rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

Eatself 1.1.5 SQL Injection

==================================================================================================================================== | Title : Eatself v1.1.5 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vend...

CVE-2022-32096

Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted JWE token...

CVE-2021-29487

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...

CVE-2021-29487

CVE-2021-29487 affects the October CMS platform (october/system) and enables an unauthenticated attacker to bypass authentication and take over a frontend user account. The exploit relies on obtaining Laravel’s secret key for cookie encryption/signing. The vulnerability has been patched in Build ...

CVE-2021-32648

CVE-2021-32648 affects October CMS (Laravel-based) through the october/system package. An authentication bypass allows an attacker to request a password reset and then take over an account. Patches are available: Build 472 and v1.1.5. Public advisories and CVE trackers consistently describe this ...

CVE-2021-32648

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. Recent...

Cross site request forgery (csrf)

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account...

CVE-2018-18215

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account...

CVE-2018-18215

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account...

CVE-2018-18215

In Youke365 v1.1.5, the admin/user.html page contains a CSRF vulnerability that can be exploited by remote attackers to add a user account. The issue is documented across multiple sources (CVE-2018-18215) with CVSS v3.0 base score 8.8 (HIGH) and CVSS v2.0 base score 6.8 (MEDIUM) indicating unauth...

CVE-2018-18242

youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86...

CVE-2018-18242

youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86...

CVE-2018-18242

The CVE-2018-18242 entry relates to youke365 v1.1.5, which has a SQL injection in admin/login.html. The vulnerability arises from improper handling in the login endpoint, enabling an attacker to inject SQL and, per CNVD-2018-20869, potentially execute arbitrary SQL commands remotely. NVD metrics ...

CVE-2016-1000114

XSS in huge IT gallery v1.1.5 for Joomla...

startbbs最新版存在存储型xss漏洞

简要描述： 版本号：startbbsv1.1.5 某处存在存储型xss漏洞 详细说明： 今天没事看了看startbbs，发现它的过滤函数和cmseasy差不多，后来试了试果然存在xss。 具体是在论坛发帖处填入如下内容： 测试 点击“测试”后弹出cookie： 漏洞证明： 官网测试也成功xss：...

Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC)

Core Security - Corelabs Advisory http://corelabs.coresecurity.com Buffer overflow in Ubiquiti airCam RTSP service 1. Advisory Information Title: Buffer overflow in Ubiquiti airCam RTSP service Advisory ID: CORE-2013-0430 Advisory URL:...

Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC)

Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow PoC Core Security - Corelabs Advisory http://corelabs.coresecurity.com Buffer overflow in Ubiquiti airCam RTSP service 1. Advisory Information Title: Buffer overflow in Ubiquiti airCam RTSP service Advisory ID: CORE-2013-0430 Advisory URL:...

Tiny Server v1.1.5 Arbitrary File Disclosure Exploit

Exploit for windows platform in category remote exploits !/usr/bin/perl -w Title : Tiny Server v1.1.5 Arbitrary File Disclosure Exploit Author : KaHPeSeSe Test : PERFECT XP PC1 / SP3 Date : 15/03/2012 use LWP::Simple; use LWP::UserAgent; system'color','A'; system'cls'; print "\n\t\n"; print...

Mercury v1.1.5 Send Message Cross-Site Scripting

Aria-Security Team Persian Security Network http://Aria-Security.Net --------------------------------------------- Greetz: Aura, imm02tal, iM4n, Mormoroth, Mercury v1.1.5 Send Message Cross-Site Scripting In order to make this vuln work you need to place your code in the "message text" area and...