Brave Software: Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS

Summary: An attacker can use the "Save .torrent file" option in WebTorrent to smuggle malicious files onto the client's machine. Description Brave allows users to download the ".torrent" via WebTorrent. WebTorrent decides whether a file is torrent or not based on the following headers...

CVE-2020-7352

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

PT-2020-19567 · Gog · Gog Galaxy

Name of the Vulnerable Software and Affected Versions: GOG Galaxy versions 1.2.x through 1.2.64 GOG Galaxy versions 2.0.x through 2.0.12 Description: The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with an...

kubernetes: node localhost services reachable via martian packets

A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are n...

DEBIAN-CVE-2020-8558

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally...

kubernetes: node localhost services reachable via martian packets

A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are n...

kubernetes: node localhost services reachable via martian packets

A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are n...

Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/mrzulkarnine/Web-based-hotel-booking-system Software Link:...

DEBIAN-CVE-2020-15720

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...

UBUNTU-CVE-2020-15720

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...

kubernetes: node localhost services reachable via martian packets

A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are n...

Localhost Boundary Bypass

kubernetes is vulnerable to localhost boundary bypass. Due to insecure API Server's default port setting, TCP and UDP services on the nodes which are bound to 127.0.0.1 are reachable by adjacent hosts or by containers running on the same node as the service...

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

CVE-2020-12828

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTE...

CVE-2020-12828

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTE...

Design/Logic Flaw

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTE...

CVE-2020-12828

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTE...

SSRF in OIDC Setup [Bitbucket Data Center]

h3. Issue Summary SSRF h3. Steps to Reproduce During set-up of a custom OpenID Connect identity provider in Bitbucket Server but may apply to other Data Center applications that use the same OIDC module|https://hub.docker.com/r/atlassian/bitbucket-server/, one has to specify the "Issuer URL". As...