CVE-2022-31139

UnsafeAccessor UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up SecurityCheck.AccessLimiter for UA to...

Path Traversal

spring-boot-actuator-logview is vulnerable to Path Traversal. The vulnerability exists in the securityCheck function of LogViewEndpoint.java because it does not properly validate relative paths, allowing an attacker to access files outside the expected directory through the path such as /usr/outn...

GHSA-CR6P-23CF-W9G9 UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance()

Overview Affected versions have no limit to using unsafe-accessor. Can be ignored if SecurityCheck.AccessLimiter not setup Details If UA was loaded as a named module, the internal data of UA will be protected by JVM and others can only access UA via UA's standard api. Main application can setup...

Windows‌ ‌Exploitation‌ ‌Tricks:‌ ‌Spoofing‌ ‌Named‌ ‌Pipe‌ ‌Client‌ ‌PID‌

Posted by James Forshaw, Project Zero While researching the Access Mode Mismatch in IO Manager bug class I came across an interesting feature in named pipes which allows a server to query the connected clients PID. This feature was introduced in Vista and is exposed to servers through the...

XSSER - From XSS to RCE

From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Requirements Python 2.7., version 2.7.11 was used for...

Joomla! SecurityCheck and SecurityCheck Pro SQL Injection Vulnerability

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . SecurityCheck and SecurityCheck Pro are among the network security extension components. A SQL injection vulnerability exists in...

Joomla! SecurityCheck and SecurityCheck Pro Extension HTML Injection Vulnerability

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . SecurityCheck and SecurityCheck Pro are among the network security extension components. An HTML injection vulnerability exists ...

Joomla SecurityCheck 2.8.9 XSS / SQL注入

No description provided by source...

SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9

Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 possibly below resolution: update to version 2.8.10 update notice: https://securitycheck.protegetuordenador.com/index.php/downloads/securitycheck-j3x...

Joomla! Extension SecurityCheck 2.8.9 - Multiple Vulnerabilities

Exploit for php platform in category web applications Information ------------------------------ Advisory by ADEO Security Team Name: Stored XSS and SQL Injection in Joomla SecurityCheck extension Affected Software : SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 possibly below...

Joomla! Component SecurityCheck 2.8.9 - Multiple Vulnerabilities

Information ------------------------------ Advisory by ADEO Security Team Name: Stored XSS and SQL Injection in Joomla SecurityCheck extension Affected Software : SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 possibly below Vendor Homepage :...

Joomla! Component SecurityCheck 2.8.9 - Multiple Vulnerabilities

Joomla! Component SecurityCheck 2.8.9 - Multiple Vulnerabilities Information ------------------------------ Advisory by ADEO Security Team Name: Stored XSS and SQL Injection in Joomla SecurityCheck extension Affected Software : SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 possib...

Joomla SecurityCheck 2.8.9 Cross Site Scripting / SQL Injection

Information ------------------------------ Advisory by ADEO Security Team Name: Stored XSS and SQL Injection in Joomla SecurityCheck extension Affected Software : SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 possibly below Vendor Homepage :...

Fedora Update for python-djblets FEDORA-2013-17449

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...