CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

[SECURITY] Fedora 40 Update: python-aiohttp-3.9.5-2.fc40

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-000a25f3fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f34786d26f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-e0057e6044)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-2f15e6e876)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-a04cc349e1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-1f06098c71)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Input Validation

apache-superset is vulnerable to Improper Input Validation. The vulnerability allows an attacker to trick a user into potentially registering a SQLite database connection incorrectly if an attacker employs alternative driver names such as sqlite+pysqlite or utilizes database imports. This...

GHSA-FM4Q-J8G4-C9J4 Apache Superset Improper Input Validation vulnerability

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-f75af676f2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Race condition

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packet...

Zenbuster - Multi-threaded URL Enumeration/Brute-Forcing Tool

ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin @0xTas. I wrote this tool as a way to deepen my familiarity with Python, and to help increase my understanding of Cybersecurity tooling in general. ZenBuster may not be the fastest or most...

CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

Incorrect Authorization in @uppy/companion

@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular na...

GHSA-Q24H-5RQ3-63J9 Incorrect Authorization in @uppy/companion

@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular na...

Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers

A vulnerability was found in all versions of the deprecated package Keycloak Gatekeeper, where on using lower case HTTP headers via cURL we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in...

Server-Side Request Forgery (SSRF) in chevereto/chevereto-free

Description Attackers can make the server perform arbitrary requests to internal IPs as well as use the file:/// protocol to disclose internal image data. Proof of Concept 1: Create a valid image file on the server /path/to/index.png 2: Choose add Image URLs and use a valid URL and click OK. Then...

Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution (Authenticated)

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Date 02.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before...

Fedora: Security Advisory for python-aiohttp (FEDORA-2021-902c1b07c9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...