GHSA-9237-RG5P-RHFW @saltcorn/data: Tenant user role is used for tenant creation role check

Summary When a tenant admin is logged out of the root domain e.g., saltcorn.com but logged in to their own tenant space as admin, they can simply append /tenant/create to their tenant URL. The system reads the role from the tenant context admin, and a new tenant is created on the root domain in...

@saltcorn/data: Tenant user role is used for tenant creation role check

Summary When a tenant admin is logged out of the root domain e.g., saltcorn.com but logged in to their own tenant space as admin, they can simply append /tenant/create to their tenant URL. The system reads the role from the tenant context admin, and a new tenant is created on the root domain in...

PT-2024-29204 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue allows an untrusted application with access to only a non-secure fastrpc device node to attach to root pd or static PDs if it can make the respective init request. This can...

SUSE CVE-2008-4822

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy...

Server-side Request Forgery (SSRF)

Overview gibbon is a wrapper for MailChimp API 3.0 and Export API Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the concatenation of domains, it's possible to spoof the information and change the root domain via a crafted URL. Remediation Upgrade gibb...

CLSA-2022-1646085758 Fix of CVE: CVE-2021-23017

CVE-2021-23017: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name...

CLSA-2022-1646060645 Fix of CVE: CVE-2021-23017

CVE-2021-23017: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name...

CLSA-2021-1634922789 Fixed CVE-2021-23017 in nginx

Fixed CVE-2021-23017 : Off-by-one in ngxresolvercopy when - labels are followed by a pointer to a root domain name...

Fix of CVE: CVE-2021-23017

Fixed CVE-2021-23017 : Off-by-one in ngxresolvercopy when - labels are followed by a pointer to a root domain name...

CLSA-2021-1632261741 Fix of CVE: CVE-2021-23017

Fixed CVE-2021-23017 : Off-by-one in ngxresolvercopy when - labels are followed by a pointer to a root domain name...

goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material. What this tool does, is enumerate S3 bucket names using common patterns I have identifi...

jdmail 弱密码漏洞

JinDiMail邮箱系统是TurboMail基础上二次开发安装后 默认会有4个root域的账号，管理员及三个普通账号：postmaster管理员nobodysecbmsecsj默认密码为空漏洞利用过程http://xxx.com/mailmain?type=login&uid=secbm&pwd=&domain=root&style=enterprisehttp://xxx.com/mailmain?type=login&uid=...