π¨ CVE-2024-27906
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
π@cveNotify
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
π@cveNotify
π¨ CVE-2024-27231
In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2024-30851
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
π@cveNotify
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
π@cveNotify
GitHub
GitHub - chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc: Jasmin ransomware web panel path traversal PoC
Jasmin ransomware web panel path traversal PoC. Contribute to chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc development by creating an account on GitHub.
π¨ CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
π@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
π@cveNotify
π¨ CVE-2024-9798
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.
π@cveNotify
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.
π@cveNotify
GitHub
GitHub - zowe/api-layer: The API Mediation Layer provides a single point of access for mainframe service REST APIs.
The API Mediation Layer provides a single point of access for mainframe service REST APIs. - zowe/api-layer
π¨ CVE-2024-9802
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.
π@cveNotify
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.
π@cveNotify
GitHub
GitHub - zowe/api-layer: The API Mediation Layer provides a single point of access for mainframe service REST APIs.
The API Mediation Layer provides a single point of access for mainframe service REST APIs. - zowe/api-layer
π¨ CVE-2024-9787
A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2019-12387
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
π@cveNotify
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
π@cveNotify
openSUSE Mailing Lists
[security-announce] openSUSE-SU-2019:1760-1: moderate: Security update for python-Twisted - openSUSE Security Announce
openSUSE Security Update: Security update for python-Twisted
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1760-1
Rating: β¦β¦
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1760-1
Rating: β¦β¦
π¨ CVE-2019-12855
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
π@cveNotify
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
π@cveNotify
openSUSE Mailing Lists
[security-announce] openSUSE-SU-2019:2068-1: moderate: Security update for python-Twisted - openSUSE Security Announce
openSUSE Security Update: Security update for python-Twisted
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2068-1
Rating: β¦β¦
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:2068-1
Rating: β¦β¦
π¨ CVE-2016-1000111
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
π@cveNotify
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
π@cveNotify
π¨ CVE-2020-10108
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
π@cveNotify
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
π@cveNotify
Bishop Fox
Bishop Fox Offensive Security Advisories Blog
Leader in offensive security, providing continuous pen testing, red teaming, attack surface management, & traditional assessments. Subscribe to our blog!
π¨ CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
π@cveNotify
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
π@cveNotify
Bishop Fox
Bishop Fox Offensive Security Advisories Blog
Leader in offensive security, providing continuous pen testing, red teaming, attack surface management, & traditional assessments. Subscribe to our blog!
π¨ CVE-2019-20921
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
π@cveNotify
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
π@cveNotify
GitHub
GHSA-9r7h-6639-v5mw - GitHub Advisory Database
Cross-Site Scripting in bootstrap-select
π¨ CVE-2021-24171
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.
π@cveNotify
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.
π@cveNotify
WPScan
WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload
See details on WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload CVE 2021-24171. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2022-21712
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
π@cveNotify
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
π@cveNotify
GitHub
Merge pull request from GHSA-92x2-jw7w-xvvx Β· twisted/twisted@af8fe78
10294 Advisory fix 1
π¨ CVE-2024-23787
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
π@cveNotify
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
π@cveNotify
π¨ CVE-2024-9792
A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.
π@cveNotify
A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.
π@cveNotify
π¨ CVE-2024-9707
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
π@cveNotify
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
π@cveNotify
GitHub
plugins-hunk-companion/hunk-companion/import/app/app.php at 5a3cedc7b3d35d407b210e691c53c6cb400e4051 Β· WordPressBugBounty/pluginsβ¦
Contribute to WordPressBugBounty/plugins-hunk-companion development by creating an account on GitHub.
π¨ CVE-2024-9776
The ImagePress β Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
π@cveNotify
The ImagePress β Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
π@cveNotify
π¨ CVE-2024-11514
IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23975.
π@cveNotify
IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23975.
π@cveNotify
Zerodayinitiative
ZDI-24-1599
IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability