7081 matches found
PT-2021-18307 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can cause a denial of service via a FPE runtime error in tf.raw ops.Reverse. This ...
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204-exiftool Python exploit for the CVE-2021-22204...
CVE-2021-29509
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...
DEBIAN-CVE-2021-29471
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
PYSEC-2021-135
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
PYSEC-2021-135
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
Design/Logic Flaw
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
tomcat -- HTTP request smuggling in multiple versions
Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored...
CVE-2021-29490
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...
Server side request forgery (ssrf)
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...
CVE-2021-29490 Unauthenticated GET requests through Remote Image endpoints
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...
golang: data race in certain net/http servers including ReverseProxy can lead to DoS
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...
OS Command Injection in sztheory/exifcleaner
✍️ Description Command Injection using XSS via EXIF Data. The application displays the image metadata in HTML format without removing malicious tags, therefore an XSS attack can be performed. bash exiftool -Comment='OverJT' MYIMAGE.png Being an application made in electron, it allows to easily...
Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode (655 bytes)
Shellcode Title: Windows/x64 - Inject All Processes with Meterpreter Reverse Shell 655 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Shellcode Description: 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse...
[SECURITY] Fedora 34 Update: nginx-1.20.0-2.fc34
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[SECURITY] Fedora 33 Update: nginx-1.20.0-2.fc33
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
PwnLnX - An Advanced Multi-Threaded, Multi-Client Python Reverse Shell For Hacking Linux Systems
An advanced multi-threaded , multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free to help out with the development. Disclaimer : This reverse shell should only be used in the lawful, remote administration of authorized systems. Accessing a comput...