51 matches found
CVE-2023-49090
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...
Path Traversal
shiro-web is vulnerable to Path Traversal. The vulnerability exists because the InvalidRequestFilter.java does not properly validate the URLs, which allows an attacker to access files outside the expected directory, leading to an authentication bypass when used together with APIs or other web...
Path Traversal in Apache Shiro
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...
CVE-2023-34478
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...
Blacklist3r - Accumulate Secret Keys / Secret Materials Related To Various Web Frameworks
The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these...
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder
Impact A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift...
AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...
AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...
vulhub
This repository is an open-source collection of vulnerable web applications and environments for security research and training. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of vulnerable applications, including web servers, databases, and other systems, to...
[SECURITY] Fedora 34 Update: python-databases-0.4.3-2.fc34
Databases gives you simple asyncio support for a range of databases. It allows you to make queries using the powerful SQLAlchemy Core expression language, and provides support for PostgreSQL, MySQL, and SQLite. Databases is suitable for integrating against any async Web framework, such as...
WordPress, Apache Struts Attract the Most Bug Exploits
WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...
WordPress, Apache Struts Attract the Most Bug Exploits
WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...
WAScan v0.2.1 - Web Application Scanner
WAScan Web Application Scanner is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application,...
GandCrab Ransomware Found Hiding on Legitimate Websites
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These,...
Web Application Security Scanner: Spaghetti
Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...
Gazelle cross-site scripting vulnerability (CNVD-2017-05627)
Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in Gazelle. A remote attacker could exploit this vulnerability to execute arbitrary HTML and script...
Fedora 19 : v8-3.14.5.10-11.fc19 (2014-9113)
TJ Fontaine of the Node.js project reports : A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an...
Fedora Update for rubygem-rack FEDORA-2013-2315
Check for the Version of rubygem-rack OpenVAS Vulnerability Test Fedora Update for rubygem-rack FEDORA-2013-2315 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
[SECURITY] Fedora 18 Update: rubygem-rack-1.4.0-5.fc18
Rack provides a common API for connecting web frameworks, web servers and layers of software in between...
[SECURITY] Fedora 17 Update: rubygem-rack-1.4.0-4.fc17
Rack provides a common API for connecting web frameworks, web servers and layers of software in between...