A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote c ...
Continue Reading25 апреля, 2024
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are cre ...
Continue Reading25 апреля, 2024
Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/ ...
Continue Reading25 апреля, 2024
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote c ...
Continue Reading25 апреля, 2024
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are cre ...
Continue Reading25 апреля, 2024
CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE exploit script Description This script exploits CVE-2023-42793 to create an admin account on a TeamCity server. It sends a POST request to ...
Continue Reading24 апреля, 2024
Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the serv ...
Continue Reading24 апреля, 2024
SpEL Injection in PUT /api/v1/events/subscriptions (GHSL-2023-251) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able t ...
Continue Reading24 апреля, 2024
Back to Main