Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
NotificationsYou must be signed in to change notification settings

alpernae/vulnerability-research

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

This repository contains information about my security vulnerability discoveries and CVE submissions.

Overview

This repository serves as a portfolio of my vulnerability research and successful CVE submissions to track my contributions to the security community.

Structure

Each CVE submission is documented in its own folder with the following format:

CVE-YEAR-XXXXX/├── README.md (detailed writeup)├── proof-of-concept├── exploit-code

CVE List

CVE IDDescriptionStatusDate Assigned
CVE-2024-40422The snapshot_path parameter in the /api/get-browser-snapshot endpoint is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.AssignedJul 24, 2024
CVE-2022-28132The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.AssignedNov. 21, 2024
CVE-2020-35241FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.AssignedNov. 21, 2024

Contributing

This is a personal repository to track my own CVE submissions. However, if you spot any errors or have suggestions for improvements, please open an issue.

Contact

License

This repository is licensed underMIT License.

Note: Always follow responsible disclosure practices and vendor coordination policies when submitting CVEs.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

[8]ページ先頭
©2009-2026 Movatter.jp