Gwyn's Imagemap Selector Security Vulnerabilities

CVE-2022-28159

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

Cross site scripting

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

Code injection

Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...

CVE-2022-28160

Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...

CVE-2022-28159

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

K50455702 : jQuery vulnerabilities CVE-2021-41182, CVE-2021-41183, and CVE-2021-41184

Security Advisory Description CVE-2021-41182 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string...

WordPress Optimole plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress plugin Optimole version 3.3.2 has a cross-site scripting vulnerability that stems from the failure of image optimization and.....

GitLab Uninitialized Admin Password (HTTP) - Active Check

The remote GitLab instance is not initialized with an admin ...

Wrong implementation of OperatorResolver::areOperatorsImported

This issue has been created to upgrade a QA report submission to a medium severity finding. From kenzo: Wrong implementation of OperatorResolver::areOperatorsImported The function as implemented will return true if the operators have same implementation but different selector, or different...

areOperatorsImported has incorrect logic

This issue has been created to upgrade a QA report submission to a medium severity finding. From 0xliumin: areOperatorsImported has incorrect logic Right now, this function returns false if the implementation AND the selector don't match. It's possible to provide a destination with either a...

Security fix for the ALT Linux 10 package qemu version 6.1.1-alt1

6.1.1-alt1 built March 1, 2022 Alexey Shabalin in task #295902 Feb. 24, 2022 Alexey Shabalin - 6.1.1 - Fixes for the following security vulnerabilities: + CVE-2021-3713 uas: add stream number sanity checks + CVE-2021-3947 hw/nvme: fix buffer overrun in nvme_changed_nslist + CVE-2021-20196...

WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin plugin (versions &lt;= 1.0.1). Solution No patched version...

Unauthorised AJAX Calls via Freemius

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle....

WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin plugin (versions &lt;= 1.0.1). Solution No patched version...

Using transfer instead of safeTransfer allows attacker to steal all staked tokens

Lines of code Vulnerability details Impact An attacker can drain all staked tickets. Proof of Concept In the withdrawDelegationToStake function the user can transfer from one of his delegations to the TWABDelegator contract and receive vault tokens he can then unstake to get his tickets back....

Bypass MAX_LOCK duration + External calls even when delegation is locked

Lines of code https://github.com/pooltogether/v4-twab-delegator/blob/master/contracts/Delegation.sol#L40 Vulnerability details Impact Delegation owner can change the MAX_LOCK duration even though current lock set on delegation has not yet expired Also Delegation owner can execute calls even when...

Wrong logic around areOperatorsImported

Lines of code Vulnerability details Impact The logic related to the areOperatorsImported method is incorrect and can cause an operator not to be updated because the owner thinks it is already updated, and a vulnerable or defective one can be used. Proof of Concept The operators mapping is made up.....

Velociraptor Version 0.6.3: Dig Deeper With More Speed and Scalability

Rapid7 is very excited to announce the latest Velociraptor release 0.6.3. This release has been in the making for a few months now and has several exciting new features. Scalability and speed have been the main focus of development since our previous release. Working with some of our larger...

bind security update

[32:9.8.2-0.68.rc1.0.3.8] - Backport fix for CVE-2018-5741 [Orabug: 33496185] [32:9.8.2-0.68.rc1.0.2.8] - Backport possible assertion failure on DNAME processing (CVE-2021-25215) [32:9.8.2-0.68.rc1.0.1.8] - Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749)...

WordPress Contact Form Check Tester 1.0.2 Plugin - Broken Access Control Vulnerability

...

WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control

...

WordPress Contact Form Check Tester 1.0.2 XSS / Access Control

...

Mageia: Security Advisory (MGASA-2017-0064)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0065)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0063)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2020-0167)

The remote host is missing an update for...

in microweber/microweber

Description Sensitive information as part of the error is getting disclosed during the upload of an unrestricted file. Steps to Reproduce Instance 1 Log in to the application https://demo.microweber.org Add a new post and upload an SVG file and you will see an error message getting Popped on the...

Drupal 7.x < 7.86 / 9.2.x < 9.2.11 / 9.3.x < 9.3.3 Multiple Vulnerabilities (drupal-2022-01-19)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.86, 9.2.x prior to 9.2.11, or 9.3.x prior to 9.3.3. It is, therefore, affected by multiple vulnerabilities. Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the...

Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures

espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails.....

GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior

Impact The GovernorCompatibilityBravo module may lead to the creation of governance proposals that execute function calls with incorrect arguments due to bad ABI encoding. This happens if the proposal is created using explicit function signatures, e.g. a proposal to invoke the function...

GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior

Impact The GovernorCompatibilityBravo module may lead to the creation of governance proposals that execute function calls with incorrect arguments due to bad ABI encoding. This happens if the proposal is created using explicit function signatures, e.g. a proposal to invoke the function...

Council veto protection does not work

Handle TomFrenchBlockchain Vulnerability details Impact Council can veto proposals to remove them to remain in power. Proof of Concept The Vader governance contract has the concept of a "council" which can unilaterally accept or reject a proposal. To prevent a malicious council preventing itself...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Apache Log4j Zero Day aka Log4Shell aka...

Security Bulletin: IBM Kenexa LMS On Premise -Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been tested in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2021-4104 DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been tested in LCMS Premier 13.x & 14.0 versions. Vulnerability Details ** CVEID: CVE-2021-4104 DESCRIPTION: **Apache Log4j could allow a remote attacker to execute...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Apache Log4j Zero Day aka Log4Shell aka...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Apache Log4j Zero Day aka Log4Shell aka...

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture (SEAR) group for collaborating with us on the technical analysis. The editorial opinions reflected below...

Zucchetti Axess CLOKI Access Control 1.64 - Cross Site Request Forgery Vulnerability

...

Zucchetti Axess CLOKI Access Control 1.64 - Cross Site Request Forgery (CSRF)

...

Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery

...

Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control

Title: Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control Advisory ID: ZSL-2021-5689 Type: Local/Remote Impact: Cross-Site Scripting, Security Bypass Risk: (3/5) Release Date: 13.12.2021 Summary CLOKI is the pre-installed application on our terminals that provides simple to...

Locke.sol:Stream - arbitraryCall can be used to drain incentive tokens

Handle ScopeLift Vulnerability details Impact Governor can drain incentive balance via arbitraryCall Proof of Concept The Stream contract offers createIncentive https://github.com/code-423n4/2021-11-streaming/blob/main/Streaming/src/Locke.sol#L500 and claimIncentive...

virt:kvm_utils security update

hivex [1.3.18] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.3.18] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) libguestfs [1:1.40.2-25.0.1] - Replace upstream references from description tag -...

NodeBB 1.18.4 - Remote Code Execution With One Shot

Message forums are used by many companies and open source projects to exchange with their users. NodeBB is the leading JavaScript-based forum solution, having over 12k stars on GitHub. Several popular companies are using NodeBB to establish a community around their flagship products. During recent....

Emoji-Button Cross-Site Scripting Vulnerability

Emoji-Button is a native JavaScript emoji selector. emoji-Button is vulnerable to a cross-site scripting vulnerability that stems from the lack of effective filtering and validation of URLs and i18n strings in the software for custom emoji, which could be exploited by an attacker to craft an input....

GitLab: Arbitrary POST request as victim user from HTML injection in Jupyter notebooks

Summary An attacker can create a Jupyter notebook that will make arbitrary POST requests as the victim user. In the "worst case" an attacker could make an admin create a new admin account for the attacker. Other possible attack vectors are forcing invites to private projects etc. Every POST...

Google Chrome contacts picker security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome due to an error in policy enforcement in the product contact selector. An attacker could use this vulnerability to bypass security...

The importance of identity and Microsoft Azure Active Directory resilience

I love hearing my colleagues explain how they came to the industry because so many of their stories are unusual. I’m surprised how often I hear that people got into computer science by some fortuitous accident. Although he loved computers from the time he was a kid, Oren Melzer never expected to...

The importance of identity and Microsoft Azure Active Directory resilience

I love hearing my colleagues explain how they came to the industry because so many of their stories are unusual. I’m surprised how often I hear that people got into computer science by some fortuitous accident. Although he loved computers from the time he was a kid, Oren Melzer never expected to...