🚨 CVE-2020-21325
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
🎖@cveNotify
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
🎖@cveNotify
GitHub
Remote Code Execution Vulnerability In WUZHI CMS v4.1.0 · Issue #188 · wuzhicms/wuzhicms
1.In the set_cache method of the \coreframe\app\core\libs\function\common.func.php file, when $data is not of the array type, $data will be written directly to the php file. function set_cache($fil...
🚨 CVE-2020-21268
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.
🎖@cveNotify
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.
🎖@cveNotify
GitHub
A stored XSS vulnerability that leads to the capture of other people's cookies · Issue #40 · easysoft/zentaopms
There is a stored XSS vulnerability in the comment edit and software version is 11.6.4. The following poc is valid: "'<img src=1 onerror=alert(document.cookie); /> <div onmouseove...
🚨 CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
🎖@cveNotify
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
🎖@cveNotify
GitHub
User deletion caused by CSRF · Issue #13 · Neeke/HongCMS
CSRF exists in the background (administrator) to delete users: The backend only cares about the values of the parameters' deleteuserids' and 'updateuserids' So the attacker only nee...
🚨 CVE-2020-21246
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.
🎖@cveNotify
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.
🎖@cveNotify
GitHub
Cross-Site Scripting (XSS) · Issue #6 · yongshengli/yiicms
Storage XSS vulnerability in News release. poc: <script>alert("test")</script> Successful execution of payload code
🚨 CVE-2020-21174
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
🎖@cveNotify
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
🎖@cveNotify
GitHub
File upload command execution · Issue #44 · liufee/cms
In the background, you can upload the PHP file by changing the image suffix to PHP, resulting in command execution. url:http://192.168.18.143/admin/index.php?r=admin-user%2Fupdate-self
🚨 CVE-2020-21058
Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.
🎖@cveNotify
Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.
🎖@cveNotify
GitHub
typora(0.9.79) XSS to RCE · Issue #2959 · typora/typora-issues
typora 0.9.79 tested on win10,Mac OS using mermaid,Iframe won't be sandboxed XSS POC: ```mermaid graph TD B --> C{<iframe srcdoc=<scrip&#...
🚨 CVE-2020-21052
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.
🎖@cveNotify
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.
🎖@cveNotify
GitHub
前台文章评论处存储型XSS · Issue #56 · 94fzb/zrlog
在2.1.3版本中,前台对文章评论处,可以插入获取管理员cookie的XSS语句,管理员访问登录后台即可触发XSS。
🚨 CVE-2020-20969
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
🎖@cveNotify
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
🎖@cveNotify
GitHub
Pluck-4.7.10 admin background exists a remote command execution vulnerability · Issue #86 · pluck-cms/pluck
Pluck-4.7.10 admin background exists a remote command execution vulnerability it happens when restore file from trashcan,and the restoring file has the same with one of the files in uploaded files ...
🚨 CVE-2020-20919
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.
🎖@cveNotify
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.
🎖@cveNotify
GitHub
pluck-cms<=4.7.10-dev4 admin background exists a remote command execution vulnerability when install a theme · Issue #85 · pluck…
pluck-cms<=4.7.10-dev4 admin background exists a remote command execution vulnerability when install a theme Demo: After the installation is successful, go to the management background. options-...
🚨 CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
🎖@cveNotify
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
🎖@cveNotify
GitHub
Pluck-4.7.10-dev2 admin background exists a remote command execution vulnerability when creating a new web page · Issue #80 · pluck…
Pluck-4.7.10-dev2 admin background exists a remote command execution vulnerability when creating a new web page Vulnerability location: data\inc\functions.admin.php 531-535 line Saves the hidden pa...
🚨 CVE-2020-20735
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
🎖@cveNotify
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
🎖@cveNotify
🚨 CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
🎖@cveNotify
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
🎖@cveNotify
GitHub
There is a CSRF vulnerability that can add an administrator account · Issue #51 · GilaCMS/gila
CSRF vulnerability There is a CSRF vulnerability to add an administrator account After the administrator logged in, open the following page poc Hack.html-----add an administrator accoun <html>...
🚨 CVE-2020-20725
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
🎖@cveNotify
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
🎖@cveNotify
GitHub
Cross Site Scripting · Issue #2 · taogogo/taocms
First Enter the page: http://127.0.0.1/taocms/admin/admin.php?action=frame&ctrl=iframes and the payload is: Then,we can see the result.
🚨 CVE-2020-20718
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
🎖@cveNotify
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
🎖@cveNotify
GitHub
File contains vuln pluck 4.7.10 dev version · Issue #79 · pluck-cms/pluck
admin.php: language.php: save_file(): "../../../images/wphp.jpg" Be written to \data\settings\langpref.php Users can upload a picture file containing malicious code to getshell. POST /plu...
🚨 CVE-2023-34231
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.
🎖@cveNotify
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.
🎖@cveNotify
GitHub
Snowflake Golang Driver Security Advisory
### Issue
Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication.
### Impacted driver package: ...
Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication.
### Impacted driver package: ...
🚨 CVE-2023-34230
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.
🎖@cveNotify
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.
🎖@cveNotify
GitHub
Snowflake Connector .Net Security Advisory
### Issue
Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication.
### Impacted driver package:
snowflak...
Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication.
### Impacted driver package:
snowflak...
🚨 CVE-2020-11027
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
🎖@cveNotify
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
🎖@cveNotify
Documentation
Version 5.4.1
On April 29, 2020, WordPress 5.4.1 was released to the public. Installation/Update Information To download WordPress 5.4.1, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.…
🚨 CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash
algorithm for encrypting privileged user credentials. A configuration file that
is accessible without authentication uses MD5 hashes for encrypting
credentials, including those of administrators and technicians.
🎖@cveNotify
Econolite EOS versions prior to 3.2.23 use a weak hash
algorithm for encrypting privileged user credentials. A configuration file that
is accessible without authentication uses MD5 hashes for encrypting
credentials, including those of administrators and technicians.
🎖@cveNotify
🚨 CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining “READONLY” access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
🎖@cveNotify
Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining “READONLY” access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
🎖@cveNotify
🚨 CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
🎖@cveNotify
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
🎖@cveNotify
🚨 CVE-2023-34232
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.
🎖@cveNotify
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.
🎖@cveNotify
GitHub
Replace eval() for parsing JSON strings by sfc-gh-ext-simba-lf · Pull Request #465 · snowflakedb/snowflake-connector-nodejs
Regarding issue 271
The PR replaces eval which is considered unsafe with better-eval which executes the code in a different scope and blocks the usage of global variables
The PR replaces eval which is considered unsafe with better-eval which executes the code in a different scope and blocks the usage of global variables