Yokogawa Test & Measurement Corporation Security Vulnerabilities

Exploit for CVE-2023-22515

Disclaimer This script is for educational and testing purposes...

CVE-2021-47574

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: harden netfront against event channel storms The Xen netfront driver is still vulnerable for an attack via excessive number of events sent by the backend. Fix that by using lateeoi event channels. For being able...

JavaScript Code with variable containing underscore does not work

h3. Issue Summary JavaScript Code with a variable containing an underscore does not work in * Page Template * HTML macro * 3rd Party Plugin (Script Runner) h3. Steps to Reproduce Sample code block: {code:java} $test $test_1 $("input[name='variableValues.test']").change(function (){...

(RHSA-2024:1141) Moderate: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql: Server: DDL unspecified vulnerability (CPU Apr...

Exploit for NULL Pointer Dereference in Gpac

CVE-2023-4683-Test This repo holds an easy to use POC for...

Exploit for OS Command Injection in Php

How the Script Works: - Input Prompt: The script prompts the...

Exploit for CVE-2024-27983

This repository builds up a vulnerable HTTP2 Node.js server...

CVE-2023-33977

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded.....

Exploit for Allocation of Resources Without Limits or Throttling in Redhat Enterprise Linux

CVE-2023-50387 KeyTrap in DNS (CVE-2023-50387) This...

CVE-2021-37819

PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component...

Exploit for CVE-2024-5522

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player <=...

Exploit for Code Injection in Vmware Spring Framework

Spring4Shell - PoC CVE - 2022 - 22965 Versions affected...

CVE-2019-25086

A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...

Selinux Fix to allow CTS Listening Ports Test to work android.appsecurity.cts.ListeningPortsTest#testNoRemotelyAccessibleListeningUdpPorts

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

(RHSA-2024:0894) Moderate: mysql:8.0 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql: Server: DDL unspecified vulnerability (CPU Apr...

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

Exploit for Server-Side Request Forgery in Apache Http Server

CVE-2021-40438 Apache forward request CVE...

[SECURITY] Fedora 39 Update: python3.6-3.6.15-28.fc39

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software.....

CVE-2024-35815

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the...

(RHSA-2024:3500) Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...

CVE-2021-47575

In the Linux kernel, the following vulnerability has been resolved: xen/console: harden hvc_xen against event channel storms The Xen console driver is still vulnerable for an attack via excessive number of events sent by the backend. Fix that by using a lateeoi event channel. For the normal...

CVE-2018-25101

A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"> leads to cross site scripting. T...

Exploit for Improper Authentication in Ivanti Connect Secure

🚨 CVE-2023-46805 Scanner Tool 🛠️ A robust tool for detecting...

keylime security update

An update is available for keylime. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Keylime is a TPM based highly scalable remote boot attestation and runtime...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-30.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software.....

(RHSA-2024:2669) Important: OpenShift Container Platform 4.15.12 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.12. See the following advisory for the container...

pmix security update

[2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves:...

Exploit for Deserialization of Untrusted Data in Vmware Spring For Apache Kafka

CVE-2023-34040 Spring Kafka Deserialization Remote Code...

PhpMyAdmin <4.8.2 - Local File Inclusion

PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted....

CVE-2024-28103

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Mass Auto Scanner for CVE-2024-24919 This script is designed to...

CVE-2024-35815

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler,.....

Exploit for CVE-2024-36527

CVE-2024-36527 PoC and Bulk Scanner...

Exploit for CVE-2024-22120

CVE-2024-22120 ToolKit Affected Version/s ``` 6.0.0 -...

Exploit for Use After Free in Linux Linux Kernel

CVE-2024-1086 Universal local privilege escalation...

CVE-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body...

CVE-2024-4253

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

CVE-2023-30618

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413 This Python script is used to abuse the...

Exploit for Out-of-bounds Write in Kingsoft Internet Security 9 Plus

CVE-2022-25949 A years-old exploit of a local EoP...

CVE-2023-51407

Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through...

CVE-2023-49735

** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled...

nfpm has incorrect default permissions

Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files (without extra config...

CVE-2023-52048

RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...

Exploit for Command Injection in Ivanti Connect Secure

🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2023-43770 POC A Proof-Of-Concept for the recently found...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager

Vulnerability Details fofa： ``` (title="BIG-IP®" ||...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager

Vulnerability Details fofa： ``` (title="BIG-IP®" ||...

CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and...

Exploit for Embedded Malicious Code in Tukaani Xz

root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...