Custom Dashboard & Login Page – AGCA Security Vulnerabilities
silverstripe/framework vulnerable to member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...
7.2AI Score
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...
7.2AI Score
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the.....
6.7AI Score
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the.....
6.7AI Score
User enumeration is possible by performing a timing attack on the login or password reset pages with user...
7.3AI Score
User enumeration is possible by performing a timing attack on the login or password reset pages with user...
7.3AI Score
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Authenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client...
7.2AI Score
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Authenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client...
7.2AI Score
[SECURITY] [DLA 3823-1] less security update
Debian LTS Advisory DLA-3823-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 27, 2024 https://wiki.debian.org/LTS Package : less Version : 487-0.1+deb10u1 CVE ID :...
7.7AI Score
silverstripe/framework has Cross-site Scripting vulnerability in page name
silverstripe/framework is vulnerable to XSS in Page name where the payload "><svg/onload=alert(/xss/)> will trigger an XSS...
6.1AI Score
silverstripe/framework has Cross-site Scripting vulnerability in page name
silverstripe/framework is vulnerable to XSS in Page name where the payload "><svg/onload=alert(/xss/)> will trigger an XSS...
6.1AI Score
silverstripe/framework member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
silverstripe/framework member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
After performing a password reset, ChangePasswordForm::doChangePassword() logs in the user without checking Member::canLogIn(). This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members.....
7.2AI Score
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
After performing a password reset, ChangePasswordForm::doChangePassword() logs in the user without checking Member::canLogIn(). This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members.....
7.2AI Score
Exploit for OS Command Injection in Dolibarr Dolibarr Erp\/Crm
POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253) Reverse...
7.7AI Score
0.005EPSS
Exploit for OS Command Injection in Dolibarr Dolibarr Erp\/Crm
POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253) Reverse...
7.7AI Score
0.005EPSS
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session...
6.3CVSS
6.2AI Score
A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via index page in from, subject, text and hash parameters. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their session...
6.3CVSS
6.3AI Score
CVE-2024-5406 Multiple vulnerabilities in WinNMP from Wtriple
A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via index page in from, subject, text and hash parameters. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their session...
6.2AI Score
CVE-2024-5405 Multiple vulnerabilities in WinNMP from Wtriple
A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session...
6.1AI Score
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...
6.5AI Score
0.0004EPSS
An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login...
7.2AI Score
An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login...
7AI Score
[SECURITY] [DLA 3822-1] python-pymysql security update
Debian LTS Advisory DLA-3822-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 27, 2024 https://wiki.debian.org/LTS Package : python-pymysql Version : 0.9.3-1+deb10u1 CVE...
7.7AI Score
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use tty_port_close") converted serial core to use tty_port_close() but failed to notice that the transmit buffer...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi->txq_map's size is...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in ets_qdisc_change(). As a consequence, it's...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in.....
6.4AI Score
0.0004EPSS
silverstripe/framework is vulnerable to Open Redirect. The vulnerability is due to improper handling of login URLs, allowing attackers to redirect successful logins to external...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...
6.4AI Score
0.0004EPSS
silverstripe/framework is vulnerable to Brute Force attacks. The vulnerability is due to the default Administrator accounts not being subject to the same brute force protection as other Member accounts, allowing unlimited login...
7AI Score
silverstripe/framework is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper handling of error messages generated for the CMS login page, where the URL of the requested page is interpolated without proper escaping, allowing for arbitrary HTML...
7AI Score
silverstripe/cms is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of proper validation of user-submitted HTML in the “compare mode” of the CMS page history tab, which allows attackers to embed malicious scripts that results in Cross-Site Scripting...
6.3AI Score
A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input confirm (document.cookie) leads.....
2.4CVSS
6.7AI Score
0.0004EPSS
A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to sql injection. The attack can be initiated remotely. VDB-266302 is the identifier assigned...
7.3CVSS
7.9AI Score
0.0004EPSS
CVE-2024-5385 oretnom23 Online Car Wash Booking System cross site scripting
A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input confirm (document.cookie) leads.....
6.3AI Score
0.0004EPSS
Debian dla-3823 : less - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3823 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3823-1 [email protected] ...
7.7AI Score
7.5AI Score
0.0004EPSS
7.5AI Score
0.008EPSS
7.5AI Score
0.0005EPSS
7.5AI Score
0.0004EPSS
7.1AI Score
0.001EPSS
6.6AI Score
7.5AI Score
7.5AI Score
0.001EPSS