JOBE 命令注入漏洞

JOBE is a server for running small programming jobs in various programming languages by Richard Lobb, a personal developer. A command injection vulnerability exists in JOBE versions prior to 1.7.0, which originates in the function runinsandbox in the file application/libraries/LanguageTask.php,...

The FBI's Perspective on Ransomware

Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities,...

PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...

NVIDIA Jetson 缓冲区错误漏洞

NVIDIA Jetson is an embedded system development module from NVIDIA. A security vulnerability exists in NVIDIA Jetson, which originates in nvdlaemutasksubmit, where unauthenticated input could allow a local attacker to cause a stack-based buffer overflow in the kernel code, which could result in...

CVE-2019-14802

HashiCorp Nomad 0.5.0 through 0.9.4 fixed in 0.9.5 reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template...

Design/Logic Flaw

HashiCorp Nomad 0.5.0 through 0.9.4 fixed in 0.9.5 reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template...

APDE 路径遍历漏洞

APDE is a processing IDE for creating and running sketches on Android devices by William Smith Personal Developer. A path traversal vulnerability exists in versions prior to APDE 0.5.2-pre2-alpha, which stems from a function in the...

S3Crets_Scanner - Hunting For Secrets Uploaded To Public S3 Buckets

S3cret Scanner tool designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets in public S3 buckets. Can be executed as scheduled task or On-Demand Automation workflow The automation will perform the following actions: 1. List the public...

Security fix for the ALT Linux 10 package thunderbird version 102.6.0-alt1

102.6.0-alt1 built Dec. 23, 2022 Pavel Vasenkov in task 311857 Dec. 16, 2022 Pavel Vasenkov - New version. - Security fixes: + CVE-2022-46880 Use-after-free in WebGL + CVE-2022-46872 Arbitrary file read from a compromised content process + CVE-2022-46881 Memory corruption in WebGL + CVE-2022-4687...

CVE-2021-4257

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

CVE-2021-4257

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

Cross site scripting

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

ctrlo lenio 跨站脚本漏洞

lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio that stems from an unknown section of its views/index.tt file that operates on the parameters task.name/task.site.org.name allowing attackers to implement cross-site scripting...

ctrlo lenio 安全漏洞

lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio, which stems from unknown code in the views/task.tt file of its Task Handler component that operates on the parameters site.org.name/check.name/task.tasktype allowing an attacker to...

CVE-2021-4257 ctrlo lenio Task task.tt cross site scripting

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

PT-2022-11622 · Unknown · Ctrlo Lenio

Name of the Vulnerable Software and Affected Versions: ctrlo lenio affected versions not specified Description: A vulnerability was found in the Task Handler component, affecting the file views/task.tt. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads t...

CVE-2021-4257

The CVE-2021-4257 entry concerns ctrlo lenio. The vulnerability is in the Task Handler’s views/task.tt, where manipulating the argument path site.org.name/check.name/task.tasktype.name/task.name enables cross-site scripting. A remote attacker could exploit this, with impact limited to client-side...

K00373024: Apache vulnerability CVE-2016-8743

Security Advisory Description Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of...

CVE-2022-4527

A vulnerability was found in collective.task up to 3.0.8. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotel...

PYSEC-2022-42990

A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotel...