Skip to content

Instantly share code, notes, and snippets.

View garakh's full-sized avatar

Iliya Garakh garakh

19 followers · 4 following
View GitHub Profile
@garakh
garakh / CVE-2022-25266-CVE-2022-25267-CVE-2022-25268-CVE-2022-25269.txt
Created March 21, 2022 20:52
Description of CVE-2022-25266, CVE-2022-25267, CVE-2022-25268, CVE-2022-25269
CVE-2022-25266
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
After authorization with the Owner account, it will be possible to read files located outside the web directory on the server
Discoverer: Positive technologies, Arian Rakhimi
CVE-2022-25267
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
After logging in with the Owner account, an intruder has the ability to upload arbitrary files by sending specially generated HTTP requests
Discoverer: Positive technologies, Arian Rakhimi
@garakh
garakh / password-strength.js
Created November 9, 2021 13:31 — forked from stgogm/password-strength.js
/**
* Scores a password's strength.
*
* It scores a password according to several factors like character variation,
* repetition and length. The passwords are scored in a numeric point scale that
* varies from less than 0 to 100 and more. A safe password score should be
* considered as 49 points or more.
*
* @param {String} pwd The password string to score.
*
@garakh
garakh / gist:5744838
Created June 9, 2013 19:28
Simple phalcon+mongo authorizarion
<?php
class LoginController extends \Phalcon\Mvc\Controller
{
public function initialize()
{
Phalcon\Tag::setTitle('Страница входа / регистрации');
}
public function indexAction()