PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

Debian: Security Advisory (DLA-1627-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: python34, python36

Issue Overview: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data...

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service. A heap-based buffer over-read in the function Exiv2::IptcData::printStructure in src/iptc.cpp allows a remote attacker to cause a denial of service condition...

CVE-2018-18909

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

CVE-2018-18909

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

CVE-2018-18909

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

CVE-2018-18909

The CVE-2018-18909 entry applies to xhEditor (version 1.2.2). The underlying issue is a cross-site scripting (XSS) vulnerability: an attacker can inject JavaScript code in the SRC attribute of an IFRAME element within the editor’s source-code view. This is evidenced by multiple connected records ...

Cross-Site Scripting (XSS)

angular-gettext is vulnerable to cross-site scripting. interpolationContext is passed to getString or getPlural functions in dist/angular-gettext.js and src/directive.js, which allows attackers to inject arbitrary Javascript code into a victim's browser when the attribute...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

Integer overflow

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

Denial Of Service (DoS)

libsndfile.so is vulnerable to denial of service DoS attacks. The vulnerability exists in psfmemset of src/common.c due to the lack of sanity check on the value used in the memset function, allowing a stack buffer overflow to occur, causing a DoS attack...

CVE-2018-5175

CVE-2018-5175 describes a universal CSP bypass on sites using strict-dynamic. An HTML injection flaw could reference Firefox DevTools’ require.js to bypass CSP and execute injected scripts. Affected product: Mozilla Firefox

Medium: wget

Issue Overview: A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.CVE-2018-0494 Affected Packages: wget Issue Correction: Run yum update wget or yum update --advisory ALAS-2018-1040 to updat...

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

Mozilla: Encrypted mail leaks plaintext through src attribute

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2017-6888

An error in the "readmetadatavorbiscomment" function src/libFLAC/streamdecoder.c in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file...

CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...