GHSA-H7CM-MRVQ-WCFR Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. The current implementation of BaseUser.login leaks enough information to a malicio...

MAL-2023-8358 Malicious code in aws-consoler2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b37bd86b6f9bda9d03029c9d2fa09561b2b43cda7c3fddda1389c8e193c4a938 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

The owner of the PrincipalToken can redeem the asset from escrow before the selected time period expires

Lines of code Vulnerability details Impact After calling the create function, the owner of the DelegateToken gains delegate rights for the duration of the escrow. The documentation for the competition states: "The holder of the PrincipalToken will have the right to redeem the boredom ape from...

LG Simple Editor Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Simple Editor Remote Code Execution', 'Description' = %q This Metasploit module exploits broken access control and directory traversal...

This Week in Spring - September 5th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? I just got back from another fabulous labor day weekend, and am headed to Oslo, Norway, for the fabulous JavaZone 2023 event. This will be my first time returning to lovely Oslo, Norway, since the pandemic! I can...

WEBIGniter 28.7.23 Shell Upload

Title: WEBIGniter-28.7.23 File Upload - RCE Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacker...

Ivanti Avalanche < v6.4.0.0 - Remote Code Execution Exploit

""" Exploit Title: Ivanti Avalanche IIIss'.formatself.namesize, self.valuesize, self.type, self.namesize, self.valuesize, self.name, self.value Create a header structure class HP: def initself, hdr, payload: self.hdr = hdr self.payload = payload self.pad = b'\x00' 16 - lenself.hdr + lenself.paylo...

MAL-2023-8354 Malicious code in alibabacloud-vpc20180317 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c24b33d1db8fffd5daaf1985d25add4bc66e7879e1a6efbc7ae706816931834 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

Input validation

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...

Security Bulletin: Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.

Summary Mozilla Firefox ESR is used by IBM Cloud Pak for Multicloud Management Monitoring as part of the selenium scripts / tests agent. Vulnerability Details CVEID:CVE-2023-29539 DESCRIPTION: Mozilla Firefox could allow a remote attacker to download arbitrary files, caused by the truncation of...

GHSA-Q3MW-PVR8-9GGC vulnerabilities

Vulnerabilities for packages: tomcat...

Design/Logic Flaw

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...

Minimal `basti` IAM Policy Allows Shell Access

Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...

CVE-2023-41124

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

OSV-2023-715 Stack-use-after-scope in ulocimp_addLikelySubtags_74

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61582 Crash type: Stack-use-after-scope READ 3 Crash state: ulocimpaddLikelySubtags74 ulocisRightToLeft74 ulocisrighttoleftfuzzer.cpp...

Jorani unauthenticated Remote Code Execution

This module exploits an unauthenticated Remote Code Execution in Jorani prior to 1.0.2. It abuses 3 vulnerabilities: log poisoning and redirection bypass via header spoofing, then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0. Module Options msf use...

PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Misaligned Epoch Calculation for Reward Claims

Lines of code Vulnerability details Impact When users attempt to claim rewards, the contract calculates the claimEnd and subsequently updates the userClaimedEpoch using claimEnd + WEEK. This might result in misaligned epochs in scenarios where claimUpToTimestamp is less than or more than a week. ...

Missing access control in RngRelayAuction::rngComplete()

Lines of code Vulnerability details For a draw auction to complete, a bot must relay a completed RNG result to the Prize Pool. This is done by calling rngComplete and the data must originate from the relayer. However the rngComplete function is missing a check that the msg.sender is the relayer s...

Savant Web Server 3.1 Remote Buffer Overflow

Exploit Title: Savant Web Server 3.1 - Remote Buffer Overflow Egghunter Date: 30/07/2023 Exploit Author: 0xBOF90 Vendor Homepage: link Version: app version 3.1 Tested on: Windows 10 import socket import sys try: server = b"192.168.56.102" \x00\x0a\x0d\x25 port = 80 size = 253 msfvenom -p...