CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

Authentication flaw

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

vulhub

This is an offensive tool repository for vulnerability research and testing, specifically targeting various web applications and services. The repository contains a collection of exploits, proof-of-concept PoC code, and tools for identifying and exploiting vulnerabilities in software and systems...

vulhub1

This is a repository for a project called Vulhub, which appears to be a collection of vulnerable systems and applications for testing and learning purposes. The repository contains various files and directories, including: 1. .gitattributes: A file that specifies which files should be ignored by...

Workshop: AWS S3 Bucket for Malware Scanning

In this workshop, you will learn how to scan your objects that are being uploaded to Amazon S3 buckets for malware and integrate into your custom workflows, by automating with your current resources, directly in your AWS environment...

Workshop: AWS S3 Bucket for Malware Scanning

In this workshop, you will learn how to scan your objects that are being uploaded to Amazon S3 buckets for malware and integrate into your custom workflows, by automating with your current resources, directly in your AWS environment...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is an offensive tool for web application security training. It is a collection of vulnerable web applications, each with its own set of vulnerabilities, designed to help users learn and practice web application security testing. The repository contains a variety of web applications, includin...

CVE-2021-32724 check-spelling workflow vulnerable to GITHUB_TOKEN leakage via symlink attack

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...

Insecure TLS Configuration

github.com/argoproj/argo-workflows uses an insecure TLS configuration. The Argo Server TLS requests can potentially be forged by an attacker with network access...

Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows

It’s no secret that most organizations need to dramatically improve their incident detection and response and vulnerability management VM programs. How many major security breaches could organizations avert if they could detect and address them at the start, when they’re still just minor incident...

Improper Input Validation

In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...

CVE-2021-37549

CVE-2021-37549 affects JetBrains YouTrack prior to version 2021.1.11111, where sandboxing in workflows was insufficient, enabling an elevation of privileges issue. The vulnerability is categorized as YouTrack – Insufficient sandboxing in workflows, with the Red Hat and CNVD entries confirming pri...

CVE-2021-37549

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient...

vulhub111

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and more. The repository is maintained by Vulhub, a community-driven project for...

Liferay Portal and Liferay DXP Licensing Issue Vulnerability

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

CVE-2021-37914

In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...

CVE-2021-37914

In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...

Code injection

In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...