Classified Listing Store & Membership Addon Security Vulnerabilities

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

Pyrit - The Famous WPA Precomputed Cracker

Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....

Trusted relationship attacks: trust, but verify

IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...

Oracle Linux 8 : kernel (ELSA-2024-3138)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3138 advisory. - x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30040] {CVE-2024-25743 CVE-2024-25742} - mm/sparsemem: fix race in...

Foxit Reader Updater improper certificate validation privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-1989 Foxit Reader Updater improper certificate validation privilege escalation vulnerability May 28, 2024 CVE Number CVE-2024-29072 SUMMARY A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper....

AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24963,CVE-2024-24962 SUMMARY A stack-based buffer overflow vulnerability exists in the Programming Software...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2024-632)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-632 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-625)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-625 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...

Amazon Linux 2023 : cni-plugins (ALAS2023-2024-630)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-630 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2024-631)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-631 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...

silverstripe/framework missing ACL on reports

The SS_Report, and the reports CMS section only checks canView() when listing the reports that can be viewed by the current user. It does not (and should) perform canView checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of...

silverstripe/framework missing ACL on reports

The SS_Report, and the reports CMS section only checks canView() when listing the reports that can be viewed by the current user. It does not (and should) perform canView checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of...

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts

SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...

Fedora: Security Advisory for gdcm (FEDORA-2024-11821b16ac)

The remote host is missing an update for...

Fedora: Security Advisory for gdcm (FEDORA-2024-fae33e6e9f)

The remote host is missing an update for...

Fedora: Security Advisory for rust-zram-generator (FEDORA-2024-ce2936b568)

The remote host is missing an update for...

Fedora: Security Advisory for gdcm (FEDORA-2024-7a57842ec3)

The remote host is missing an update for...

Exploit for CVE-2024-4443

CVE-2024-4443-Poc CVE-2024-4443 Business Directory Plugin –...

CVE-2024-32045

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...

CVE-2024-32045

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...

CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands

Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook...

CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands

Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook...

CVE-2024-32045 Playbook run link to private channel grants channel access

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...

CVE-2024-32045 Playbook run link to private channel grants channel access

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...

[SECURITY] Fedora 40 Update: rust-zram-generator-1.1.2-11.fc40

This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memor y.) To activate, install zram-generator-defaults...

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

BIT-hubble-relay-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...

CVE-2023-49574

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

CVE-2023-49575

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

CVE-2023-49574

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

CVE-2023-49575

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

CVE-2023-49573

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

CVE-2023-49573

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

CVE-2023-49572 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

CVE-2023-49572 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

4BRO Insecure Direct Object Reference / API Information Exposure

...