63 matches found
EUVD-2006-2984
Malware in sbrugna...
EUVD-2007-2560
Malware in sbrugna...
EUVD-2021-2286
Malware in sbrugna...
Cross-site Scripting (XSS)
Overview roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between URLs and issue tracker templates. An attacker can execute arbitrary scripts...
CVE-2021-32674
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...
CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
DEBIAN-CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
UBUNTU-CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking , could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and accou...
tal-oil.com Cross Site Scripting vulnerability OBB-3311440
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MAL-2023-233 Malicious code in dep-conf-test-tal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11ab34becb955a22cbb02099997e4c3301a8dcfb0559a59ebcb0a32770e7bdc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dep-conf-test-tal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11ab34becb955a22cbb02099997e4c3301a8dcfb0559a59ebcb0a32770e7bdc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dependancy_confusion_test_tal3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c56293eb90ae309c58adb4cbfd852c54166ebcba11b6f6f6e5c64ce5a623c24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Command Injection vulnerability in [email protected]
Command Injection vulnerability in [email protected] git-interface describes itself as a Interface to work with a git repository in node.js Resources: Project's GitHub source code: https://github.com/yarkeev/git-interface Project's npm package: https://www.npmjs.com/package/git-interface I'm...
Privilege Escalation
github.com/cloudflare/cfrpki is vulnerable to privilege escalation. when copying files using rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root, which allows an attacker to inject and execute a malicious TAL file...
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Impact When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector,...
Remote Code Execution via traversal in TAL expressions
Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...
GHSA-5VQ5-PG3R-9PH3 Duplicate Advisory: Path Traversal in Zope
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. This advisory extends the previous advisory at...
Duplicate Advisory: Path Traversal in Zope
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. This advisory extends the previous advisory at...
Zope RCE Vulnerability (GHSA-rpcg-f9q6-2mq6)
Zope is prone to a remote code execution RCE vulnerability via a traversal in TAL expressions. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...