12 matches found
GHSA-5RFV-66G4-JR8H RestrictedPython information leakage via `AttributeError.obj` and the `string` module
Impact A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. Patches The problem will be fixed in version 7.3. Workarounds If the application does not require access to the module string, it can remove it from...
CVE-2023-40626
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...
Information disclosure
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...
CVE-2023-40626 [20231101] - Core - Exposure of environment variables
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...
CVE-2022-24714
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...
Command Injection in Apache James
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...
CVE-2021-38542
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...
CVE-2021-38542
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...
Command injection
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...
CVE-2021-29502
WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...
CVE-2021-29502
WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...
CMS Ariadna 2009 - SQL Injection
Exploit Title : CMS Ariadna 2009 SQL Injection Date : 2010-04-19 Author : Andrés Gómez Contact : [email protected] Dork : "allinurl: detResolucion.php?tipodocid=" Exploit in Perl Start In Next Line: use LWP::Simple; Malicious users may inject SQL querys into a vulnerable application to fo...