Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in publify/publify

Description Session cookie publifyblogsession is not marked with 'Secure' Proof of Concept Login to demo page https://demo-publify.herokuapp.com/ Open Firefox developer option - storage - check secure option Below link shows POC https://i.ibb.co/j3K5YDg/Screenshot-45.png...

Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming

The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993&action=edit,...

CVE-2021-35497

CVE-2021-35497 affects TIBCO FTL/ActiveSpaces components (Community, Developer, Enterprise) and their Docker images. The issue is a trust-management flaw that could let a non-administrative, authenticated FTL user cause the system to create illegitimate X.509 certificates, enabling MITM attacks o...

Incentives for different pools should differ by a large factor

Handle tensors Vulnerability details I'm adding this as an issue because I didn't see it mentioned anywhere in the codebase, and I think its a fair point that relates to how the protocol gives out rewards to users. As I understand , the point of staking is to provide users with additional...

Company's Recruitment Management System SQL Injection

Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the parameter from viewvacancy app on-page appears to be vulnerable to SQL Injection - Stealing the Password Hashes attacks. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were...

Pixel Update Bulletin—October 2021Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2021-10-05 or later address all issues in this bulletin and all issues in the October 2021 Android...

GitLab: Drive-by arbitrary file deletion in the GDK via letter_opener_web gem

Summary When running gitlab in development, an extra gem used to view emails that have been sent: https://gitlab.com/gitlab-org/gitlab/-/blob/v14.3.0-ee/config/routes/development.rbL14 ruby mount LetterOpenerWeb::Engine, at: '/rails/letteropener' One of the routes it adds is to delete a letter:...

Shopkit Cross-Site Scripting Vulnerability

Shopkit is an open source Kirby Cms version 2 integrated commerce solution from the Canadian personal developer Sam Nabi.Shopkit version 2.7 contains a cross-site scripting vulnerability that could be exploited by attackers to hijack user credentials via a carefully crafted payload in an email te...

JVN#42866574: Multiple vulnerabilities in Sharp NEC Display Solutions' public displays

Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Version| Vector| Score ---|---|--- CVSS v2| AV:N/AC:L/Au:N/C:C/I:C/A:C| Base Score:10.0 CVSS v3|...

KLA12285 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Visual Studio can be...

Pixel Update Bulletin—September 2021Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2021-09-05 or later address all issues in this bulletin and all issues in the September 2021 Android...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle July 2021 Critical Patch Update, minus CVE-2021-2341. CVE-2021-2341 will be covered in an additional bulletin. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an...

JVN#46313661: EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

EC-CUBE plugin "List order management item change plug-in" provided by shiro8 Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the administrative page of the product. Solution Update the plug...

WWWGrep - OWASP Foundation Web Respository

WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused single, multiple file based URLs and recursive with respect to root domain or not searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was...

Authorities Arrest Another TrickBot Gang Member in South Korea

Another alleged member of the TrickBot gang has been apprehended, this time when trying to leave South Korea, according to published reports. The Russian national, who is an alleged developer of the notorious crimeware, reportedly had been trapped in South Korea since February 2020 due to COVID-1...

Edgegallery developer-be code issue vulnerability

Edgegallery developer-be is a developer platform that provides development tools/testing environment/online deployment for App developers, divided into two parts: developer-be is the backend part, providing interface calls, and developer-fe is the frontend part, providing interface display...

CVE-2021-34066

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...

CVE-2021-34066

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...

Deserialization of untrusted data

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...

CVE-2021-34066

CVE-2021-34066 affects EdgeGallery/developer before v1.0. The issue is a YAML deserialization vulnerability in uploaded YAML files that enables execution of system commands. The impact is high (C/H I/H A/H) with network attack vector and no privileges or user interaction required. The available c...