131 matches found
MGASA-2023-0167 Updated connman packages fix security vulnerability
client.c in gdhcp in ConnMan could be used by network-adjacent attackers operating a crafted DHCP server to cause a stack-based buffer overflow and denial of service, terminating the connman process. CVE-2023-28488...
Motorola SmartPTT SCADA 安全漏洞
Motorola SmartPTT SCADA is an integrated voice and data scheduling software application from Motorola USA. A security vulnerability exists in Motorola SmartPTT SCADA version 1.1.0.0. An attacker could exploit the vulnerability by writing a malicious C script and executing code on the server...
CVE-2023-22974
A Path Traversal in setup.php in OpenEMR 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server...
Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was...
Debian dla-3208 : libvarnishapi-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3208 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3208-1 [email protected]...
CVE-2022-42902
In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...
GHSA-9XGJ-FCGF-X6MW Poetry Argument Injection can lead to Local Code Execution
Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...
CVE-2022-36069
Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...
PYSEC-2022-266
Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...
CVE-2022-36069 Poetry Argument Injection vulnerability can lead to local Code Execution
Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...
CVE-2014-3648
The CVE-2014-3648 issue concerns the simplepush server, where notifications are pushed for each registered installation using a deviceToken supplied by the user. The vulnerability arises because a bogus application can register with bad deviceTokens or point to arbitrary HTTP endpoints. This can ...
SAP BusinessObjects Business Intelligence Platform XML外部实体注入漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and enable...
Unrestricted file upload
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...
CVE-2021-42171
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...
CVE-2021-36582
Kooboo CMS 2.1.1.0 is affected by a vulnerability that allows uploading a remote shell (aspx) to the server and then triggering it to receive a reverse shell from the victim server. The uploaded file is placed at /Content/Template/root/reverse-shell.aspx and can be invoked by visiting that URL. P...
Weak Password Vulnerability in Huazhou Private Cloud-CDN Live Streaming Acceleration Server
Shenzhen Huashimida Information Technology Co., Ltd. is a smart hotel IT service provider. A weak password vulnerability exists in the Huashi Private Cloud-CDN live streaming acceleration server, which can be exploited by attackers to obtain sensitive information...
WCMS Directory Traversal Vulnerability
WCMS is a content management system CMS that uses an open web interface to build websites. A directory traversal vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to read arbitrary files on the server running the application via the path parameter of wex/cssjs.php...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Sophos Unified_Threat_Management_Software
SSHTron SSHTron is a multiplayer lightcycle game that runs through SSH. 通过下面命令连接到游戏: $ ssh 192.168.1.111:2022 Controls: WASD or vim keybindings to move do not use your arrow keys. Escape or Ctrl+C to exit. Want to choose color yourself? 有7种颜色可供选择: Red, Green, Yellow, Blue, Magenta, Cyan and White...
HTTP Host Header Injection
A host header injection is inserting both the carriage return and linefeed characters into user input to trick the server. Successful exploitation could allow attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
PhreeBooks ERP 5.2.5 Remote Command Execution
Exploit Title: PhreeBooks ERP 5.2.5 - Remote Command Execution Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.4, v5.2.5 Tested on: Xampp Credit: İsmail BOZKURT...