cameronacademy.ca Open Redirect vulnerability

Open Bug Bounty ID: OBB-1146161 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting cameronacademy.ca website and its users. Following...

koha.uniempresarial.edu.co Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145324 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting koha.uniempresarial.edu.co website and its users...

CVE-2020-0078

In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

Nextcloud: Code injection possible with malformed Nextcloud Talk chat commands

Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using @exec. If...

ALSA-2020:1379 Important: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: Slirp: potential OOB access due to unsafe snprintf usages CVE-2020-8608 For more details about the security issues, including the impact, a CVSS score,...

polkit security and bug fix update

0.112-26.0.1 - Increase timeout to avoid defunct processes Orabug: 26930744 0.112-26 - Refined upstream fix of CVE-2018-1116 to avoid ABI changes - Related: rhbz1601411 0.112-25 - fix of CVE-2018-1116 - Resolves: rhbz1601411 0.112-24 - pkttyagent: resetting terminal erases rest of input line -...

Internet Bug Bounty: Use of uninitialized value in ftp_getrc_msg method of mod_proxy_ftp.c

This is a Security Bug Report for modproxyftp. This bug is present in ftpgetrcmsg method of modules/proxy/modproxyftp.c file. This is the line which causes this bug. c ... mb = aprcpystrnmb, response + 4, me - mb; ... If ftp server returns a response like "\r\n", which has 3 characters with...

CVE-2020-8639

CVE-2020-8639 affects TestLink 1.9.20 via an unrestricted file upload in the keywordsImport.php endpoint. According to the sources, an authenticated attacker can upload a file with an executable extension to a publicly accessible directory, enabling arbitrary code execution (e.g., PHP) on the ser...

Command Injection in ionicabizau/node-gry

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js const Repo = require"gry"; var myRepo = new Repo"."; myRepo.pull"test; touch HACKED; ", function...

bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication...

CVE-2019-14877

In the mdiff function of the newlib libc library, all versions prior to 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to wds and sign will trigger a null pointer dereference bug...

CVE-2019-14874

In the i2b function of the newlib libc library, all versions prior to 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of x0 will trigger a null pointer dereference bug in case of...

mysql-server:fuzz_initfile: Heap-buffer-overflow in temptable::Row::copy_to_own_memory

Project: https://github.com/mysql/mysql-server.git Detailed Report: https://oss-fuzz.com/testcase?key=5728722322980864 Project: mysql-server Fuzzing Engine: libFuzzer Fuzz Target: fuzzinitfile Job Type: libfuzzerasanmysql-server Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash...

Nextcloud: Missing ownership check on remote wipe endpoint

On settings/user/security You can mark a device for wipe out that does not belong to you. Steps: 1. Create 2 accounts one for the hacker and one for the victim 2. On both accounts add devices with different names 3. On the hacker account, while intercepting with burpsuite, select the option to wi...

CVE-2020-10531

An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...

binutils:fuzz_bfd: Crash in setup_sections

Detailed Report: https://oss-fuzz.com/testcase?key=5698598596771840 Project: binutils Fuzzing Engine: honggfuzz Fuzz Target: fuzzbfd Job Type: honggfuzzasanbinutils Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x60703e3edcbe Crash State: setupsections somobjectp bfdcheckformatmatche...

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

Insecure version of Spring Web MVC used in Confluence Analytics

Hello! A transitive dependency issue has been found in Confluence Analytics: https://atlassian.sourceclear.io/workspaces/Paaina7/issues/vulnerabilities/26465610 Confluence Analytics has a transitive dependency on the Spring Web MVC library, which has a security bug. The issue can be fixed by...

CVE-2019-17333 TIBCO EBX Exposes Cross-Site Scripting Vulnerability

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5...

servas.org Cross Site Scripting vulnerability

Security Researcher Broly157 Helped patch 1570 vulnerabilities Received 7 Coordinated Disclosure badges Received 15 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting servas.org website and its users. Following coordinated a...