Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the function CustomIsShared.hasobjectpermission, which...

EUVD-2011-0349

Malware in sbrugna...

CVE-2020-36851

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

CVE-2015-2309

Unsafe methods in the Request class...

Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin

The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAtObject, String, Object; DefaultGroovyMethods.getAtObject, String. These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild'rawBuild' rather than...

GHSA-M68X-CC2F-GR5H Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin

The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAtObject, String, Object; DefaultGroovyMethods.getAtObject, String. These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild'rawBuild' rather than...

UBUNTU-CVE-2015-2309

Unsafe methods in the Request class...

CVE-2015-2309

Unsafe methods in the Request class...

Unsafe methods in the Request class

More info at https://symfony.com/cve-2015-2309...

Unsafe methods in the Request class

More info at https://symfony.com/cve-2015-2309...

AXIS Media Control Active-X File Corruption

======================================================================== AXIS ==================================================================== ======================================================================== 1.Advisory Information Title: AXIS Media Control ActiveX vulnerability Date...

Quest Toad for Oracle ActiveX unauthorized access

It's possible to access files via unsafe methods...

Oracle Hyperion ActiveX security vulnerabilities

Buffer overflow in ODBC driver used by ActiveX component, unsafe methods...

PcVue ActiveX multiple security vulnerabilities

Unsafe methods, array index overflow, code execution...

CheckPoint SSL VPN ActiveX code execution

Unsafe methods allow file upload and execute...

Easewe FTP OCX ActiveX Control code execution

Unsafe methods allow data access and code execution...

Macrovision InstallShield Update Service ActiveX Unsafe Method

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Macrovision...

WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 HttpClients::IE,...

SupportSoft DNA Editor ActiveX unauathorized access

Multiple unsafe methods...

Symantec AppStream Client LaunchObj ActiveX Control Multiple Unsafe Methods (SYM09-001)

The version of the LaunchObj ActiveX control, a component included with Symantec AppStream Client / Altiris Streaming Agent and installed on the remote Windows host, reportedly contains a number of unsafe methods, such as 'installAppMgr', that can be used to download and execute arbitrary code. I...