TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

Impact A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. The validation only checks if a hostname ended with an allowed domain. This meant: If example.com is allowed in proxyableDomains: - ✅ example.com is allowed correct - ✅...

CVE-2024-28092

UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Ti...

The vulnerability of the cap_net service in the FreeBSD operating system allows a hacker to modify the list of allowed domain names.

The vulnerability of the capnet service in the FreeBSD operating system is related to errors in privilege management. Exploiting this vulnerability could allow a malicious actor to modify the list of allowed domain names...

Phabricator: Bypass auth.email-domains

Email addresses are stored as VARCHAR128. However, Phabricator does not verify the length of an email address upon registration. This allows attackers to bypass the allowed email-domains defined in auth.email-domains. Exploiting this is rather straightforward: get an email address of 128 characte...