Goolytics – Simple Google Analytics Security Vulnerabilities

CGA-3wp7-c76j-2923

Bulletin has no...

CGA-3vxq-pj3w-xvh2

Bulletin has no...

CGA-w448-h98f-v5r3

Bulletin has no...

CGA-qgv9-hhvv-mr85

Bulletin has no...

CGA-2q87-662v-gc7w

Bulletin has no...

CGA-2cjf-23rw-frfj

Bulletin has no...

CGA-m2fp-r886-3q6p

Bulletin has no...

CGA-j235-35vq-wrm8

Bulletin has no...

CGA-8qrp-773c-j5w7

Bulletin has no...

CGA-39w9-7pc7-jqv7

Bulletin has no...

CGA-393w-cwxp-xhj9

Bulletin has no...

CGA-33w6-99cx-72gx

Bulletin has no...

CGA-2mj6-w546-q9r6

Bulletin has no...

mariadb, mariadb-10.6 vulnerability

A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been updated to 10.6.18 in Ubuntu 22.04 LTS and to 10.11.8 in Ubuntu 23.10 and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes,...

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,.....

Heap-buffer-overflow in spvtools::disassemble::InstructionDisassembler::EmitInstruction

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69549 Crash type: Heap-buffer-overflow READ 1 Crash state: spvtools::disassemble::InstructionDisassembler::EmitInstruction spvtools::DisassembleInstruction...

CVE-2024-34993

In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection...

Ubuntu: Security Advisory (USN-6818-4)

The remote host is missing an update for...

composer - security update

Bulletin has no...

glibc security update

[2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi Oracle history: June-22-2023 Cupertino Miranda - 2.17-326.0.9 - OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed free() of stack allocations. Reviewed-by: Jose E....

Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

libndp - security update

Bulletin has no...

User Registration And Management System 3.2 SQL Injection

...

thunderbird - security update

Bulletin has no...

Oracle Linux 7 : glibc (ELSA-2024-12444)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory. [2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...

chromium - security update

Bulletin has no...

linux-hwe-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub (32-bit) and Scalar52::sub...

Moodle BigBlueButton web service leaks meeting joining information

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...

Dolibarr arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL...

Moodle stored XSS via calendar's event title when deleting the event

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion...

Moodle uses the same key for QR login and auto-login

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...

Moodle HTTP authorization header is preserved between "emulated redirects"

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect...

Moodle CSRF risks due to misuse of confirm_sesskey

Incorrect CSRF token checks resulted in multiple CSRF...

Malicious code in draconianspeed (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (b1212e40bb57fce7672f50431153645b13624cc1e2061b44c0b91fec275e7853) The OpenSSF Package Analysis project identified 'draconianspeed' @ 5.0.0 (npm) as malicious. It is considered malicious because: The package...

PocketBase performs password auth and OAuth2 unverified email linking

In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email (it is unverified) - at some later point in time the targeted user stumble on your app and decides to sign-up with.....

git vulnerability

USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This...

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider.....

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

CVE-2024-6116

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

CVE-2024-6116

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

Malicious code in mvp-website-html (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (89574af4bb00d4c540ffc8651f5ef4bcc0f72af2368ee6e32346807e91d2e8a0) The OpenSSF Package Analysis project identified 'mvp-website-html' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package...

CVE-2024-6116 itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

CVE-2024-6116 itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

CVE-2024-6115

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...

CVE-2024-6115

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...

CVE-2024-6115 itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...

CVE-2024-6115 itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...

Helpful tools to get started in IoT Assessments

The Internet of Things (IoT) can be a daunting field to get into. With many different tools and products available on the market it can be confusing to even know where to start. Having performed dozens of IoT assessments, I felt it would be beneficial to compile a basic list of items that are...