CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

Metasploit Web Crawler

This auxiliary module is a modular web crawler, to be used in conjunction with wmap (someday) or...

CVE-2024-35180

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version...

OMERO.web must check that the JSONP callback is a valid function

Background There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite.....

Improper Neutralization of Input During Web Page Generation in Spring Framework

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator...

Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore....

CVE-2023-40954

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the...

Malicious code in integration-web-core--socle (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4bee6dc4af217ab7789d50b0fed6b7d01749bf9ef8c725c1dfee59c068f9af3b) The OpenSSF Package Analysis project identified 'integration-web-core--socle' @ 1.4.2 (npm) as malicious. It is considered malicious because: The...

CVE-2019-25088

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The.....

Reportico Web fails to invalidate cookies upon logout

An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the...

Improper Callback Validation

omero-web is vulnerable to Improper Callback Validation. The vulnerability is due to a lack of sanitization or validation of callback parameters in JSONP-enabled endpoints, which allows an attacker to execute arbitrary JavaScript code in the...

CVE-2023-7116

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection....

CVE-2022-3708

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to...

CVE-2022-4607

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch.....

CVE-2022-4960

A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has...

CVE-2023-45674

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information...

Genie Path Traversal vulnerability via File Uploads

Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...

CVE-2020-36827

The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in...

CVE-2017-20157

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to...

CVE-2023-1979

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability...

CVE-2023-50712

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an...

CVE-2023-30615

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...

CVE-2022-2525

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to...

CVE-2023-49078

raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into....

CVE-2023-2106

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to...

CVE-2022-4729

A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be.....

CVE-2022-4730

A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

CVE-2022-4728

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.....

CVE-2023-48238

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On...

ecnepsnai/web vulnerable to Uncontrolled Resource Consumption

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

Malicious code in cst-web-chat (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d63325ebdbf1c74d7cc5b1900804d59ba11882efb8796b209b0c5b572d4844a2) The OpenSSF Package Analysis project identified 'cst-web-chat' @ 3.3.7 (npm) as malicious. It is considered malicious because: The package...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

Amazon Web Services EC2 SSM enumeration

Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API (nominally,...

Improper Input Validation

Apache Axis is vulnerable to Improper Input Validation. The vulnerability is caused due to improper input validation in the getService method within ServiceFactory.java. This can potentially lead to Denial of Service, Server Side request forgery, or Remote Code Execution...

Server Side Request Forgery (SSRF)

org.apache.axis: axis is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to the getService function within ServiceFactory.java because there is no validation for the jndiName. This allows users with access to the admin service to perform possible...

rolf-bornemann.de Cross Site Scripting vulnerability OBB-3905805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

OMERO.web must check that the JSONP callback is a valid function

Background There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite.....

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-urllib3, kubeflow-jupyter-web-app, k8s-sidecar,...

GHSA-HRFV-MQP8-Q5RW vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

Improper Session Management

reportico-web/reportico is vulnerable to Improper Session Management. The vulnerability is due to improper handling of session tokens, which allows an attacker to reuse a token after a user has logged...

CVE-2023-46136 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-urllib3, kubeflow-jupyter-web-app, k8s-sidecar,...

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: jwt-tool, kubeflow-volumes-web-app, py3-urllib3, kubeflow-jupyter-web-app, k8s-sidecar,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: jwt-tool, kubeflow-volumes-web-app, py3-urllib3, kubeflow-jupyter-web-app, k8s-sidecar,...

RHEL 7 : icedtea-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. icedtea-web: SOP checks based on codebase and not applet origin (CVE-2015-5236) Note that Nessus has not tested for...

RHEL 6 : vertx-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route ...

Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security...

Web Directory Free < 1.7.0 - SQL Injection

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...

Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security...

RHEL 6 : icedtea-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. icedtea-web: SOP checks based on codebase and not applet origin (CVE-2015-5236) Note that Nessus has not tested for...