FROST 安全漏洞

FROST is a Rust library open-sourced by the Zcash Foundation. A security vulnerability exists in FROST versions 2.0.0 through 2.1.0, which stems from the fact that refreshing shares with smaller minsigners reduces group security...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition that occurs during scheduling and refreshing work...

GHSA-8WX3-8M4X-G5H4 FOSUserBundle User Identity Validation Vulnerability

Versions of FOSUserBundle prior to 1.2.1 have been found to be vulnerable to a security issue related to user identity validation. Specifically, user refreshing was performed using the primary key instead of the username, leading to a potential security risk if a user is allowed to change their...

Authelia's Group Changes may not have the expected results (YAML file backend)

Impact Under very specific conditions changes to a users groups may not have the expected results. The specific conditions are: The file authentication backend is being used. The watch option is set to true. The refreshinterval is configured to a non-disabled value. The users groups are adjusted ...

WEM Admin Console hangs while refreshing Agent Cache for some Agents via Console

When refreshing agent cache from Citrix WEM Console, the console freezes and have to kill and re-connect to get it working again. The issue happens only if specific agent machines are selected for the refresh cache action...

F5 Big-IP Create Administrative User

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'F5 Big-IP Create Admin User', 'Description' = %q This creates a local user with a username/password and root-level privileges...

NimPackt-v1 - Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit

ByCas van Cooten @chvancooten With special thanks to Marcello Salvati @byt3bl33der and Fabian Mosch @S3cur3Th1sSh1t Description Update: NimPackt-v1 is among the worst code I have ever written I was just starting out learning Nim. Because of this, I started on a full rewrite of NimPackt, dubbed...

Dashboard is not working , lend positiona are still loading, the same is for Lend button, Lend Amount to lend is not refresjing

Handle 0v3rf10w Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Open Sesame - A Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored

A python tool which runs to display random publicly disclosed Hackerone reports when bored. Automatically opens the report in browser. Contains Over 8k Publicly disclosed Hackerone reports and addtl. wordlist of 700 bug bounty writeups. This is a productivity tool for security enthusiasts and bug...

Cross site request forgery (csrf)

A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to...

CVE-2015-5225

Buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the serve...

CVE-2011-4305

message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service infinite request loop via a URL that specifies a zero wait time for message refreshing...

Cross site request forgery (csrf)

message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service infinite request loop via a URL that specifies a zero wait time for message refreshing...

CVE-2011-4305

message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service infinite request loop via a URL that specifies a zero wait time for message refreshing...

Fixed the user refreshing to check the identity by primary key instead of username

Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...

Ubuntu 8.04 LTS / 8.10 : libpam-krb5 vulnerabilities (USN-719-1)

It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...