63 matches found
EUVD-2021-2286
Malware in sbrugna...
EUVD-2007-2560
Malware in sbrugna...
EUVD-2006-2984
Malware in sbrugna...
Cross-site Scripting (XSS)
Overview roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between URLs and issue tracker templates. An attacker can execute arbitrary scripts...
CVE-2021-32674
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...
CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
DEBIAN-CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
UBUNTU-CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking , could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and accou...
tal-oil.com Cross Site Scripting vulnerability OBB-3311440
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in dep-conf-test-tal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11ab34becb955a22cbb02099997e4c3301a8dcfb0559a59ebcb0a32770e7bdc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dependancy_confusion_test_tal3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c56293eb90ae309c58adb4cbfd852c54166ebcba11b6f6f6e5c64ce5a623c24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-233 Malicious code in dep-conf-test-tal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11ab34becb955a22cbb02099997e4c3301a8dcfb0559a59ebcb0a32770e7bdc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Command Injection vulnerability in [email protected]
Command Injection vulnerability in [email protected] git-interface describes itself as a Interface to work with a git repository in node.js Resources: Project's GitHub source code: https://github.com/yarkeev/git-interface Project's npm package: https://www.npmjs.com/package/git-interface I'm...
Privilege Escalation
github.com/cloudflare/cfrpki is vulnerable to privilege escalation. when copying files using rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root, which allows an attacker to inject and execute a malicious TAL file...
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Impact When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector,...
Remote Code Execution via traversal in TAL expressions
Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...
Duplicate Advisory: Path Traversal in Zope
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. This advisory extends the previous advisory at...
GHSA-5VQ5-PG3R-9PH3 Duplicate Advisory: Path Traversal in Zope
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. This advisory extends the previous advisory at...
Zope RCE Vulnerability (GHSA-rpcg-f9q6-2mq6)
Zope is prone to a remote code execution RCE vulnerability via a traversal in TAL expressions. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...