WebsiteBaker 2.12.2 - Remote Code Execution

Exploit Title: WebsiteBaker 2.12.2 - Remote Code Execution Date: 2020-07-04 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/downloads Version: 2.12.2 Tested on: Windows 10 and Ubuntu...

CVE-2020-25814

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it doe...

CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

Ubuntu 16.04 LTS / 18.04 LTS : Email-Address-List vulnerability (USN-4517-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4517-1 advisory. It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to...

CVE-2020-0384

In Parseart of easmdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2020-0381

In Parsewave of easmdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

In the Linux kernel through 5.8.7 local attackers able to inject conntrack netlink configuration could overflow a local buffer causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c aka CID-1cc5ef91d2ff.

...

LibRaw Null Pointer Dereference Vulnerability

libraw is a C++ library for processing RAWCRW/CR2,NEF,RAF,DNG,andothers format images, supporting various operating systems. A code issue vulnerability exists in LibRaw version 20.0, which originates from a null pointer dereference cpp in parsetiffifd of src/metadata/tiff, which can be exploited ...

PT-2020-16020 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.8.8 Description: The issue allows local attackers to inject conntrack netlink configuration, potentially overflowing a local buffer. This can cause system crashes or result in the use of incorrect protocol...

Malicious Package in koa-body-parse

This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise...

GHSA-WQGQ-MFVJ-6QXP Malicious Package in koa-body-parse

This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise...

PT-2021-6568

Name of the Vulnerable Software and Affected Versions Arm Mbed TLS versions prior to 2.24.0 Description The issue is related to a buffer over-read in the mbedtls x509 crl parse der function, which can lead to a denial of service. This can be exploited by a remote attacker. The function is part of...

Regular Expression Denial of Service in ansi2html

The ansi2html package is affected by a regular expression denial of service vulnerability when certain types of user input is passed in. Proof of concept var ansi2html = require'ansi2html' var start = process.hrtime; ansi2html"1111111111111111111111;0000000000000000000000";...

PT-2020-19741 · Locutus · Locutus

Name of the Vulnerable Software and Affected Versions: locutus versions prior to 2.0.12 Description: The issue concerns Prototype Pollution via the php.strings.parse str function. This affects the locutus package, allowing for potential manipulation of objects. Recommendations: For versions prior...

Mozilla: Out of bound read in Date.parse()

Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...

Mozilla: Out of bound read in Date.parse()

Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...

OSV-2020-1659 Use-of-uninitialized-value in LibRaw::parse_sinar_ia

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25188 Crash type: Use-of-uninitialized-value Crash state: LibRaw::parsesinaria LibRaw::identify LibRaw::opendatastream...

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number which triggers a heap-based buffer overflow.

...

CVE-2020-7702

All versions of package templ8 are vulnerable to Prototype Pollution via the parse function...

Prototype Pollution

Overview Templ8 is a JavaScript Client/ Server Template Engine Affected versions of this package are vulnerable to Prototype Pollution via the parse function. POC const Templ8 = require'Templ8'; var tpl = new Templ8 'proto.polluted=true' ; tpl.parse; console.logpolluted //true Details Prototype...