151 matches found
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...
New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning ERP system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS...
PHP-CGI OS Command Injection Vulnerability
PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823...
CVE-2024-3435
A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
...
AZL-35146 CVE-2024-27318 affecting package pytorch for versions less than 2.2.2-1
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
keycloak: open redirect via "form_post.jwt" JARM response mode
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134...
Exploit for Improper Access Control in Oracle Weblogic_Server
CVE-2024-20931 CVE-2024-20931, this is the bypass of the patch...
GHSA-9VM7-V8WJ-3FQW keycloak-core: open redirect via "form_post.jwt" JARM response mode
An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt". It is observed that changing the responsemode parameter in the original proof of concept from "formpost" to "formpost.jwt...
keycloak: open redirect via "form_post.jwt" JARM response mode
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134...
keycloak: open redirect via "form_post.jwt" JARM response mode
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134...
CVE-2023-5332 Dependency on Vulnerable Third-Party Component in GitLab
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...
Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept PoC exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 CVSS score: 8.1, the high-severity vulnerability relates to a case of authentication bypass...
SAP Application Server ABAP Open Redirection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Open Redirect in BSP Test Application it00 Bypass for CVE-2020-6215 Patch product: SAP® Application Server ABAP and ABAP® Platform SAPBASIS vulnerable version: see sectio...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console - CVE-2023-24966
Summary IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Following IBM®...
CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]
!CVE-2023-38205: Adobe ColdFusion Access Control Bypass \FIXED\https://blog.rapid7.com/content/images/2023/07/GettyImages-1185282377-3.jpg On July 11, 2023, Rapid7 and Adobe disclosed CVE-2023-29298, an access control bypass vulnerability affecting ColdFusion, which Rapid7 had reported to Adobe i...
CVE-2023-34316
An attacker could bypass the latest Delta Electronics InfraSuite Device Master versions prior to 1.0.7 patch, which could allow an attacker to retrieve file contents...
CVE-2023-34316
Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) is affected by CVE-2023-34316 (Improper Access Control). The vulnerability could allow an attacker to bypass patches and retrieve file contents due to insufficient access control on the device. Delta Electronics has provided a f...