GHSA-5RFV-66G4-JR8H RestrictedPython information leakage via `AttributeError.obj` and the `string` module

Impact A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. Patches The problem will be fixed in version 7.3. Workarounds If the application does not require access to the module string, it can remove it from...

CVE-2023-40626

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

Information disclosure

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

CVE-2023-40626 [20231101] - Core - Exposure of environment variables

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

CVE-2022-24714

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

Command Injection in Apache James

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

Command injection

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2021-29502

WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...

CVE-2021-29502

WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...

CMS Ariadna 2009 - SQL Injection

Exploit Title : CMS Ariadna 2009 SQL Injection Date : 2010-04-19 Author : Andrés Gómez Contact : [email protected] Dork : "allinurl: detResolucion.php?tipodocid=" Exploit in Perl Start In Next Line: use LWP::Simple; Malicious users may inject SQL querys into a vulnerable application to fo...