I found that one of the targets belongs to **DOD** vulnerable to **CVE-2022-22954** where an attacker may be able to execute any malicious code like escalating Remote code execution is also possible ...
Continue Reading
May 23, 2022
# Command Injection vulnerability in [email protected] `git-interface` describes itself as a Interface to work with a git repository in node.js Resources: * Project's GitHub source code: https://gi ...
Continue Reading
May 23, 2022
# Description Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the app ...
Continue Reading
May 23, 2022
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacke ...
Continue Reading
May 23, 2022
# Description Hello , its my first report in huntr.dev fast code review : file https://github.com/yogeshojha/rengine/blob/master/web/api/views.py#L820 ``` class CMSDetector(APIView): def get(self, re ...
Continue Reading
May 23, 2022
# Description The `WellKnownServlet` is vulnerable to path traversal. This allows reading local files. For example the files in `WEB-INF` that contain secrets and API keys can be read. https://github. ...
Continue Reading
May 23, 2022
# Description The proxy server does not check for link-local IPv6 addresses In https://github.com/jgraph/drawio/blob/dev/src/main/java/com/mxgraph/online/ProxyServlet.java#L255L257, it checks for loca ...
Continue Reading
May 23, 2022
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. ...
Continue Reading
May 23, 2022
Back to Main
