Linux eBPF Path Pruning Gone Wrong
Authored by Simon Scannell, Valentina Palmiotti, Meador Inge, Juan Jose Lopez Jaimez | Site github.com
A bug in the eBPF Verifier branch pruning logic can lead to unsafe code paths...
Oracle VM VirtualBox 7.0.10 r158379 Escape
Authored by Andy Nguyen | Site github.com
A guest inside a VirtualBox VM using the virtio-net network adapter can trigger an intra-object out-of-bounds write in src/VBox/Devices/Network/DevVirtioNet.cpp to cause a denial-of-service...
Open WebUI 0.1.105 Persistent Cross Site Scripting
Authored by Jaggar Henry, Sean Segreti | Site korelogic.com
Open WebUI version 0.1.105 suffers from a persistent cross site scripting vulnerability.
advisories | CVE-2024-6706
Change Mirror Download
KL-001-2024-005: Open WebUI Stored Cross-Site ScriptingTitle:...
Open WebUI 0.1.105 File Upload / Path Traversal
Authored by Jaggar Henry, Sean Segreti | Site korelogic.com
Open WebUI version 0.1.105 suffers from arbitrary file upload and path traversal vulnerabilities.
advisories | CVE-2024-6707
Change Mirror Download
KL-001-2024-006: Open WebUI Arbitrary File...
Journyx 11.5.4 Unauthenticated Password Reset Bruteforce
Authored by Jaggar Henry | Site korelogic.com
Journyx version 11.5.4 suffers from an issue where password reset tokens are generated using an insecure source of randomness. Attackers who know the...
Journyx 11.5.4 Authenticated Remote Code Execution
Authored by Jaggar Henry | Site korelogic.com
Journyx version 11.5.4 has an issue where attackers with a valid username and password can exploit a python code injection vulnerability during the...
Journyx 11.5.4 Cross Site Scripting
Authored by Jaggar Henry | Site korelogic.com
Journyx version 11.5.4 suffers from a cross site scripting vulnerability due to mishandling of the error_description during an active directory login flow.
advisories |...
Journyx 11.5.4 XML Injection
Authored by Jaggar Henry | Site korelogic.com
Journyx version 11.5.4 has an issue where the soap_cgi.pyc API handler allows the XML body of SOAP requests to contain references to external...
Calibre 7.15.0 Python Code Injection
Authored by Michael Heinzl, Amos Ng | Site metasploit.com
This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once...
E-Commerce Site Using PHP PDO 1.0 Directory Traversal
Authored by indoushka
E-Commerce Site using PHP PDO version 1.0 suffers from a directory traversal vulnerability.
Change Mirror Download
=============================================================================================================================================| # Title : E-Commerce Site using PHP PDO...
