Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-5698: cve_hub/Internet Banking System/Internet Banking System - vuln 6.pdf at main · E1CHO/cve_hub

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136.

CVE
Open in Source
#xss#vulnerability#git#php#pdf
CVE-2023-46317: release 5.7.0 (!1448) · Merge requests · Knot projects / Knot Resolver · GitLab

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.

CVE-2023-46315: Require secret key configuration when enabling gradio auth by zanllp · Pull Request #368 · zanllp/sd-webui-infinite-image-browsing

The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.

GHSA-9x43-5qcq-h79q: in django-grappelli

views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.

GHSA-h454-rq3m-89rc: Wagtail CRX CodeRed Extensions vulnerable to Path Traversal

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

CVE-2021-46897: (security) An login user can access local files on coderedcms server · Issue #448 · coderedcorp/coderedcms

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

What is the Dark Web, Search Engines, and What Not to Do on the Dark Web

By Waqas In this article, we will delve deeper into what is the dark web, exploring its definition, the top… This is a post from HackRead.com Read the original post: What is the Dark Web, Search Engines, and What Not to Do on the Dark Web

CVE-2023-46303: GitHub - 0x1717/ssrf-via-img: SSRF Vulnerability in PANDOC and CALIBRE

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

GHSA-c59h-r6p8-q9wc: Next.js missing cache-control header may lead to CDN caching empty reply

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

CVE-2023-46298: Missing cache control directive for server side props response when using middleware and prefetch · Issue #45301 · vercel/next.js

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.