Design/Logic Flaw

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request...

CVE-2024-23839 Suricata http: heap use after free with http.request_header and http.response_header keywords

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

TP-LINK ER7206 OS Command Injection Vulnerability

The TP-LINK ER7206 is a multi-function Gigabit router from China P&L TP-LINK. An operating system command injection vulnerability exists in the TP-LINK ER7206 version 1.3.0 build 20230322 Rel.70591, which stems from a specially crafted HTTP request that could lead to arbitrary command injection. ...

CVE-2024-0439

CVE-2024-0439 describes a privilege-management flaw where manager-level users can modify restricted settings via direct HTTP requests despite UI-level protections. The issue is not labeled as critical in the sources, but multiple advisories note it should be patched to enforce the intended permis...

CVE-2024-0439 User can manually send request at manager permission to modify system configurations

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request...

Updated nodejs yarnpkg packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- High CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High CVE-2023-46809 -...

CVE-2024-25129 Limited data exfiltration in CodeQL CLI

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2024-25129 Limited data exfiltration in CodeQL CLI

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

FreeIPA 4.10.1 Denial Of Service / Information Disclosure

Summary: Specially crafted HTTP requests can read files in the DC server. And use keytab files for authorization for different kerberos principals. Tested FreeIPA version: ipa-server-4.10.1 Details The "user" parameter in the HTTP URI "/sip/session/loginpassword" is inserted into the "run" functi...

WEBIGniter 28.7.23 Cross Site Scripting

Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting XSS Exploit Author: Sagar Banwa Date: 19/10/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Tested on: Windows 10/Kali Linux CVE :...

CVE-2024-1481

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. Mitigation Mitigation for this issue is either not available or the...

Advisory ROSA-SA-2024-2354

Software: shim-signed 15 OS: rosa-server79 packageevrstring: shim-signed-15-8.0.1.res7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the UEFI shim bootloader due to failure to take measures to neutralize special elements. Exploitation of the...

Advisory ROSA-SA-2024-2353

Software: shim 15 OS: rosa-server79 packageevrstring: shim-15-8.0.1.el7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could...

CVE-2024-22234

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

CVE-2024-22234

CVE-2024-22234 (Spring Security) Affected: Spring Security 6.1.x prior to 6.1.7 and 6.2.x prior to 6.2.2.Vulnerability: Broken access control when an application directly calls AuthenticationTrustResolver.isFullyAuthenticated(Authentication) with a null parameter, which can erroneously return tru...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

Savsoft Quiz 6.0 Enterprise Cross Site Scripting

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...

CVE-2024-25626

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 before and included Yocto Project 4.3.1, with the Toaster server included in bitbake running, missing input...