CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

CVE-2023-52735

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in...

[SECURITY] Fedora 39 Update: cyrus-imapd-3.8.3-1.fc39

The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...

CVE-2023-42802

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP....

ASP/PHP '%20' Source Code Disclosure Vulnerability - Active Check

Multiple products are prone to an information disclosure ...

CODESYS V3 Web Server Heap-based Buffer Overflow (CVE-2021-33485)

The CODESYS V3 web server running on the remote host is affected by a heap-based buffer overflow vulnerability. An unauthenticated, remote attacker can exploit this to execute arbitrary...

AVEVA InduSoft Web Studio / InTouch Edge HMI UniSoft.dll wcscpy() Stack Overflow

The AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition) running on the remote host is affected by a remote code execution vulnerability due to a stack overflow condition when handling certain command messages to the TCPIP server listening on the default port...

AVEVA InduSoft Web Studio / InTouch Edge HMI TCP/IP Server Detection

The remote host is running the TCP/IP server for AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition), a software application for managing and monitoring SCADA...

Tridium Niagara AX Web Server Directory Traversal 'config.bog' Disclosure Remote Compromise

The remote install of Tridium Niagara AX Web Server is affected by a directory traversal vulnerability. By exploiting the vulnerability, it is possible to access the server's 'config.bog' file. This file discloses sensitive information, which could allow an attacker to obtain administrative...

Denial Of Service (DoS)

ASP.NET and .NET are vulnerable to Denial of Service. The vulnerability is due to the Kestrel web server detecting a malicious client but failing to disconnect, resulting in Denial of...

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or...

F-Secure Key Detection (Mac OS X)

F-Secure Key is installed on the remote Mac OS X...

CVE-2023-24379

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through...

CVE-2024-0807

Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

[SECURITY] Fedora 39 Update: chromium-126.0.6478.55-1.fc39

Chromium is an open-source web browser, powered by WebKit...

namshi/jose - Verification bypass

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384,...

CVE-2024-36392 MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...

Fortinet FortiWeb - OS command injection in Web GUI (FG-IR-22-163)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-163 advisory. An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0...

Fortinet FortiWeb - Relative path traversal in web API (FG-IR-22-146)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-146 advisory. A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all...

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

CVE-2024-36392 MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...

Check Point SecureRemote (SecuRemote) Information Disclosure Vulnerability - Active Check

The remote host seems to be a Check Point FireWall-1 running SecureRemote (SecuRemote). The SecuRemote service contains a vulnerability that allows attackers to gain information about the hosts, networks, and users configured on the...

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

TimThumb Cache Directory 'src' Parameter Arbitrary PHP File Upload

The version of TimThumb hosted on the remote web server allows an unauthenticated, remote attacker to upload arbitrary PHP files as specified by input to the 'src' parameter and retrieved from third- party sites to its cache directory. It's likely that these files can then be executed by...

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code....

[SECURITY] Fedora 40 Update: chromium-126.0.6478.55-1.fc40

Chromium is an open-source web browser, powered by WebKit...

CVE-2023-45134

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...

Netis MW5360 Remote Command Execution Exploit

The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...

[SECURITY] Fedora 40 Update: qt5-qtgamepad-5.15.14-1.fc40

Qt Gamepad provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes...

F-Secure Key Detection

F-Secure Key, a password management application, is installed on the remote Windows...

Grafana Spoofing originalUrl of snapshots

To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....

Dell iDRAC Weak SessionID Vulnerability (IPMI Protocol) - Active Check

Intelligent Platform Management Interface (IPMI) v1.5 ...

BMC Compuware iStrobe Web 20.13 Shell Upload

...

Exploit for OS Command Injection in Tenda Hg9 Firmware

CVE-2022-30023 Authenticated Command Injection on Tenda HG9...

CVE-2023-28370

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted...

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols....

Exploit for Improper Control of Interaction Frequency in Asus Gt-Axe11000 Firmware

easy-exploits The current repository contains exploits of...

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware

CVE-2021-36260 CVE-2021-36260 POC command injection...

[SECURITY] Fedora 40 Update: qt5-qtwebview-5.15.14-1.fc40

Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes...

Episodex Guestbook Unauthorized Access and HTML Injection Vulnerability

The remote version of Episodex Guestbook contains an input validation flaw leading to the execution on attacker supplied HTML and script code. In addition an unauthenticated remote attacker can directly access administrator...

CVE-2023-52735

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in...

Magento 1.x Multiple Vulnerabilities (SUPEE-11086)

Magento 1.x is prone to multiple...

Server-Side Request Forgery in langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

van-oost-tholen.ambachtsbakker.nl Cross Site Scripting vulnerability OBB-3842165

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2022-43760

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate...

Server-Side Request Forgery in langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.9] (Moderate) (RHSA-2021:4626)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4626 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks,...

Exploit for CVE-2024-30850

https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc/asse......

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0009)

The remote OracleVM system is missing necessary patches to address critical security updates : NFS: commit direct writes even if they fail partially (J. Bruce Fields) [Orabug: 28212440] rds: update correct congestion map for loopback transport (Mukesh Kacker) [Orabug: 29175685] ext4:...

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

Security Bulletin: This Power System update is being released to address CVE-2023-45857

Summary This affects the BMC's ASMi web application. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value.....