CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL...

Microsoft Exchange Server SSRF Vulnerability

This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or.....

Fortinet FortiWeb - OS command injection in Web GUI (FG-IR-22-163)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-163 advisory. An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0...

[SECURITY] Fedora 39 Update: cyrus-imapd-3.8.3-1.fc39

The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...

CVE-2023-52735

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in...

CVE-2024-38514

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...

[SECURITY] Fedora 40 Update: webkitgtk-2.44.2-2.fc40

WebKitGTK is the port of the WebKit web rendering engine to the GTK...

CVE-2023-42802

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP....

BIT-mattermost-2023-7113

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web...

TimThumb Cache Directory 'src' Parameter Arbitrary PHP File Upload

The version of TimThumb hosted on the remote web server allows an unauthenticated, remote attacker to upload arbitrary PHP files as specified by input to the 'src' parameter and retrieved from third- party sites to its cache directory. It's likely that these files can then be executed by...

CVE-2024-36392 MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...

CVE-2024-36392 MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...

CVE-2024-38514

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified...

Missing Access Check in TYPO3 CMS

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to...

CVE-2023-45134

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...

Grafana Spoofing originalUrl of snapshots

To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....

Windows Mark of the Web Security Feature Bypass Vulnerability

...

Mattermost Cross-site Scripting vulnerability

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web...

CVE-2023-7113

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web...

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

[SECURITY] Fedora 40 Update: qt5-qtgamepad-5.15.14-1.fc40

Qt Gamepad provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes...

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

[SECURITY] Fedora 39 Update: chromium-126.0.6478.55-1.fc39

Chromium is an open-source web browser, powered by WebKit...

RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.9] (Moderate) (RHSA-2021:4626)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4626 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks,...

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code....

CVE-2023-24379

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through...

Check Point SecureRemote (SecuRemote) Information Disclosure Vulnerability - Active Check

The remote host seems to be a Check Point FireWall-1 running SecureRemote (SecuRemote). The SecuRemote service contains a vulnerability that allows attackers to gain information about the hosts, networks, and users configured on the...

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or...

CVE-2024-35181

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

[SECURITY] Fedora 40 Update: qt5-qtwebview-5.15.14-1.fc40

Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes...

Server-Side Request Forgery in langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols....

CVE-2022-43760

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate...

Malicious code in galileo-web-sdk (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (a1ea1d3425cddab091828432f9dffef7f8bc36f5fbf9bcd0e01dffe737417e92) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Server-Side Request Forgery in langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

RHEL 6 : python-twisted (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods (CVE-2019-12387) Note that...

[SECURITY] Fedora 40 Update: chromium-126.0.6478.55-1.fc40

Chromium is an open-source web browser, powered by WebKit...

Denial Of Service (DoS)

ASP.NET and .NET are vulnerable to Denial of Service. The vulnerability is due to the Kestrel web server detecting a malicious client but failing to disconnect, resulting in Denial of...

namshi/jose - Verification bypass

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384,...

Episodex Guestbook Unauthorized Access and HTML Injection Vulnerability

The remote version of Episodex Guestbook contains an input validation flaw leading to the execution on attacker supplied HTML and script code. In addition an unauthenticated remote attacker can directly access administrator...

F-Secure Key Detection (Mac OS X)

F-Secure Key is installed on the remote Mac OS X...

AVEVA InduSoft Web Studio / InTouch Machine Edition Command 81 mbstowcs() Stack Overflow

The AVEVA InduSoft Web Studio (IWS) or InTouch Machine Edition (ITME) running on the remote host is affected by a remote code execution vulnerability due to a stack overflow condition when handling command 81 in the TCPIP server listening on the default port 1234. An unauthenticated, remote...

RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2217)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2217 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private ...

CVE-2023-43658

dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP...

Modicon PLC Web Password Status Disclosure SNMP Request Password Status Remote Disclosure

The Modicon Quantum, Premium and Momentum brands of PLC's have a private SNMP MIB that is available on the Internet. The Web Password Status has been obtained via an SNMP Get Request. The Web Password Status is either enabled or disabled. A Web Password Status of disabled identifies a...

Exploit for Improper Control of Interaction Frequency in Asus Gt-Axe11000 Firmware

easy-exploits The current repository contains exploits of...

Exploit for OS Command Injection in Tenda Hg9 Firmware

CVE-2022-30023 Authenticated Command Injection on Tenda HG9...

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

Netis MW5360 Remote Command Execution Exploit

The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...