JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

TCPDF vulnerable to Regular Expression Denial of Service

TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted...

[The use of BD_ADDR in BR/EDR as the identity address of BLE makes the dual-stack trackable]

In bta_dm_remove_device of bta_dm_act.cc, there is a possible way for a BT device to receive a long term trackable identifier due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

Exploit for Infinite Loop in Cisco Adaptive Security Appliance Software

CVE-2024-20353-CiscoASAandFTD Exploit for DoS Cisco ASA and...

RIOT 2024.01 Buffer Overflows / Lack Of Size Checks / Out-Of-Bound Access

...

Denial Of Service (DoS)

octo-sts is vulnerable to Denial of Service (DoS). The vulnerability is due to missing HTTP request response size checks, which allows an attacker to cause a Denial of Service by flooding the STS service with...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

Denial Of Service (DoS)

Microsoft.AspNetCore.App.Runtime is vulnerable to Denial of Service (DoS). The vulnerability is caused by a deadlock that occurs within the .NET Kestrel web server, specifically impacting the handling of concurrent requests under certain conditions, which allows an attacker to potentially disrupt.....

Exploit for Out-of-bounds Write in Gnu Glibc

CVE-2023-4911 - Looney Tunables This is a (atm very rough)...

Apache ActiveMQ Deserialization of Untrusted Data vulnerability

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest...

Drupal Brute force amplification attacks via XML-RPC

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 GoAnywhere MFT suffers from a...

Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr

Apache-Solr-RCE_CVE-2023-50386_POC Apache Solr Backup/Restore...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

Denial of Service in jsonparser

jsonparser before 1.1.1 allows attackers to cause a denial of service via a GET...

Build Numbers and Versions of Veeam Recovery Orchestrator

This KB article lists all versions of Veeam Recovery Orchestrator and their respective build...

CVE-2023-45128

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to...

TCPDF vulnerable to Regular Expression Denial of Service

TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted...

Apache ActiveMQ Deserialization of Untrusted Data vulnerability

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

Denial of service in Kubernetes in k8s.io/kubernetes

Denial of service in Kubernetes in...

Pre-Auth Takeover of Build Pipelines in GoCD

GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2023-36745 Microsoft Exchange Server...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2023-2170......

TYPO3 Disclosure of Information about Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

Exploit for Deserialization of Untrusted Data in Apache Activemq

ActiveMQ-Exploit English |...

Exposure Of Sensitive Information To An Unauthorized Actor

Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

TYPO3 Disclosure of Information about Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

Unrestricted Upload Of File With Dangerous Type

silverstripe/framework is vulnerable for Unrestricted Upload Of File With Dangerous Type. The vulnerability is due to the lack of proper validation and sanitization of uploaded file types, which allows an attacker to upload executable file...

Deserialization Of Untrusted Data

timber/timber is vulnerable to Deserialization of Untrusted Data. The vulnerability due to a lack of input validation before passing it into the file_exists function. An attacker can execute arbitrary code by uploading files of any type to the server which then gets passed in the phar:// protocol.....

Denial Of Service (DoS)

github.com/argoproj/argo-cd/ is vulnerable to Denial Of Service (DoS). The vulnerability is due to inadequate validation of input within the ignoreDifferences configuration, allowing an attacker to craft a jqPathExpressions which consumes excessive memory, leading to a DoS...

Lack Of Salt Update On Password Change

silverstripe/framework is vulnerable to Lack of Salt Update On Password Change. The vulnerability is due to the internal salt not being reset when a password is changed. An attacker can potentially exploit this to reduce the effectiveness of password...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

OpenStack Identity (Keystone) Denial of Service

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long...

Exploit for Insecure Default Initialization of Resource in Apache Superset

...

Bouncy Castle Denial of Service (DoS)

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has...

Zendframework Denial of Service vector via XEE injection

Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and....

Zendframework Denial of Service vector via XEE injection

Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and....

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-37969 Windows Local Privilege Escalation PoC...

CVE-2023-42419 Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)

Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the....

Bouncy Castle Denial of Service (DoS)

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has...

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...

In Bluetooth SMP, there is a possible out of bound read of size one due to improper input validation.

In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for...

Exploit for Improper Preservation of Permissions in Mobyproject Moby

CVE-2021-41091 This exploit offers an in-depth look at the...

Exploit for Improper Restriction of XML External Entity Reference in Ivanti Connect Secure

CVE-2024-22024 Check for CVE-2024-22024 vulnerability in...

CVE-2024-22144 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through...

Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost/server/v8

Mattermost fails to authenticate the source of certain types of post actions in...

DNP3 Link Layer Brute Force Addressing Disclosure

The DNP3 protocol is a multi-layer protocol that begins with a link layer connection. The DNP3 link layer address is required to establish a link layer connection. The DNP3 link layer address for the host was easily guessed, and a valid DNP3 link layer connection was established. If a link...

CVE-2024-22144 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through...