CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

BIT-opencart-2024-21519

This affects versions of the package opencart/opencart from 4.0.0-0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

Cisco Firepower Threat Defense Software Web Services DoS Vulnerability (cisco-sa-asaftd-websrvs-dos-X8gNucD2)

According to its self-reported version, the remote Cisco Firepower Threat Defense Software is affected by a denial of service (DoS) vulnerability, due to incomplete error checking when parsing HTTP headers. An unauthenticated, remote attacker can exploit this issue, via specially crafted HTTP...

Cisco Adaptive Security Appliance Software Web Services DoS Vulnerability (cisco-sa-asaftd-websrvs-dos-X8gNucD2)

According to its self-reported version, the remote Cisco ASA Software is affected by a denial of service (DoS) vulnerability, due to incomplete error checking when parsing HTTP headers. An unauthenticated, remote attacker can exploit this issue, via specially crafted HTTP request, to cause the...

Apache S2-032 Struts - Remote Code Execution

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained...

[SECURITY] Fedora 40 Update: chromium-126.0.6478.126-1.fc40

Chromium is an open-source web browser, powered by WebKit...

Arbitrary File Creation in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

Microsoft SQL Server SQL Abuse Vulnerability (Q256052)

The remote SQL server seems to be vulnerable to the SQL abuse vulnerability described in technet article...

Exploit for CVE-2023-6553

CVE-2023-6553 PoC (LFI to RCE) Unauthenticated Remote Code...

AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

...

AEGON LIFE 1.0 Remote Code Execution

...

AEGON LIFE v1.0 Life Insurance Management System - Remote Code Execution Vulnerability

...

van-oost-tholen.ambachtsbakker.nl Cross Site Scripting vulnerability OBB-3842165

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Junos OS PHPRC Environment Variable Manipulation RCE

This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The...

elFinder 2.1.58 - Remote Code Execution

elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal...

[SECURITY] Fedora 40 Update: chromium-126.0.6478.114-1.fc40

Chromium is an open-source web browser, powered by WebKit...

HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery

...

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler < 1.6.5 - Missing Authorization via Several AJAX Action

Description The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Intel Microcode update (USN-3977-3)

USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun,...

ZendFramework1 Potential Security Issues in Bundled Dojo Library

In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several files....

github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error

The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security...

CVE-2022-36215

DedeBIZ v6 was discovered to contain a remote code execution vulnerability in...

Oracle Content Server - Cross-Site Scripting

Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated...

Arbitrary File Creation in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

[SECURITY] Fedora 39 Update: firefox-127.0.2-1.fc39

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and...

CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server

Static Web Server (SWS) is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like <img src>.txt...

ElementsKit PRO < 3.6.3 - Authenticated (Contributor+) Server-Side Request Forgery

Description The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations....

[SECURITY] Fedora 39 Update: chromium-126.0.6478.114-1.fc39

Chromium is an open-source web browser, powered by WebKit...

User Registration And Management System 3.2 SQL Injection

...

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to...

NETGEAR Routers - Authentication Bypass

NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management...

Apache Struts2 S2-008 RCE

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static...

CVE-2018-25097

A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of.....

“Cannot change WebPart ExportMode to ‘All’. WebPart will be skipped” - Warning When Performing Backup of SharePoint Sites

To back up Web Parts with the Modern App-Only Authentication method, Veeam Backup for Microsoft 365 requires setting the "Export Mode" property of the web part from "None" to "All" to make this Web Part exportable and available for...

CVE-2024-38514

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...

Johnson Controls exacqVision Web Service Information Disclosure (JCI-PSA-2021-16)

The Johnson Controls exacqVision Web Service running on the remote host is affected by an information disclosure vulnerability due to a lack of access control. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to view credentials stored in the exacqVision...

AVEVA InduSoft Web Studio / InTouch Edge HMI UniSoft.dll wcscpy() Stack Overflow

The AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition) running on the remote host is affected by a remote code execution vulnerability due to a stack overflow condition when handling certain command messages to the TCPIP server listening on the default port...

AVEVA InduSoft Web Studio / InTouch Edge HMI TCP/IP Server Detection

The remote host is running the TCP/IP server for AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition), a software application for managing and monitoring SCADA...

Tridium Niagara AX Web Server Directory Traversal 'config.bog' Disclosure Remote Compromise

The remote install of Tridium Niagara AX Web Server is affected by a directory traversal vulnerability. By exploiting the vulnerability, it is possible to access the server's 'config.bog' file. This file discloses sensitive information, which could allow an attacker to obtain administrative...

CVE-2024-38514

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

Cisco RV132W/RV134W Router - Information Disclosure

Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential...

CODESYS V3 Web Server Heap-based Buffer Overflow (CVE-2021-33485)

The CODESYS V3 web server running on the remote host is affected by a heap-based buffer overflow vulnerability. An unauthenticated, remote attacker can exploit this to execute arbitrary...

Microsoft Exchange Server SSRF Vulnerability

This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or.....

Malicious code in cuckoo-3-web-ui-tooling (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (adbea70f2acb33710c8ecb7e13e55c24980ccd349854aa6c82915d2829359e15) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 39 Update: webkitgtk-2.44.2-2.fc39

WebKitGTK is the port of the WebKit web rendering engine to the GTK...

SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion

SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note...

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...

CVE-2023-52735

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in...

[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40

The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...