UBUNTU-CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

Rocky Linux 8 : grafana (RLSA-2022:1781)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1781 advisory. - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability fo...

Exploit for SQL Injection in Spiceworks Help_Desk_Server

Spiceworks Sort SQLi There's a SQLi in a sort parameter of...

Privilege escalation

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...

CVE-2023-46254 Service accounts can see namespaces of other tenants in capsule-proxy

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...

FreeBSD : h2o -- uninitialised memory access in HTTP3 (1d3677a8-9143-42d8-84a3-0585644dff4b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1d3677a8-9143-42d8-84a3-0585644dff4b advisory. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access...

Exploit for CVE-2023-3452

CVE-2023-3452-PoC - Wordpress Plugin Canto 3.0.5 - Remote...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425 Description Cross Site Scripting vulnerabil...

黑客工具测试

This is an offensive tool for a comprehensive hacking toolkit. The primary vulnerability class targeted is RCE Remote Code Execution, with various tools and modules available for different attack vectors, including SQL injection, phishing, web attacks, post-exploitation, and more. The tool is...

Exploit for OS Command Injection in Vm2_Project Vm2

CVE-2023-37903 Expl...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit...

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,"...

Request Smuggling org.apache.tomcat:tomcat-coyote in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an unauthenticated attacker t...

Exploit for Code Injection in Gitlab

gitlab-cve-2021-22205 A simple bash script that exploits CVE-2...

tomcat: incorrectly parsed http trailer headers can cause request smuggling

A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...

tomcat: incorrectly parsed http trailer headers can cause request smuggling

A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...

FujiFilm printer credentials encryption issue fixed

TL;DR Many multi-function printers made by FujiFilm Business Innovation Corporation Fujifilm which includes Apeos, ApeosPro, PrimeLink and RevoriaPress brands as well as Xerox Corporation Xerox which includes VersaLink, PrimeLink, and WorkCentre brands, allow administrators to store credentials o...

PT-2023-11380 · Dompurify · Dompurify

Name of the Vulnerable Software and Affected Versions: DOMPurify versions prior to 1.0.11 Description: The issue allows reverse tabnabbing due to links lacking a 'rel="noopener noreferrer"' attribute in demos/hooks-target-blank-demo.html. Recommendations: For versions prior to 1.0.11, update to...

CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...