Lucene search
K

54 matches found

The Hacker News
The Hacker News
added 2023/06/28 7:24 a.m.58 views

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution RCE on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping ORM library and prepared statements," SonarSource researcher Thomas...

9.8CVSS8.3AI score0.0115EPSS
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.353 views

Icinga Web 2.10 - Arbitrary File Disclosure

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...

7.5CVSS7.7AI score0.89378EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/01/24 12:0 a.m.647 views

Cacti 1.2.22 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti 1.2.22 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...

9.8CVSS9.8AI score0.99826EPSS
Exploits48
The Hacker News
The Hacker News
added 2023/01/14 8:11 a.m.2 views

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to ...

9.8CVSS8.5AI score0.99826EPSS
Exploits52
The Hacker News
The Hacker News
added 2023/01/14 8:11 a.m.76 views

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to ...

9.8CVSS0.5AI score0.99826EPSS
Exploits52
The Hacker News
The Hacker News
added 2022/10/04 3:9 p.m.43 views

Researchers Report Supply Chain Vulnerability in Packagist PHP Repository

Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of Packagist," SonarSource researcher Thomas...

8.8CVSS1.2AI score0.04849EPSS
Exploits1
GithubExploit
GithubExploit
added 2022/09/17 7:58 a.m.561 views

Exploit for CRLF Injection in Catchethq Catchet

CVE-2021-39172 Cachet 2.4: Code Execution via Laravel C...

8.8CVSS9AI score0.29172EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/08/10 6:59 a.m.193 views

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 CVSS score: 7.5, the issue concerns a path...

7.8CVSS2.2AI score0.98975EPSS
Exploits13
The Hacker News
The Hacker News
added 2022/08/05 5:54 a.m.114 views

CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 CVSS score:...

7.5CVSS2AI score0.85398EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/06/14 3:13 p.m.94 views

New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially...

7.5CVSS0.2AI score0.85398EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/05/14 1:43 a.m.26 views

Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API

A vulnerability in the API of SonarSource SonarQube before 7.5 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the...

4.3CVSS4.4AI score0.0115EPSS
Exploits1References5Affected Software1
The Hacker News
The Hacker News
added 2022/04/21 10:48 a.m.50 views

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability ... can be easily exploited by an attacker by sending a malicious email to a victim that uses...

5.6AI score0.01051EPSS
Exploits1
SonarSource Blog
SonarSource Blog
added 2022/01/06 12:0 a.m.73 views

Vulnerability Research Highlights 2021

At SonarSource we are constantly improving our code analyzers to help developers write Clean Code. The detection of severe code vulnerabilities plays an important role in this process so that applications are protected from attacks and security breaches. For this same reason, our research team...

2.1CVSS6.7AI score0.02018EPSS
Exploits5
SonarSource Blog
SonarSource Blog
added 2021/10/27 12:0 a.m.50 views

Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD

GoCD, written in Java, is a popular CI/CD solution with a large range of users from NGOs to Fortune 500 companies with billions of dollars in revenue. Naturally, this makes it a critical piece of infrastructure and an extremely attractive target for attackers. In order to automate build and relea...

0.28039EPSS
Exploits2
ThreatPost
ThreatPost
added 2021/10/19 9:42 p.m.83 views

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

An out-of-bounds read vulnerability in the Squirrel programming language lets attackers break out of sandbox restrictions and execute arbitrary code within a Squirrel virtual machine VM, thus giving a malicious actor complete access to the underlying machine. Given where Squirrel lives – in games...

10CVSS9.7AI score0.02177EPSS
Exploits1References11
SonarSource Blog
SonarSource Blog
added 2021/09/14 12:0 a.m.8 views

Product portals open: we want your input

SonarSource was born from open source software and most of what we do remains FLOSS, so openness and transparency have always been fundamental principles. With a recent change in how we approach product management, we've gone even further. We've recently opened up product portals on Productboard...

Exploits0
Github Security Blog
Github Security Blog
added 2021/08/30 4:11 p.m.66 views

Cachet vulnerable to forced reinstall

Impact Authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. Patches This issue was addressed by improving the middleware ReadyForUse, which now performs a stricter validation of the...

8.8CVSS8.8AI score0.02362EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:11 p.m.54 views

Cachet vulnerable to new line injection during configuration edition

Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...

8.8CVSS9.1AI score0.29172EPSS
Exploits2References6Affected Software1
SonarSource Blog
SonarSource Blog
added 2021/08/24 12:0 a.m.25 views

Compilation database: An alternative way to configure your C or C++ analysis

Analyzing C or C++ code requires - in addition to the source code - the configuration that is used to build the code. At SonarSource, we have provided a tool to automate the extraction of this information, the build wrapper. This tool has been used successfully with many projects, yet there are...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/07/27 5:30 p.m.298 views

Zimbra Server Bugs Could Lead to Email Plundering

Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say. In a Tuesday writeup, SonarSource called it a “drastic” situation, given Zimbra’s...

9.8CVSS8.6AI score0.99986EPSS
Exploits6References11
Rows per page
Query Builder