7077 matches found
Exploit for Code Injection in Apache Airflow
Apache Airflow official report description says: A vulnerab...
Understanding Reverse Email Lookup: A Tool to Strengthen Cybersecurity
By Owais Sultan Reverse email lookup can be a handy tool for various tasks, ranging from verifying the senders identity, and… This is a post from HackRead.com Read the original post: Understanding Reverse Email Lookup: A Tool to Strengthen Cybersecurity...
Hidden - Windows Driver With Usermode Interface Which Can Hide Processes, File-System And Registry Objects, Protect Processes And Etc
Hidden has been developed like a solution for reverse engineering and researching tasks. This is a windows driver with a usermode interface which is used for hiding specific environment on your windows machine, like installed RCE programs ex. procmon, wireshark, vm infrastructure ex. vmware tools...
XAMPP 8.2.4 - Unquoted Path Vulnerability
Exploit Title: XAMPP 8.2.4 - Unquoted Path Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com/ Steps to...
Fedora: Security Advisory for rizin (FEDORA-2023-3dc1f9ba12)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for cutter-re (FEDORA-2023-3dc1f9ba12)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: rizin-0.5.2-1.fc38.2
Rizin is a free and open-source Reverse Engineering framework, providing a complete binary analysis experience with features like Disassembler, Hexadecimal editor, Emulation, Binary inspection, Debugger, and more. Rizin is a fork of radare2 with a focus on usability, working features and co de...
[SECURITY] Fedora 38 Update: cutter-re-2.2.1-1.fc38
Cutter is a Qt and C++ GUI for Rizin. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers...
SAP Web Dispatcher 缓冲区错误漏洞
SAP Web Dispatcher is the core component of Load Balancing from SAP, which supports load balancing and provides reverse proxy functionality so that external users can access internal applications. A buffer overflow vulnerability exists in SAP Web Dispatcher, which is caused by a logical error in...
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...
GHSA-6XXR-648M-GCH6 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...
Exploit for Classic Buffer Overflow in Extremenetworks Iq_Engine
CVE-2023-35803 - Unauthenticated RCE in Extreme Networks/Aer...
golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...
Exploit for Improper Initialization in Linux Linux_Kernel
CVE-2022-0847-Exploit-Implementation This is a POC showing ho...
Exploit for Path Traversal in Icinga Icinga_Web_2
Icinga Web 2 - Authenticated Remote Code Execution 2.8.6, 2.9...
GHSA-2Q4P-F6GF-MQR5 Graylog server has partial path traversal vulnerability in Support Bundle feature
A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...
Graylog server has partial path traversal vulnerability in Support Bundle feature
A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...
GHSA-R25M-CR6V-P9HQ ethyca-fides Webserver API Path Traversal vulnerability
Impact A path traversal directory traversal vulnerability affects fides versions lower than 2.15.1, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. Patches The vulnerability is patched in fides 2.15.1. Users should upgrade to this version...
ethyca-fides Webserver API Path Traversal vulnerability
Impact A path traversal directory traversal vulnerability affects fides versions lower than 2.15.1, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. Patches The vulnerability is patched in fides 2.15.1. Users should upgrade to this version...
CVE-2023-36456
authentik is affected prior to versions 2023.4.3 and 2023.5.5 because it does not verify the origin of the X-Forwarded-For and X-Real-IP headers in both Python and Go code. This can allow spoofing of IPs in logs and in downstream flows that rely on IP checks, and may enable bypassing IP-based pol...