CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting

FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

Malicious code in epc-notification-setting-web (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (7e2f6eb6b2d571a457c452301694f5e1f6da8ff1254c78f6837eaef6af78134e) The OpenSSF Package Analysis project identified 'epc-notification-setting-web' @ 66.6.9 (npm) as malicious. It is considered malicious because: ...

CVE-2006-5460

Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/...

Mattermost crashes web clients via a malformed custom status

Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom...

CVE-2023-1353

A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site...

Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names

Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like <img src>.txt will allow JavaScript code execution in the context of the web server’s domain. Details SWS generally does not perform escaping of...

Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. PoC curl --url...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: dask-gateway, request-1276, ggshield, kubeflow-pipelines, py3-idna, confluent-docker-utils, kubeflow-pipelines-visualization-server, kubeflow-katib, kubeflow-jupyter-web-app, py3-cassandra-medusa, k8s-sidecar,...

CVE-2023-1354

A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument...

CVE-2023-1352

A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to.....

HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

Symantec Web Gateway Login Utility

This module will attempt to authenticate to a Symantec Web...

Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting

Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary...

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

iboss Secure Web Gateway Cross Site Scripting

...

namshi/jose insecure JSON Web Signatures (JWS)

namshi/jose allows the acceptance of unsecure JSON Web Signatures (JWS) by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security...

Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access...

namshi/jose insecure JSON Web Signatures (JWS)

namshi/jose allows the acceptance of unsecure JSON Web Signatures (JWS) by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security...

Exploit for Improper Privilege Management in Openwebanalytics Open Web Analytics

CVE-2022-24637 Unauthenticated RCE in Open Web Analytics...

Chef Web UI Brute Force Utility

This module attempts to login to Chef Web UI server instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also test for the default login...

DirectAdmin Web Control Panel Login Utility

This module will attempt to authenticate to a DirectAdmin Web Control...

BAVision IP Camera Web Server Login

This module will attempt to authenticate to an IP camera created by BAVision via the web service. By default, the vendor ships a default credential admin:123456 to its cameras, and the web server does not enforce lockouts in case of a bruteforce...

Malicious code in @westpac-components-web/hooks (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (935f3ecec4f48a905f04e98df7c4b7010c6fdc9900763c6aa3fe749e8ffd9237) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-4328

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick...

CVE-2024-30889

Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload...

CVE-2022-42429

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-42426

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-42428

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-42425

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2021-37253

M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web...

CVE-2022-42427

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a...

CVE-2022-42424

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

best-web-design-tools.com Cross Site Scripting vulnerability OBB-3870378

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Jasmin Ransomware Web Server Unauthenticated Directory Traversal

The Jasmin Ransomware web server contains an unauthenticated directory traversal vulnerability within the download functionality. As of April 15, 2024 this was still unpatched, so all versions are vulnerable. The last patch was in 2021, so it will likely not ever be...

Jasmin Ransomware Web Server Unauthenticated SQL Injection

The Jasmin Ransomware web server contains an unauthenticated SQL injection vulnerability within the login functionality. As of April 15, 2024 this was still unpatched, so all versions are vulnerable. The last patch was in 2021, so it will likely not ever be patched. Retrieving the victim's data...

RHEL 6 : icedtea-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. icedtea-web: unsigned code injection in a signed JAR file (CVE-2019-10181) icedtea-web: directory...

best-web-design-tools.com Cross Site Scripting vulnerability OBB-3868752

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-3378

A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack...

Exploit for Command Injection in Sophos Web Appliance

CVE-2023-1671 Vulnerability Scanner ![GitHub last...

CVE-2023-3243

** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to...

Syncovery For Linux Web-GUI Login Utility

This module will attempt to authenticate to Syncovery File Sync & Backup Software For Linux...

Joomla! Plugin Core Design Scriptegrator - Local File Inclusion

A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[]...

Malicious code in ato-z-web-identity-components-app-cdk-adp-wrapper (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c33c62d31d74de8fa6a7a3911507ce9a8d513bccb45ff1b51b7fbb9068920d3e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

iboss Secure Web Gateway - Stored Cross-Site Scripting Vulnerability

...

iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

...

Coaster CMS Stored Cross-site Scripting vulnerability

A Stored Cross-site Scripting vulnerability has been discovered in the v5.5.0 version of the Coaster CMS...

Advanced PWA - Critical - Access bypass - SA-CONTRIB-2024-017

Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications. This module doesn't sufficiently protect.....