Improper Input Validation in GeoServer

### Impact The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen ...

Continue Reading
Git LFS can execute a binary from the current directory on Windows

### Impact On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, ...

Continue Reading
Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacke ...

Continue Reading
Blind command injection

# Description Hello , its my first report in huntr.dev fast code review : file https://github.com/yogeshojha/rengine/blob/master/web/api/views.py#L820 ``` class CMSDetector(APIView): def get(self, re ...

Continue Reading
SSRF via IPv6 address 2

# Description While searching online, I found that https://stackoverflow.com/questions/53764109/is-there-a-java-api-that-will-identify-the-ipv6-address-fd00-as-local-private also states fc00 / fd00 ar ...

Continue Reading
Path Traversal in WellKnownServlet

# Description The `WellKnownServlet` is vulnerable to path traversal. This allows reading local files. For example the files in `WEB-INF` that contain secrets and API keys can be read. https://github. ...

Continue Reading
SSRF in editor’s proxy via IPv6 link-local address

# Description The proxy server does not check for link-local IPv6 addresses In https://github.com/jgraph/drawio/blob/dev/src/main/java/com/mxgraph/online/ProxyServlet.java#L255L257, it checks for loca ...

Continue Reading
curl: Memory leak in CURLOPT_XOAUTH2_BEARER

## Summary: Once a bearer token is set with `CURLOPT_XOAUTH2_BEARER`, each HTTP request done with the same handler leaks the token itself. ## Steps To Reproduce: Given the following code: ```c #includ ...

Continue Reading

Back to Main

Subscribe for the latest news: