Mahara <= 20.10 CSRF Vulnerability

Mahara is prone to a cross-site request forgery CSRF vulnerability that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a...

GHSA-M6M5-PP4G-FCC8 S3 storage write is not aborted on errors leading to unbounded memory usage

Impact Anyone using storage.blob.s3 introduced in 0.5.0 with storage.imapsql. storage.imapsql localmailboxes ... msgstore s3 ... Patches The relevant commit is pushed to master and will be included in the 0.5.1 release. No special handling of the issue has been done due to the small amount of...

S3 storage write is not aborted on errors leading to unbounded memory usage

Impact Anyone using storage.blob.s3 introduced in 0.5.0 with storage.imapsql. storage.imapsql localmailboxes ... msgstore s3 ... Patches The relevant commit is pushed to master and will be included in the 0.5.1 release. No special handling of the issue has been done due to the small amount of...

UBUNTU-CVE-2020-18900

DISPUTED A heap-based buffer overflow in the libexeiohandlereadcoffoptionalheader function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub...

Heap overflow

A heap-based buffer overflow in the libexeiohandlereadcoffoptionalheader function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub...

GetSimple CMS <= 3.3.16 Multiple XSS Vulnerabilities

GetSimple CMS is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

CVE-2021-36976

libarchive 3.4.1 through 3.5.1 has a use-after-free in copystring called from douncompressblock and processblock...

GHSA-7R96-8G3X-G36M Improper Verification of Cryptographic Signature

Impact The verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid. Patches Upgrade to v7.0.3 immediately to resolve this issue. Since the vulnerability lies within the...

Improper Verification of Cryptographic Signature

Impact The verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid. Patches Upgrade to v7.0.3 immediately to resolve this issue. Since the vulnerability lies within the...

RUSTSEC-2021-0095 `mopa` is technically unsound

The mopa crate redefines the deprecated TraitObject struct from core::raw like so: rust reprC deriveCopy, Clone dochidden pub struct TraitObject pub data: mut , pub vtable: mut , This is done to then transmute a reference to a trait object &dyn Trait for any trait Trait into this struct and...

Exploit for SQL Injection in Cacti

CVE-2020-14295 CVE-2020-14295 proof of concept. The original p...

JWT leak via Open Redirect in Programmatic access

Impact Using programmatic access on protected sites, one can get a signed login URL with pomeriumredirecturi set to an arbitrary URL. Then, if the user has already logged into Pomerium, they will be redirected to the specified pomeriumredirecturi with a JWT attached. This allows an outside attack...

GHSA-XW22-WV29-3299 ApiKey secret could be revelated on network issue

Impact What kind of vulnerability is it? Who is impacted? Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too Patches Has the problem been patched? What versions should users upgrade to? creharmony/node-etsy-client18 fixes this issu...

Batflat CMS 1.3.6 - &#039;multiple&#039; Stored XSS

Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS Date: 22/02/2021 Exploit Author: Tadjmen Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Version: 1.3.6 Tested on: Xammpp on Windows, Firefox Newest CVE : N/A Multiple Stored XSS...

Batflat CMS 1.3.6 Cross Site Scripting

Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS Date: 22/02/2021 Exploit Author: Tadjmen Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Version: 1.3.6 Tested on: Xammpp on Windows, Firefox Newest CVE : N/A Multiple Stored XSS...

GHSA-QRQM-FPV6-6R8G Command Injection Vulnerability in Mechanize

This security advisory has been created for public disclosure of a Command Injection vulnerability that was responsibly reported by @kyoshidajp Katsuhiko YOSHIDA. Impact Mechanize = v2.0, v2.7.7 allows for OS commands to be injected using several classes' methods which implicitly use Ruby's...

GHSA-32WX-4GXX-H48F Users can edit the tags of any discussion

This advisory concerns a vulnerability which was patched and publicly released on October 5, 2020. Impact This vulnerability allowed any registered user to edit the tags of any discussion for which they have READ access using the REST API. Users were able to remove any existing tag, and add any t...

CVE-2020-25674

WriteOnePNGImage from coders/png.c the PNG coder has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times,...

Denial of service in fast-csv

Impact Possible ReDoS Regular Expression Denial of Service when using ignoreEmpty option when parsing. Patches This has been patched in v4.3.6 Workarounds You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to t...

PESCMS TEAM 2.3.2 Cross Site Scripting

Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.pescms.com/ Software Link: https://github.com/lazyphp/PESCMS-TEAM Version: PESCMS Team 2.3.2 CVE: CVE-2020-28092 PESCMS Team 2.3.2 has multiple reflected XSS via the id...