SUSE CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

PT-2025-53429

Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 13.0.2 Forgejo version 11.0.7 and later Description The software contains a flaw related to the handling of symlinks within template repositories. This mishandling could allow attackers to write to unintended files,...

PHP Exec, PHP Command Shell, Find Sock

Execute a PHP payload as an OS command from a Posix-compatible shell. Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless...

org.apereo.cas:cas-server-support-shell (=5.2.0-RC2), org.apereo.cas:cas-server-webapp (>=5.2.0 <=5.2.6) +3 more potentially affected by CVE-2025-3986 via org.apereo.cas:cas-server-core-configuration-metadata-repository (>=5.2.0-RC2 <=5.2.6)

org.apereo.cas:cas-server-core-configuration-metadata-repository MAVEN version =5.2.0-RC2, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.6 Source cves: CVE-2025-3986 Source advisory: OSV:GHSA-MVWQ-HCRJ-F5X9...

PT-2023-30331 · Piccolo · Piccolo

Name of the Vulnerable Software and Affected Versions: Piccolo versions prior to 1.1.1 Description: The handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. This could allow a malicious user to have direct access to the database an...

ToRat - A Remote Administation Tool Written In Go Using Tor As A Transport Mechanism And RPC For Communication

A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients. How to How to use ToRat Preview Current Features RPC Remote procedure Call based communication for easy addition of new functionallity Automatic upx...

Centreon 19.10.5 - Pollers Remote Command Execution

Centreon 19.10.5 - Pollers Remote Command Execution Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested...

Insecure Randomness

Overview org.apereo.cas:cas-server-support-shell is a package for the CAS command-line shell provides the ability to query the CAS server for help on available settings/modules and various other utility functions. Affected versions of this package are vulnerable to Insecure Randomness. A insecure...

New Relic: newrelic.com rails directory traversal vuln

details: https://github.com/omarkurt/cve-2014-0130 POC: GET /devops/%5c%2e%2e%2f%5c%2e%2e%2f%5c%2e%2e%2fGemfile HTTP/1.1 Cookie: Host: newrelic.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/537.21 KHTML, like Gecko...

winwebmail mention the right-vulnerability warning-the black bar safety net

Another collection below winwebmail default installation path, this is for if in Start—program there is no winwebmail shortcut. c:\winwebmail\web if you cannot browse to change to the d:\winwebmail\web\ In addition, if you can not find the path please use Registry to read the...