It’s been a while since I shared a post, I think I’ve forgotten how to start these things. Let’s cut to the chase. One day, out of boredom, I was auditing the urllib3 codebase. At the time, I was ...

Software: NPM - Ip Package Vulnerability: Missing IP Address Control CVE: CVE-2023-42282 Discoverer: Fatih Çelik & Emre Durmaz Description of the product: IP address utilities for node....

Software: [https://github.com/pytorchlightning/pytorch-lightning) Vulnerability: Insecure Yaml Deserialization CVE: CVE-2021-4118 Description of the product: Lightning disentangles PyTorch c...

Software: https://sourceforge.net/projects/group-office/ Version: 6.4.196 Vulnerability: Cross Site Scripting CVE: CVE-2020-35418 && CVE-2020-35419 Description of the product: Group...

Software: https://sourceforge.net/projects/group-office/ Version: 6.4.196 Vulnerability: SSRF CVE: CVE-2021-28060 Description of the product: Group Office is an open source groupware applic...

Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26805 Sentrifugo is a FREE and powerful Human Resource Management Sy...

Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26803 Exploit-DB: https://www.exploit-db.com/exploits/48997 Sentrif...

Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26804 Exploit-DB: https://www.exploit-db.com/exploits/48998 Sentrif...

Vendor: https://github.com/boiteasite/cmsuno/ Version: 1.6.2Vulnerability: Code Injection CVE: CVE-2020-25557 Exploit-DB: https://www.exploit-db.com/exploits/49031 Analysis If you read my othe...

Vendor:  https://github.com/boiteasite/cmsuno/ Version: 1.6.2 Vulnerability: Code Injection CVE: CVE-2020-25538 Exploit-DB: https://www.exploit-db.com/exploits/48996 Analysis When I read the ...