Code Extension Marketplace: Zip Slip Path Traversal

Zip Slip Path Traversal in coder/code-marketplace Summary A Zip Slip CWE-22 vulnerability in coder/code-marketplace ≤ v2.4.1 allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback that wrote files via filepath.Jo...

OpenBao and Vault Leak []byte Fields in Audit Logs

Impact OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to: - sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log. - Transit, when performing...

CVE-2023-39642

Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display...

CVE-2023-39642

CVE-2023-39642 affects Carts Guru (PrestaShop) up to version 2.4.2. The vulnerability is a SQL injection in the Catalog display handler, specifically the component FrontController::display() of CartsGuruCatalogModuleFrontController. The connected documents consistently identify the vulnerable com...

Apache Airflow Open Redirect vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's /confirm endpoint...

Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=woodiscountrules="+style=animation-name:rotation+onanimationstart=alert/XSS///...

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)

onArcade 2.4.2 - Cross-Site Request Forgery Add Admin Exploit Title: Cross-Site Request Forgery Add Admin Google Dork: Powered by onArcade v2.4.2 Date: 2018/August/4 Author: r3m0t3nu11Zero-way Software Link: "http://www.onarcade.com" Version: "Uptodate" the appilication is vulnerable to CSRF atta...

Fedora 26 : openvpn (2017-89d98779ec)

This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities CVE-2017-7478 and CVE-2017-7479. For more information see the upstream security announcement. This build also switches back to OpenSSL 1.0, using compat-openssl10...

jeecms V2.4.2 ArtiSearch.do 远程命令执行漏洞

0x01 框架概述 江西金磊科技发展有限公司（以下简称金磊科技）成立于2003年，旗下产品JEECMS内容管理系统是国内java开源CMS行业知名度最高、用户量最大的站群管理系统。金磊科技是一家专注java WEB应用软件研发高新技术企业。Jeecms是基于java技术研发的站群管理系统，稳定、安全、高效、跨平台、 无限扩展是jeecms 的优点，系统支持mysql、oracle、sqlserver、db2等主流 数据库。 主页：http://www.jeecms.com 0x02 漏洞细节 谷歌搜索：inurl:jeecms/ArtiSearch.do 涉及大量案例 漏洞证明：...