karakeep 安全漏洞

karakeep is a self-hostable bookmarking application from the Karakeep App open source. A security vulnerability exists in karakeep versions v0.26.0 through v0.7.0, which stems from vulnerability to server-side request forgery attacks...

Path traversal

SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...

CVE-2023-33690

SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...

github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference

Impact In versions prior to v0.7.0 it was possible for an attacker to supply an invalid assertion which would trigger a panic due to a nil-pointer dereference. Patches The issue was patched in v0.7.0, released on March 2, 2022. Workarounds Callers to gosaml2 can use recover to handle panics to...

UPDATE: Sysdig Falco v0.7.0

PenTestIT RSS Feed A few months ago, I posted about an open source behavorial activity monitor. It was updated some time ago and we now have update - the Sysdig Falco v0.7.0! What is Sysdig Falco? Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your...

psys070-sql.txt

'/ -.- ---------------------oOO------OOo-------------------- | pSys v0.7.0 Alpha chatbox.php Remote SQL Injection | | works only with magic quotes = off | | coded by DNX | -------------------------------------------------------- ! Discovered.: DNX ! Vendor.....: http://www.powie.de ! Detected...:...