitploit
added 2020/07/06 9:30 p.m.99 views

Git All The Payloads! A Collection Of Web Attack Payloads

Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists -...

6.5AI score
Exploits0References38
HackRead
HackRead
added 2019/11/28 8:37 p.m.82 views

React Prereleases-Preparing for the Future

By Owais Sultan Recently, React has come up with prerelease channels to update users with the latest changes taking place in the React ecosystem. They spoke about this through a blog published on their React website. React relies on an open-source community to report bugs, open pull requests and...

2.5AI score
Exploits0
Fedora
Fedora
added 2019/02/24 2:33 a.m.20 views

[SECURITY] Fedora 29 Update: pagure-5.3-1.fc29

Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects...

5.9CVSS2.8AI score0.00901EPSS
Exploits0
Kitploit
Kitploit
added 2019/02/22 12:39 p.m.214 views

BeEF - The Browser Exploitation Framework Project

What is BeEF? BeEF is short for The BrowserExploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual securi...

7.4AI score
Exploits0References7
Kitploit
Kitploit
added 2019/01/04 12:34 p.m.118 views

XSRFProbe - The Prime Cross Site Request Forgery Audit And Exploitation Toolkit

XSRFProbe is an advanced Cross Site Request Forgery CSRF/XSRF Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate maliciously exploitable...

7.5AI score
Exploits0References11
Kitploit
Kitploit
added 2018/12/19 9:22 p.m.1327 views

Wordlistctl - Fetch, Install And Search Wordlist Archives From Websites And Torrent Peers

Script to fetch, install, update and search wordlist archives from websites offering wordlists with more than 1800 wordlists available. In the latest version of the Blackarch Linux it has been added to /usr/share/wordlists/ directory. Installation pacman -S wordlistctl Usage sepehrdad@blackarch-d...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2018/09/06 12:53 p.m.69 views

ExchangeRelayX - An NTLM Relay Tool To The EWS Endpoint For On-Premise Exchange Servers (Provides An OWA For Hackers)

Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...

6.7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2017/09/27 12:0 a.m.35 views

Kallithea < 0.3.2 Multiple Vulnerabilities

Kallithea is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kallithea:kallithea"; ifdescripti...

8.8CVSS7.7AI score0.00852EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/24 12:0 a.m.6 views

Atlassian Bitbucket Server Directory Traversal Vulnerability

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff view, JIRA integration and build integration. A directory traversal vulnerability exists in the pull requests resource in Atlassian...

4.3CVSS7AI score0.01755EPSS
Exploits0References1
NVD
NVD
added 2017/04/24 6:59 p.m.21 views

CVE-2016-3114

Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access...

6.5CVSS6.2AI score0.00852EPSS
Exploits0References1
Prion
Prion
added 2017/04/24 6:59 p.m.14 views

Design/Logic Flaw

Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access...

4CVSS6.7AI score0.00852EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder