渗透/安全推送中心
4.55K subscribers
14.4K links
第一时间推送github安全相关项目。安全情报 @BlackHatCN
Download Telegram
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An atta CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-1739

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-33189

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-26891

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3350

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3335

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3391

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3392

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-22543

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-22545

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution M CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-22544

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-24741

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This i CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-24889

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2047

#CVE_2022