π¨ CVE-2020-20735
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
π@cveNotify
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
π@cveNotify
π¨ CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
π@cveNotify
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
π@cveNotify
GitHub
There is a CSRF vulnerability that can add an administrator account Β· Issue #51 Β· GilaCMS/gila
CSRF vulnerability There is a CSRF vulnerability to add an administrator account After the administrator logged in, open the following page poc Hack.html-----add an administrator accoun <html>...
π¨ CVE-2020-20725
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
π@cveNotify
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
π@cveNotify
GitHub
Cross Site Scripting Β· Issue #2 Β· taogogo/taocms
First Enter the page: http://127.0.0.1/taocms/admin/admin.php?action=frame&ctrl=iframes and the payload is: Then,we can see the result.
π¨ CVE-2020-20718
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
π@cveNotify
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
π@cveNotify
GitHub
File contains vuln pluck 4.7.10 dev version Β· Issue #79 Β· pluck-cms/pluck
admin.php: language.phpοΌ save_file(): "../../../images/wphp.jpg" Be written to \data\settings\langpref.php Users can upload a picture file containing malicious code to getshell. POST /plu...
π¨ CVE-2023-34231
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the userβs local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.
π@cveNotify
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the userβs local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.
π@cveNotify
GitHub
Snowflake Golang Driver Security Advisory
### Issue
Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication.
### Impacted driver package: ...
Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication.
### Impacted driver package: ...
π¨ CVE-2023-34230
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the userβs local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.
π@cveNotify
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the userβs local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.
π@cveNotify
GitHub
Snowflake Connector .Net Security Advisory
### Issue
Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication.
### Impacted driver package:
snowflak...
Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication.
### Impacted driver package:
snowflak...
π¨ CVE-2020-11027
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
π@cveNotify
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
π@cveNotify
Documentation
Version 5.4.1
On April 29, 2020, WordPress 5.4.1 was released to the public. Installation/Update Information To download WordPress 5.4.1, update automatically from the Dashboard > Updates menu in your siteβs admin area or visit https://wordpress.org/download/release-archive/.β¦
π¨ CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash
algorithm for encrypting privileged user credentials. A configuration file that
is accessible without authentication uses MD5 hashes for encrypting
credentials, including those of administrators and technicians.
π@cveNotify
Econolite EOS versions prior to 3.2.23 use a weak hash
algorithm for encrypting privileged user credentials. A configuration file that
is accessible without authentication uses MD5 hashes for encrypting
credentials, including those of administrators and technicians.
π@cveNotify
π¨ CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining βREADONLYβ access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
π@cveNotify
Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining βREADONLYβ access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
π@cveNotify
π¨ CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
π@cveNotify
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
π@cveNotify
π¨ CVE-2023-34232
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the userβs local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.
π@cveNotify
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the userβs local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.
π@cveNotify
GitHub
Replace eval() for parsing JSON strings by sfc-gh-ext-simba-lf Β· Pull Request #465 Β· snowflakedb/snowflake-connector-nodejs
Regarding issue 271
The PR replaces eval which is considered unsafe with better-eval which executes the code in a different scope and blocks the usage of global variables
The PR replaces eval which is considered unsafe with better-eval which executes the code in a different scope and blocks the usage of global variables
π¨ CVE-2023-34334
AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.
π@cveNotify
AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.
π@cveNotify
π¨ CVE-2023-34342
AMI BMC contains a vulnerability in the IPMI handler, where an
attacker can upload and download arbitrary files under certain circumstances,
which may lead to denial of service, escalation of privileges, information
disclosure, or data tampering.
π@cveNotify
AMI BMC contains a vulnerability in the IPMI handler, where an
attacker can upload and download arbitrary files under certain circumstances,
which may lead to denial of service, escalation of privileges, information
disclosure, or data tampering.
π@cveNotify
π¨ CVE-2023-34335
AMI BMC contains a vulnerability in the IPMI handler, where an
unauthenticated host is allowed to write to a host SPI flash, bypassing secure
boot protections. An exploitation of this vulnerability may lead to a loss of
integrity or denial of service.
π@cveNotify
AMI BMC contains a vulnerability in the IPMI handler, where an
unauthenticated host is allowed to write to a host SPI flash, bypassing secure
boot protections. An exploitation of this vulnerability may lead to a loss of
integrity or denial of service.
π@cveNotify
π¨ CVE-2023-29175
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.
π@cveNotify
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.
π@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
π¨ CVE-2023-33991
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.
π@cveNotify
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.
π@cveNotify
π¨ CVE-2023-34537
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
π@cveNotify
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
π@cveNotify
GitHub
GitHub - leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5
Contribute to leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5 development by creating an account on GitHub.
π¨ CVE-2019-10952
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering
CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
π@cveNotify
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering
CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
π@cveNotify
π¨ CVE-2021-32837
mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.
π@cveNotify
mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.
π@cveNotify
GitHub Security Lab
GHSL-2021-108: ReDoS (Regular Expression Denial of Service) in mechanize - CVE-2021-32837
mechanize contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
π¨ CVE-2023-34944
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
π@cveNotify
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
π@cveNotify
GitHub
Vendor: Require enshrined/svg-sanitize Β· chamilo/chamilo-lms@f6e8355
Chamilo is a learning management system focused on ease of use and accessibility - Vendor: Require enshrined/svg-sanitize Β· chamilo/chamilo-lms@f6e8355