5315 matches found
CVE-2024-38475
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
CVE-2024-38475
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
CVE-2024-6424
The CVE-2024-6424 entry describes an External server-side request vulnerability in MESbook (version 20221021.03) allowing remote, unauthenticated attackers to exploit endpoints /api/Proxy/Post?userName=&password=&uri= or /api/Proxy/Get?userName=&password=&uri= to read web-file source code, read i...
CVE-2024-6424 Server-Side Request Forgery vulnerability in MESbook
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=ARCHIVO|URL INTERNA|IP/HOST" to re...
MESbook 安全漏洞
MESbook is a web-based system from MESbook Inc. connects to factory machines and converts data into information for real-time management. MESbook has a server-side request forgery vulnerability that can be exploited by an attacker to read the source code of a web file, read internal files or acce...
CVE-2024-38475
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
Customer Support System 1.0 Cross Site Scripting
Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Date: 28/11/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry...
CVE-2024-39130
A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream at /src/DumpStream.cpp...
Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2
Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...
MAL-2024-6611 Malicious code in answers_ruby-client (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-3852 Malicious code in wallet-connect-live-app (npm)
--- -= Per source details. Do not edit below this line.=-...
OS Command Injection
php81 is vulnerable to OS Command Injection. The vulnerability is due to misinterpretation of characters in the command line by the PHP CGI module when using certain code pages on Windows. This may allow a malicious user to pass options to the PHP binary, potentially revealing source code, runnin...
IntelBroker Hacker Claims Apple Breach, Steals Source Code for Internal Tools
Notorious hacker IntelBroker claims to have breached Apple, stealing source code for internal tools. Learn about the alleged breach and IntelBroker's history of targeting major companies and government entities...
Magbanua Beach Resort Online Reservation System Code Issue Vulnerability
Magbanua Beach Resort Online Reservation System is itsourcecode open source a beach resort hotel online reservation system Magbanua Beach Resort Online Reservation System 1.0 and earlier versions have a code issue vulnerability, the vulnerability stems from the parameter image in the file...
CVE-2024-37840
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter...
Payroll Management System 1.0 Remote Code Execution
Exploit Title: Payroll Management System v1.0 RCE Unauthenticated Google Dork: intitle:"Employee's Payroll Management System" Date: 16/06/2024 Exploit Author: ShellUnease Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Truist bank confirms data breach
On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets...