‼ CVE-2023-36470 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set's HTML or XWiki syntax definition. The [icon picker](https://extensions.xwiki.org/xwiki/bin/view/Extension/Icon%20Theme%20Application#HIconPicker) can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. Further, the HTML output of the icon set is output as JSON in the icon picker and this JSON is interpreted as XWiki syntax, allowing again the injection of script macros into a document with programming right and thus allowing remote code execution. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This issue has been patched in XWiki 14.10.6 and 15.1. Icon themes now require script right and the code in the icon theme is executed within the context of the icon theme, preventing any rights escalation. A macro for displaying icons has been introduced to avoid injecting the raw wiki syntax of an icon set into another document. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36607 ‼
📖 Read
via "National Vulnerability Database".
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44719 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36468 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100/GHSA-2g5c-228j-p52x as example - it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history. This vulnerability doesn't affect freshly installed versions of XWiki. Further, this vulnerability doesn't affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions. This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros. As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26710 ‼
📖 Read
via "National Vulnerability Database".
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3464 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. VDB-232710 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
❤3
‼ CVE-2023-26966 ‼
📖 Read
via "National Vulnerability Database".
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.📖 Read
via "National Vulnerability Database".
❤3
‼ CVE-2023-2846 ‼
📖 Read
via "National Vulnerability Database".
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-32613 ‼
📖 Read
via "National Vulnerability Database".
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3474 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3473 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3475 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32622 ‼
📖 Read
via "National Vulnerability Database".
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28387 ‼
📖 Read
via "National Vulnerability Database".
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32621 ‼
📖 Read
via "National Vulnerability Database".
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26135 ‼
📖 Read
via "National Vulnerability Database".
All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3477 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-32612 ‼
📖 Read
via "National Vulnerability Database".
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3476 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32620 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.📖 Read
via "National Vulnerability Database".
📢 Rubrik partners with Microsoft to drive generative AI-powered cyber recovery 📢
📖 Read
via "ITPro".
Rubrik Security Cloud will integrate with Microsoft Sentinel and Azure OpenAI to accelerate recovery from cyber attacks 📖 Read
via "ITPro".
ITPro
Rubrik partners with Microsoft to drive generative AI-powered cyber recovery
Rubrik Security Cloud will integrate with Microsoft Sentinel and Azure OpenAI to accelerate recovery from cyber attacks