An SQLi in Password Manager Pro, which is bundled with Manage Engine's Privileged Access Management 360 (PAM360) and Access Manager Plus.In the password manager, there's a concept of "resources" which can be added or edited, which internally submits a multipart form request to the `AddResourceType.ve` endpoint...
A number of bugs in Tailscale leading to an RCE chain.
A long chain of issues going from blind SSRF to new-line injection to a blind Livestatus Query Language (LQL) injection to arbitrary file deletion and finally a race condition leading to authentication bypass.
When performing a BulkImport it is possible to provide a URL to`httpUrlToRepo` that will resolve to a repository on the local filesystem.
Cisco's Jabber, an XMPP client would treat the ending `` XML tag as a special case resetting the state of the XML parsing, which would allow any next tag to be treated as the root of the XML document and allow injecting of control stanzas.
In responding to a static file request, the Crow HTTP framework would allocate a 16kb buffer and read the target file into it. It would then send the whole buffer to the client regardless of how many bytes were actually read.
Two argument injections that were found in Bitbucket server, though only one of them was exploitable.The first was in the `/rest/api/latest/projects/~USER/repos/repo1/browse` endpoint, where an `at` parameter could be provided...
Just what can be accomplished when webhooks are allowed to access internal services, Cider Security takes a look specifically at abusing GitHub and GitLab webhooks to access internally hosted Jenkin instances.