Light

Sim4n6<script>print();</script> photo

sim4n6 Goto Github PK

followers: 30.0 following: 77.0 repos: 27.0 gists: 2.0

Name: Sim4n6<script>print();</script>

Type: User

Twitter: sim4n6

Blog: https://sim4n6.beehiiv.com

Hi 👋

N°	CVE	Severity	Description
1	CVE-2022-1993	High	Path Traversal vulnerability on the endpoint '/info/refs' in gogs/gogs
2	CVE-2022-3607	Medium	ZipSlip Symlink variant allows to read any file within OctoPrint Box in octoprint/octoprint
3	CVE-2022-23530	Medium	GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
4	CVE-2023-25804	Medium	Limited Path Traversal in name parameter hap-wi/roxy-wi
5	CVE-2023-25803 CVE-2023-25802	High	Directory Traversal vulnerability in hap-wi/roxy-wi
6	CVE-2022-23522	High	Arbitrary File Write when Extracting Tarballs retrieved from a remote location using `shutil.unpack_archive()`
7	CVE-2023-30620	High	Arbitrary File Write when Extracting a Remotely retrieved Tarball using `Tarfile.extractall()` in mindsdb/mindsdb
8	CVE-2023-31131	Medium	Arbitrary File Write when Extracting Tarballs retrieved from a remote location using `shutil.unpack_archive()` in greenplum-db/gpdb
9	CVE-2023-35932	High	Configuration Injection in tanghaibao/jcvi due to unsanitized user input
10	GHSA-373w-rj84-pv6x	Low	Hostname blocklist does not block FQDNs in IncludeSecurity/safeurl-python
11	CVE-2023-39911	Medium	---
12	CVE-2023-42183	Low	A Post-Unicode Normalization Vulnerability in lockss/lockss-daemon
13	CVE-2023-41889	Medium	Late-Unicode normalization vulnerability in shirasagi/shirasagi
14	CVE-2023-52081	Low	Late-Unicode normalization vulnerability in ewen-lbh/ffcss
15	CVE-2024-21623	Critical	Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets in mehah/otclient
16	CVE-2024-23343	Medium
17	CVE-2024-23826	High	Uploading an image with a specific filename causes a server-side DoS in spbu-se/spbu_se_site
18	CVE-2024-24759	Critical	--
19	CVE-2024-0081	High	Unicode use in a user-controlled filename may cause a server-side DoS in Nvidia/NeMo - Nvidia security acknowledgement
20	CVE-2024-32874	Critical	-

✨ Feel free to subscribe to my little newsletter sim4n6.beehiiv.com.

Some of the articles already published :

N°	Subject	Publication Date
1	Unicode characters to Bypass Security Checks	x
2	The One Million Unicode Denial Of Service Attack	x
3	How CodeQL works: Summary	x
4	Arbitrary Configuration Injection	x

💬 By the way, I'm looking for a remote opportunity ...

⚡sim4n6 AT gmail.com ⚡

Sim4n6<script>print();</script>'s Projects

almalinux-deploy

EL to AlmaLinux migration tool.

apentestbox

A Docker image made with the most commonly used CLI tools for pentesting and bug bounty hunting.

codeql-pun

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

codeql_dbs

contracts

A small collection of potentially useful contract templates

dfir_ntfs

An NTFS parser for digital forensics & incident response

dnscewl

A DNS Bruteforcing Wordlist Generator

ezxss

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

faraday

Open Source Vulnerability Management Platform

gmail-randomer

Pick a random message from Gmail inbox or from a provided search query.

holytips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

markdown-xss-payloads

XSS payloads for exploiting Markdown syntax

ntfs-specimens

NTFS file system specimens

omise-python

Omise Python Library

pdtm

ProjectDiscovery's Open Source Tool Manager

pentest-tools

Custom pentesting tools

pipe-tshark

pntsh

PNT.sh provides documented pentest cmds right from the CLI using cURL.

pyfsig

python file signature identifier - Use this to identify files from their headers

python-docs-fr

French translation of the Python documentation.

sim4n6

slack_handler

Python tool to extract File slacks from disk images.

sub.monitor

Passive subdomain continous monitoring tool.

test_2

unfurl

Extract and Visualize Data from URLs using Unfurl

vulnlab

1

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs