5335 matches found
PyScript 安全漏洞
PyScript is a framework for writing interactive web applications in PyScript. A security vulnerability exists in PyScript version 2022-05-04 and prior versions. An attacker can exploit this vulnerability to remotely read or disclose Python source code...
ChatBot Application With A Suggestion Feature 1.0 SQL Injection
Exploit Title: ChatBot Application with a Suggestion Feature 1.0 - 'id' Blind SQL Injection Date: 05/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html...
workflow-multibranch: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...
Covid 19 Travel Pass Management System v1.0 SQL injection Vulnerability
Title: Covid 19 Travel Pass Management System v1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15308/covid-19-travel-pass-management-system-phpoop-free-source-code.html Reference:...
GHSA-C5VW-342H-X5RX Alkacon OpenCms Exposes JSP Source Code
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...
Alkacon OpenCms Exposes JSP Source Code
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...
Improper Input Validation in Mortbay Jetty
jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...
Mortbay Jetty Discloses JSP Source Code
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash %5C characters. NOTE: this might be the same issue as CVE-2006-2758...
GHSA-CWQ3-QP8V-W8Q3 Mortbay Jetty Discloses JSP Source Code
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash %5C characters. NOTE: this might be the same issue as CVE-2006-2758...
Apache Tomcat Source Code Disclosure
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...
GHSA-8V5P-2CPV-C2X6 Apache Tomcat Source Code Disclosure
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...
GHSA-JXCV-V856-J5VG Apache Tomcat Source Code Disclosure
The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...
Apache Tomcat Source Code Disclosure
The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...
Jakarta Tomcat Directory Listing vulnerability
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character...
Amazon Linux 2 : gcc10, gcc (ALAS-2022-1784)
The version of gcc installed on the remote host is prior to 7.3.1-14. The version of gcc10 installed on the remote host is prior to 10.3.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1784 advisory. A flaw was found in the way Unicode standards are implemented ...
Lapsus$ Hackers Stole T-Mobile’s Source Code and Systems Data
By Deeba Ahmed T-Mobile has acknowledged the breach which occurred before police arrested some of the Lapsus$ members last month. The… This is a post from HackRead.com Read the original post: Lapsus$ Hackers Stole T-Mobiles Source Code and Systems Data...
New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices
A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed "Lilin Scanner" by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection...
GLPI Information Disclosure Vulnerability (CNVD-2022-44238)
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...
T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the...
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of...