‼ CVE-2023-29204 ‼
📖 Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29209 ‼
📖 Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the legacy notification activity macro. This macro is installed by default in XWiki. The vulnerability can be exploited via every wiki page that is editable including the user's profile, but also with just view rights using the HTMLConverter that is part of the CKEditor integration which is bundled with XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29207 ‼
📖 Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included since XWiki 3.5M1 and doesn't require script rights, this can be demonstrated with the syntax `{{documents id="example" count="5" actions="false" columns="doc.title, before<script>alert(1)</script>after"/}}`. Therefore, this can also be exploited by users without script right and in comments. With the interaction of a user with more rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29208 ‼
📖 Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29205 ‼
📖 Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html macro directly in their own user profile page. The problem has been patched in XWiki 14.8RC1. The patch involves the HTML macros and are systematically cleaned up whenever the user does not have the script correct.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29210 ‼
📖 Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro that provide the notification filters. These macros are used in the user profiles and thus installed by default in XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29203 ‼
📖 Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29206 ‼
📖 Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights.📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2015-10101 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39295 ‼
📖 Read
via "National Vulnerability Database".
In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30153 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34337 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28163 ‼
📖 Read
via "National Vulnerability Database".
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34128 ‼
📖 Read
via "National Vulnerability Database".
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27545 ‼
📖 Read
via "National Vulnerability Database".
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43128 ‼
📖 Read
via "National Vulnerability Database".
Dreamer CMS 4.0.1 allows SQL injection via ArchivesMapper.xml.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37705 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37186 ‼
📖 Read
via "National Vulnerability Database".
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37704 ‼
📖 Read
via "National Vulnerability Database".
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-17537 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14944 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.📖 Read
via "National Vulnerability Database".