CVE-2023-41044

Graylog exposes a partial path traversal vulnerability in its Support Bundle feature (requires valid Admin credentials). The issue stems from improper input validation in an HTTP API resource, allowing reading or deleting files under sibling directories of the support-bundle directory (data_dir d...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 En este caso, os comparto los archivos necesar...

GOM Player 2.3.90.5360 MITM / Remote Code Execution Exploit

GOM Player version 2.3.90.5360 man-in-the-middle proof of concept remote code execution exploit. Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/...

PT-2023-9475 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a deadlock scenario in the Linux kernel's dma-debug component. The dma entry alloc check leak function calls into printk and grabs the port-lock under the free...

CVE-2023-40577

Prometheus Alertmanager is vulnerable to cross-site scripting due to improper validation of user-supplied input by the /api/v1/alerts endpoint. This issue could allow a remote attacker to inject malicious script into a web page, which would be executed in a victim's web browser within the hosting...

Citrix Provisioning Services - Reverse Image General Process After BSOD Or Hang

Updating 3rd party software in a vDisk or vDisk version including but not limited to, Windows Updates, hypervisor specific network tools & drivers, security software, medical imaging software and more results in a Target Device BSOD, hang or freeze, post install. The vDisk may be required to be...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831-winrar-expoit-simple-Poc Very important I h...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831-winrar-expoit-simple-Poc Very important I h...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

OBTENCIÓN DE REVERSE SHELL EXPLOTANDO LA VULNERABILIDAD CVE-20...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

OBTENCIÓN DE REVERSE SHELL EXPLOTANDO LA VULNERABILIDAD CVE-20...

Fixed in Apache Tomcat 11.0.0-M11

Moderate: Open redirect CVE-2023-41080 If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. This was fixed with commit e3703c9a. This issue was reported ...

Integer overflow

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

CVE-2023-40022

CVE-2023-40022 affects Rizin (and Cutter) with an integer overflow in consume_count inside src/gnu_v2/cplus-dem.c for versions 0.6.0 and earlier. The overflow hinges on missing modulus after a multiplication by 10, which the compiler treats as dead code, enabling the overflow. A fix was introduce...

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. Patches Users can upgrade to Alertmanager v0.2.51. Workarounds Users can setup a reverse proxy in front of the...

GHSA-V86X-5FM3-5P7J Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. Patches Users can upgrade to Alertmanager v0.2.51. Workarounds Users can setup a reverse proxy in front of the...

PT-2023-9332 · Unknown +5 · Alertmanager +5

Name of the Vulnerable Software and Affected Versions: Alertmanager versions prior to 0.2.51 Description: The issue is related to the improper neutralization of input data during web page generation in the /api/v1/alerts endpoint of the Alertmanager component in the Prometheus monitoring system. ...