PESCMS TEAM 2.3.2 - Multiple Reflected XSS

Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.pescms.com/ Software Link: https://github.com/lazyphp/PESCMS-TEAM Version: PESCMS Team 2.3.2 CVE: CVE-2020-28092 PESCMS Team 2.3.2 has multiple reflected XSS via the id...

Cacti < 1.2.14 XSS Vulnerability - Linux

Cacti is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-14188

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue...

CVE-2020-14188

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue...

Code injection

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue...

CVE-2020-14188

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue...

EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse

!/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse Vendor: Embedthis Software LLC Product web page: https://www.embedthis.com Affected version: =5.1.2 and =4.1.3 Summary: GoAhead is the world's most popular, tiny embedded...

Spoofing attack due to unvalidated KDC in node-krb5

Affected versions of node-krb5 do not validate the KDC prior to authenticating, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials. Recommendation It appears that this will remain unfixed indefinitely, ...

ECDSA signature vulnerability of Minerva timing attack in jsrsasign

Impact ECDSA side-channel attack named Minerava have been found and it was found that it affects to jsrsasign. Execution time of thousands signature generation have been observed then EC private key which is scalar value may be recovered since point and scalar multiplication time depends on bits ...

CVE-2018-21247

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak of uninitialized memory contents in the libvncclient/rfbproto.c ConnectToRFBRepeater function...

pcapplusplus:FuzzTarget: Bad-cast to pcpp::Layer from invalid vptr in pcpp::IDnsResource::getRawData

Project: https://github.com/seladb/PcapPlusPlus.git Detailed Report: https://oss-fuzz.com/testcase?key=5758746302349312 Project: pcapplusplus Fuzzing Engine: libFuzzer Fuzz Target: FuzzTarget Job Type: libfuzzerubsanpcapplusplus Platform Id: linux Crash Type: Bad-cast Crash Address: 0x00000170d30...

rdkit:mol_data_stream_to_mol_fuzzer: Bad-cast to RDKit::ATOM_EQUALS_QUERY' (aka 'EqualityQuery<int, const RDKit::Atom *, true>') from Queries::AndQuery<int, RDKit::Atom const*, true> in RDKit::completeMolQueries

Project: https://github.com/rdkit/rdkit.git Detailed Report: https://oss-fuzz.com/testcase?key=5739632884187136 Project: rdkit Fuzzing Engine: libFuzzer Fuzz Target: moldatastreamtomolfuzzer Job Type: libfuzzerubsanrdkit Platform Id: linux Crash Type: Bad-cast Crash Address: 0x000002320160 Crash...

Cross-Site Scripting

Overview Versions of @toast-ui/editor prior to 2.2.0 are vulnerable to Cross-Site Scripting XSS. There are multiple bypasses to the package's built-in XSS sanitization. This may allow attackers to execute arbitrary JavaScript on a victim's browser. Recommendation Upgrade to version 2.2.0 or later...

php-fusion 9.03.50 - &#039;ctype&#039; SQL Injection

Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-19 Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.50 Tested On: Windows 10 + XAMPP...

CVE-2020-0093

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

Cross-Site Scripting

Overview Versions of lazysizes prior to 5.2.1-rc1 are vulnerable to Cross-Site Scripting. The video-embed plugin fails to sanitize the following attributes: data-vimeo, data-vimeoparams, data-youtube and data-ytparams. This allows attackers to execute arbitrary JavaScript in a victim's browser if...

Validation Bypass

Overview Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation. Recommendation Upgrade to versions 6.0.3 or later. References - GitHub issue -...

Holder can (re)create authentic credentials after receiving a credential in vp-toolkit

Impact The verifyVerifiableCredential method check the cryptographic integrity of the Verifiable Credential, but it does not check if the credential.issuer DID matches the signer of the credential. The verifier is impacted by this vulnerability. Patches Patch will be available in version 0.2.2...

GHSA-P94W-42G3-F7H4 Holder can (re)create authentic credentials after receiving a credential in vp-toolkit

Impact The verifyVerifiableCredential method check the cryptographic integrity of the Verifiable Credential, but it does not check if the credential.issuer DID matches the signer of the credential. The verifier is impacted by this vulnerability. Patches Patch will be available in version 0.2.2...

GHSA-FF5X-W9WG-H275 Holder can generate proof of ownership for credentials it does not control in vp-toolkit

Impact The verifyVerifiablePresentation method check the cryptographic integrity of the Verifiable Presentation, but it does not check if the credentialSubject.id DID matches the signer of the VP proof. The verifier is impacted by this vulnerability. Patches Patch will be available in version...