POST SMTP – The Security Vulnerabilities

Jinja2 vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages jinja2 - small but fast and easy to use stand-alone template engine Details It was discovered that Jinja2 incorrectly handled certain HTML attributes that were...

CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product...

CVE-2024-28880

Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...

silverstripe/framework allows upload of dangerous file types

Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...

silverstripe/framework allows upload of dangerous file types

Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...

policy.secureapi.com.au Cross Site Scripting vulnerability OBB-3931093

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

silverstripe/framework vulnerable to member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...

silverstripe/framework vulnerable to member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...

silverstripe/framework sends passwords back to browsers under some circumstances

Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or...

silverstripe/framework sends passwords back to browsers under some circumstances

Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or...

extranet.it-visions.de Cross Site Scripting vulnerability OBB-3931092

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

silverstripe/framework uploaded PHP script execution in assets

A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...

silverstripe/framework uploaded PHP script execution in assets

A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...

silverstripe/framework code execution vulnerability

There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...

silverstripe/framework code execution vulnerability

There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...

silverstripe/framework BackURL validation bypass with malformed URLs

A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended...

silverstripe/framework BackURL validation bypass with malformed URLs

A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended...

expo-box.de Cross Site Scripting vulnerability OBB-3931089

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

silverstripe/framework Privilege Escalation Risk in Member Edit form

A member with the permission EDIT_PERMISSIONS and access to the "Security" section is able to re-assign themselves (or another member) to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing...

silverstripe/framework Privilege Escalation Risk in Member Edit form

A member with the permission EDIT_PERMISSIONS and access to the "Security" section is able to re-assign themselves (or another member) to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing...

pornone.com Cross Site Scripting vulnerability OBB-3931087

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

freerangestock.com Cross Site Scripting vulnerability OBB-3931086

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-36426

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP...

Best Practices for Cloud Computing Security

By Owais Sultan Cloud security is crucial for businesses. Here are vital tips to safeguard your data, including choosing a secure… This is a post from HackRead.com Read the original post: Best Practices for Cloud Computing...

silverstripe/framework's URL parameters `isDev` and `isTest` unguarded

The URL parameters isDev and isTest are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors (including backtraces) and other debugging...

silverstripe/framework's URL parameters `isDev` and `isTest` unguarded

The URL parameters isDev and isTest are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors (including backtraces) and other debugging...

CVE-2023-6349

A flaw was found in libvpx. Encoding a frame with larger dimensions than the original configured size with VP9 may result in a heap overflow. Mitigation...

CVE-2024-36426

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP...

silverstripe/framework SQL injection in full text search

When performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability. The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to...

silverstripe/framework SQL injection in full text search

When performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability. The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to...

silverstripe/framework users inadvertently passing sensitive data to LoginAttempt

All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the.....

silverstripe/framework users inadvertently passing sensitive data to LoginAttempt

All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the.....

silverstripe/framework CSV Excel Macro Injection

In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will....

silverstripe/framework CSV Excel Macro Injection

In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will....

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

export-werbung.de Cross Site Scripting vulnerability OBB-3931083

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

excel-lab.de Cross Site Scripting vulnerability OBB-3931082

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

perlenzeit-personal.de Cross Site Scripting vulnerability OBB-3931081

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

evwd.de Cross Site Scripting vulnerability OBB-3931080

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

erlebe-es.de Cross Site Scripting vulnerability OBB-3931079

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-50977

A flaw was found In gnome-shell. The GNOME Network Manager and GNOME Shell Portal Helper connectivity checks send DNS checks that, if intercepted, may be used to launch a GNOME Captive Portal in a WebKitGTK browser and load arbitrary HTML and Javascript code. Mitigation...

silverstripe/framework's User-Agent header not correctly invalidating user session

A security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user...

silverstripe/framework's User-Agent header not correctly invalidating user session

A security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to an unvalidated returnURL parameter in the dev/build endpoint, which can cause users to be redirected to unverified third-party...

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...