XSS in Predefined Asset Metadata module in Settings

Description While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Predefined Asset Metadata module in Settings, specifically at Name field. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.Go to Settings - Predefined Asset Metadata...

Reflected XSS in Predefined Properties module in Settings

Description During testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Predefined Properties module in Settings, specifically at Name field. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.Go to Settings - Predefined Properties and add...

SUSE CVE-2008-4409

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service memory consumption and application crash, as demonstrated by use of xmllint on a certain XML document, a different vulnerability th...

SUSE CVE-2009-2475

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...

SUSE CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...

UBUNTU-CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

CVE-2022-35582

Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...

The vulnerability of the /etc/shadow.sample component of the TOTOLINK A810R router’s microprogramming system allows a intruder to gain increased privileges.

The vulnerability of the /etc/shadow.sample component of the TOTOLINK A810R router’s software lies in the use of pre-set user accounts. Exploiting this vulnerability could allow an attacker to gain increased privileges remotely...

LDAP Query and Enumeration Module

This module allows users to query an LDAP server using either a custom LDAP query, or a set of LDAP queries under a specific category. Users can also specify a JSON or YAML file containing custom queries to be executed using the RUNQUERYFILE action. If this action is specified, then QUERYFILEPATH...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

GHSA-276R-24XQ-HWG8 Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

CVE-2022-24566

In Checkmk =2.0.0p19 fixed in 2.0.0p20 and Checkmk =1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting XSS...

Cross site scripting

In Checkmk =2.0.0p19 fixed in 2.0.0p20 and Checkmk =1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting XSS...

PT-2022-16722 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0p27 and earlier Checkmk versions 2.0.0p19 and earlier Description: The issue arises from the title of a Predefined condition not being properly escaped when shown as a condition, which can result in Cross Site Scripting...

Check Point Response to CVE-2021-4034 - local privilege escalation in polkit's pkexec

Symptoms - A Local Privilege Escalation from any user to root was discovered in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. The vulnerability allows unprivileged users to run commands as privileged users according to predefined policies. Fo...

The vulnerability of the automated information system “Registration in OO” arises from the use of pre-set user accounts, allowing a perpetrator to gain unauthorized access to protected information.

The vulnerability of the automated information system “Registration in OO” is related to the use of pre-set user accounts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

User is still able to frontrun

Handle evertkors Vulnerability details Impact An attempt to solve front-running attacks by using the nextPrice model is not effective. Users are still able to execute a front-running attack as the time of the next price execution is arbitrary. The oracle is called at an arbitrary point in time...