CVE-2020-28589

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Service Update 0.30 for Microsoft Dynamics 365 9.0

Service Update 0.30 for Microsoft Dynamics 365 9.0 Dynamics 365 Introduction Service Update 9.0.30 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.30. More information Update package| Version Numb...

Beckhoff Twincat Exposure of Sensitive Information to an Unauthorized Actor

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less tha...

Cross-Site Scripting via Rich-Text Content

Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser do not consider all potentially malicious HTML tag ...

Black Hat: Charming Kitten Leaves More Paw Prints

LAS VEGAS – The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. The latest: a custom Android backdoor dubbed “LittleLooter” – used exclusively by the threat actor, as far as...

PT-2021-14788 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: An OS Command Injection issue exists in the ping.php script functionality. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request...

September 14, 2021 Security Update (KB5005567)

September 14, 2021 Security Update KB5005567 Improvements and fixes This security update includes quality improvements. Key changes include: This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. For more...

CVE-2021-33321

CVE-2021-33321 affects Liferay Portal 6.2.3–7.3.2 and Liferay DXP before 7.3. The root cause is an insecure default configuration where the portal.property login.secure.forgot.password should be defaulted to true, enabling remote attackers to enumerate user email addresses via the forgot-password...

PEEL-CSRF

The request appears to be vulnerable to cross-site request forgery CSRF attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The...

Default credentials

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of t...

PT-2021-7768 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.16 through 3.5.17 Description: A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality. This vulnerability can be triggered by a specially...

SUSE-SU-2021:2478-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-29 bsc1188275 CVE-2021-29970: Use-after-free in accessibility features of a document CVE-2021-30547: Out of bounds write in...

Cross-site scripting in anchorme

All versions of package anchorme are vulnerable to Cross-site Scripting XSS via the main functionality...

GHSA-W4WQ-RVMQ-77X7 Cross-site scripting in anchorme

All versions of package anchorme are vulnerable to Cross-site Scripting XSS via the main functionality...

M-vSlider <= 2.1.3 - Authenticated (admin+) SQL Injection

The update functionality in the rsliderpage uses an rsid POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role. PoC POST /wp-admin/admin.php?page=rsliderpage=true HTTP/1.1 Host:...

Command injection

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

`better-macro` has deliberate RCE to prove a point

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This is not a particularly novel or interesting observation. It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but...

RUSTSEC-2021-0077 `better-macro` has deliberate RCE to prove a point

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This is not a particularly novel or interesting observation. It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but...

CVE-2021-32786 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

Stripe: Without verifying email and activate account, user can perform all action which are not supposed to be done

A researcher discovered that it was possible to access a subset of livemode dashboard functionality without verifying the account's email address. The livemode functionality in question was disabled in the UI, but could be accessed on the backend. Following this report, Stripe performed an intern...