GHSA-F78J-4W3G-4Q65 StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...

Ladder v0.0.21 - Server-side request forgery Vulnerability

Exploit Title: Ladder v0.0.21 - Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to...

Ladder Security Breach

Ladder is a web proxy that helps bypass paywalls. A security vulnerability exists in Ladder version v0.0.21, which stems from an inability to apply sufficient default restrictions to target addresses. An attacker exploiting the vulnerability could access private address ranges, local listening...

Ladder v0.0.21 - Server-side request forgery (SSRF)

Exploit Title: Ladder v0.0.21 - Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to...

Ladder 0.0.21 Server-Side Request Forgery

Exploit Title: Ladder v0.0.21 Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to app...

[SECURITY] Fedora 40 Update: jaxb-stax-ex-2.1.0-8.fc40

This project contains a few extensions to complement JSR-173 StAX API in the following areas: - Enable parser instance reuse which is important in the high-performance environment like Eclipse Implementation of JAXB and Eclipse Metro - Improve the support for reading from non-text XML infoset, su...

VMware Cloud Director Information Disclosure Vulnerability

VMware Cloud Director is a cloud service delivery platform from VMware. The platform supports virtual datacenter creation, multi-site management, datacenter scaling and cloud migration, and cloud-native application development. An information disclosure vulnerability exists in VMware Cloud...

BIT-TOMCAT-2021-43980 Apache Tomcat: Information disclosure

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.18, 9.0.0 to 9.0.60 and 8.5.0 to 8.5.77 that could...

BIT-GITLAB-2023-2233 Missing Authorization in GitLab

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects...

BIT-AIRFLOW-2023-29247 Stored XSS on Apache Airflow

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

CVE-2024-0765

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

Design/Logic Flaw

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

CVE-2024-0765 Default user role exporting save state of instance

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

CVE-2024-0765 Default user role exporting save state of instance

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

CVE-2024-0795

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

Authentication flaw

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

PT-2024-15827 · Softwarex · Softwarex

The affected software is related to a specific application or system that uses admin or manager roles. If an attacker gains access to an instance with the admin or manager role, they can create a new user with an admin role without any backend authentication to prevent it, allowing them to use th...

CVE-2024-27139

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do...

SUSE CVE-2021-46991

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40eclientsubtask Currently the call to i40eclientdelinstance frees the object pf-cinst, however pf-cinst-laninfo is being accessed after the free. Fix this by adding the missing return...

WordPress Plugin Elementor Website Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...