Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, And Microsoft Excel 2016. Security Vulnerabilities

CVE-2024-28880

Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...

silverstripe/framework allows upload of dangerous file types

Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...

silverstripe/framework allows upload of dangerous file types

Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...

policy.secureapi.com.au Cross Site Scripting vulnerability OBB-3931093

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

silverstripe/framework vulnerable to member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...

silverstripe/framework vulnerable to member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...

extranet.it-visions.de Cross Site Scripting vulnerability OBB-3931092

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

silverstripe/framework code execution vulnerability

There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...

silverstripe/framework code execution vulnerability

There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...

expo-box.de Cross Site Scripting vulnerability OBB-3931089

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

silverstripe/framework Privilege Escalation Risk in Member Edit form

A member with the permission EDIT_PERMISSIONS and access to the "Security" section is able to re-assign themselves (or another member) to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing...

silverstripe/framework Privilege Escalation Risk in Member Edit form

A member with the permission EDIT_PERMISSIONS and access to the "Security" section is able to re-assign themselves (or another member) to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing...

pornone.com Cross Site Scripting vulnerability OBB-3931087

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

freerangestock.com Cross Site Scripting vulnerability OBB-3931086

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-36426

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP...

silverstripe/framework's URL parameters `isDev` and `isTest` unguarded

The URL parameters isDev and isTest are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors (including backtraces) and other debugging...

silverstripe/framework's URL parameters `isDev` and `isTest` unguarded

The URL parameters isDev and isTest are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors (including backtraces) and other debugging...

CVE-2024-36426

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP...

silverstripe/framework SQL injection in full text search

When performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability. The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to...

silverstripe/framework SQL injection in full text search

When performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability. The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to...

silverstripe/framework users inadvertently passing sensitive data to LoginAttempt

All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the.....

silverstripe/framework users inadvertently passing sensitive data to LoginAttempt

All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the.....

silverstripe/framework CSV Excel Macro Injection

In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will....

silverstripe/framework CSV Excel Macro Injection

In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will....

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

export-werbung.de Cross Site Scripting vulnerability OBB-3931083

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

excel-lab.de Cross Site Scripting vulnerability OBB-3931082

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

perlenzeit-personal.de Cross Site Scripting vulnerability OBB-3931081

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

evwd.de Cross Site Scripting vulnerability OBB-3931080

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

erlebe-es.de Cross Site Scripting vulnerability OBB-3931079

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-50977

A flaw was found In gnome-shell. The GNOME Network Manager and GNOME Shell Portal Helper connectivity checks send DNS checks that, if intercepted, may be used to launch a GNOME Captive Portal in a WebKitGTK browser and load arbitrary HTML and Javascript code. Mitigation...

CVE-2024-34923

In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting...

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

hennweb.de Cross Site Scripting vulnerability OBB-3931078

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

dailylivenews.in Cross Site Scripting vulnerability OBB-3931077

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-5084

🚀 HashForm Exploit Script This script demonstrates the...

Exploit for Vulnerability in Metabase

CVE-2023-38646 An exploit for CVE-2023-38646, a pre-auth RCE...

[SECURITY] [DLA 3823-1] less security update

Debian LTS Advisory DLA-3823-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 27, 2024 https://wiki.debian.org/LTS Package : less Version : 487-0.1+deb10u1 CVE ID :...

CVE-2024-34923

In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting...

silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL

In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded...

silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL

In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded...

silverstripe/framework member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...

silverstripe/framework member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...