Berlin-l21,berlin-l21hn,berlin-l22,berlin-l22hn,berlin-l23,berlin-l24hn,frd-l02,frd-l04,frd-l09,frd-l14,frd-l19, Security Vulnerabilities

RSSHub vulnerable to Server-Side Request Forgery

Summary Serveral Server-Side Request Forgery (SSRF) vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. Details...

RSSHub vulnerable to Server-Side Request Forgery

Summary Serveral Server-Side Request Forgery (SSRF) vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. Details...

BIT-tensorflow-2022-29204

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack....

BIT-mastodon-2023-28853

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...

`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...

`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...

CVE-2024-1058

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

CVE-2024-1058

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

Malicious code in frd-rsa-js (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e8787b5e0e6583bf27e7ad1a0f2da3d1fc03021fa9a8957e681cc9c79c0f6acd) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

berlin-en-ligne.com Cross Site Scripting vulnerability OBB-3859645

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Online Shopping System Advanced - Sql Injection Vulnerability

...

Online Shopping System Advanced - Sql Injection

...

Russian Government Software Backdoored to Deploy Konni RAT Malware

An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog). The findings come from German cybersecurity company DCSO, which linked the activity as originating...

Cross-site Scripting (XSS)

decidim is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper handling of file names during dynamic file uploads. This allows attackers to craft malicious file names that get stored in the database and executed when viewed by other...

OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation

...

OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation Vulnerabilities

OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting...

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change....

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change....

CVE-2024-1058

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

CVE-2023-51447

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the...

CVE-2023-51447

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the...

CVE-2023-51447

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the...

CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the...

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change....

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change....

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

CVE-2023-6369

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...

CVE-2023-6369

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...

CVE-2023-6556

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2023-6556

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

ehe-berlin-brandenburg.de Cross Site Scripting vulnerability OBB-3831741

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-6556

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2023-6369

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...

Description of the security update for SharePoint Server Subscription Edition: January 9, 2024 (KB5002540)

Description of the security update for SharePoint Server Subscription Edition: January 9, 2024 (KB5002540) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

Ruby on Rails: DoS with crafted "Range" header

I have crafted a request header for "range" against proxy url in Active Storage and confirmed that it will be a DoS. https://github.com/rails/rails/blob/v7.1.2/activestorage/app/controllers/active_storage/blobs/proxy_controller.rb#L14 ruby def show if request.headers["Range"].present? ...

Leap year not accounted for OLAS and veOLAS contract

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/governance/contracts/veOLAS.sol#L101 Vulnerability details Impact OLAS and veOLAS contract does not account for years with 366 days in it's state variables uint256 public constant oneYear =.....

GovernorOLAS is susceptible to DOS via proposal frontrunning

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/governance/package.json#L28 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0a25c1940ca220686588c4af3ec526f725fe2582/contracts/governance/Governor.sol#L263...

Signatures can be replayed to cast with castVoteWithReasonAndParamsBySig() more votes than the user intended in GovernorOLAS

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/main/governance/contracts/GovernorOLAS.sol#L14-L15 Vulnerability details Impact In the "GovernorOLAS.sol" contract, as the comment line supports the OpenZeppelin functions are used as is. However, the inherited OpenZeppelin 4.8.3...

Researchers Crack Tesla Autopilot with ‘Elon Mode,’ Access Critical Data

By Deeba Ahmed German cybersecurity researchers from Technische Universität Berlin employed a €600 (£520 - $660) tool to gain root access to the ARM64-based circuit board of Tesla's autopilot. This is a post from HackRead.com Read the original post: Researchers Crack Tesla Autopilot with 'Elon...

ewen-lbh/ffcss Late-Unicode normalization vulnerability

Summary The function lookupPreprocess() is meant to apply some transformations to a string by disabling characters in the regex [-_ .]. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex [-_.....

ewen-lbh/ffcss Late-Unicode normalization vulnerability

Summary The function lookupPreprocess() is meant to apply some transformations to a string by disabling characters in the regex [-_ .]. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex [-_.....

Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, Q, and L Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

Prefix Truncation Attack (Terrapin Attack)

libssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol (BPP) with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation,...

Rogue Session Attack (Terrapin)

asyncssh-pypi is vulnerable to Rogue Session Attack. The vulnerability is due to malicious negotiation of extensions during the SSH connection setup process. This issue can be exploited by an attacker via injecting malicious extensions during the negotiation process, resulting in a SSH security...

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...