# Description In line 786, we can see ```$conditionFilters[] = $filterField . ' ' . $operator . ' ' . $value;```. The three variables joins to a string, and the variables come from the request param ...
Continue Reading23 мая, 2022
I found that one of the targets belongs to **DOD** vulnerable to **CVE-2022-22954** where an attacker may be able to execute any malicious code like escalating Remote code execution is also possible ...
Continue Reading23 мая, 2022
### Impact go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes ...
Continue Reading23 мая, 2022
# Description A review of organizr's logging system found it is possible for an unauthenticated threat actor to inject arbitrary JavaScript into the "Logs" page found within the administrator dashboa ...
Continue Reading23 мая, 2022
### Impact Allows admin API access to the IPFS node. ### Who ? This affects people running the [docker-compose.yaml](https://github.com/ipfs/go-ipfs/blob/master/docker-compose.yaml) service in an env ...
Continue Reading23 мая, 2022
# Description While reviewing FUXA, research found it is possible to upload arbitrary files into arbitrary locations via the "/api/upload" endpoint. Even when authentication in enabled, it was found ...
Continue Reading23 мая, 2022
### Impact The velocity scripts is not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Now writing an attacking script in velocity requires th ...
Continue Reading23 мая, 2022
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned the CVE identifier CVE-2022-22577. Versions Affected: >= 5.2.0 Not affected: ...
Continue Reading23 мая, 2022
Back to Main