渗透/安全推送中心
4.55K subscribers
14.4K links
第一时间推送github安全相关项目。安全情报 @BlackHatCN
Download Telegram
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-38370

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution (RCE) vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Execution (RCE). A patch is CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-36038

#rce
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-36639

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-36638

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the re CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-31196

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-35933

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2543

#CVE_2022
👍1