π¨ CVE-2023-26428
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.
π@cveNotify
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.
π@cveNotify
π¨ CVE-2023-26427
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
π@cveNotify
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
π@cveNotify
π¨ CVE-2023-36097
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.
π@cveNotify
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.
π@cveNotify
GitHub
Insecure file upload via plugins install in funadmin v3.3.2 - v3.3.3 Β· Issue #17 Β· funadmin/funadmin
Vulnerability Product:funadmin Vulnerability version:.3.3.2 - 3.3.3 Vulnerability type:Insecure file upload Vulnerability DetailsοΌ Vulnerability location app\backend\controller\Addon.php#localinsta...
π¨ CVE-2023-36093
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
π@cveNotify
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
π@cveNotify
GitHub
EyouCMS v1.6.3 has stored xss Β· Issue #44 Β· weng-xianhu/eyoucms
There is a storage type cross site scripting vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 poc: </desc><script>alert(1...
π¨ CVE-2021-4342
Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.
π@cveNotify
Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.
π@cveNotify
Wordfence
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass β Wordfence Intelligence
π¨ CVE-2023-3233
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
Vuldb
CVE-2023-3233: Zhong Bang CRMEB PublicController.php get_image_base64 server-side request forgery
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. This vulnerability is traded as CVE-2023-3233.
π¨ CVE-2023-2569
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,
elevation of privilege, and potentially kernel execution when a malicious actor with local user
access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
π@cveNotify
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,
elevation of privilege, and potentially kernel execution when a malicious actor with local user
access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
π@cveNotify
π¨ CVE-2023-31975
yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.
π@cveNotify
yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.
π@cveNotify
GitHub
yasm memory leak Β· Issue #210 Β· yasm/yasm
I found a memory leak bug in yasm. Please confirm. Thanks! Test Environment Ubuntu 20.04, 64 bit yasm (version: v1.3.0 ;master) How to trigger Compile the program with AddressSanitizer Run command ...
π¨ CVE-2021-25322
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
π@cveNotify
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
π@cveNotify
π¨ CVE-2022-31251
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
π@cveNotify
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
π@cveNotify
π¨ CVE-2021-25321
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
π@cveNotify
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
π@cveNotify
π¨ CVE-2023-31541
A unrestricted file upload vulnerability was discovered in the βBrowse and upload imagesβ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
π@cveNotify
A unrestricted file upload vulnerability was discovered in the βBrowse and upload imagesβ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
π@cveNotify
π¨ CVE-2023-36243
FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.
π@cveNotify
FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.
π@cveNotify
GitHub
Memory allocation failure in xml_on_metadata_tag_only() at dump_xml.c:271 Β· Issue #19 Β· noirotm/flvmeta
Memory allocation failure in xml_on_metadata_tag_only() at dump_xml.c:271 Memory allocation failure in the flvmeta at function xml_on_metadata_tag_only in dump_xml.c:271. Environment Ubuntu 18.04, ...
π¨ CVE-2023-36239
libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.
π@cveNotify
libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.
π@cveNotify
GitHub
Allocation size overflow in parseSWF_DEFINEFONTINFO() at parser.c:1948 Β· Issue #273 Β· libming/libming
Allocation size overflow in parseSWF_DEFINEFONTINFO() at parser.c:1948 Allocation size overflow in the listswf at function parseSWF_DEFINEFONTINFO in parser.c:1948. Environment Ubuntu 18.04, 64 bit...
π¨ CVE-2023-34923
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.
π@cveNotify
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.
π@cveNotify
Char49
TOPdesk vulnerable to XML Signature Wrapping Attacks | Char49
TOPdesk Single Signon integration based on SAML (Security Assertion Markup Language) was vulnerable to XML Signature Wrapping (XSW) attacks, allowing bad actors with credentials to authenticate with the Identity Provider (IdP) to impersonate any TOPdesk userβ¦
π¨ CVE-2023-34796
Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.
π@cveNotify
Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.
π@cveNotify
xmit.xyz
DMARC'd for Death: Anonymous Stored XSS for Email Admins
Open-source DMARC parsing tools are fraught with issues keeping themselves from leaking sensitive information. Let's see why...
π¨ CVE-2023-21135
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119
π@cveNotify
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119
π@cveNotify
π¨ CVE-2023-21131
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265015796
π@cveNotify
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265015796
π@cveNotify