π¨ CVE-2023-40758
User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
π@cveNotify
User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
π@cveNotify
π¨ CVE-2023-40757
User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
π@cveNotify
User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
π@cveNotify
π¨ CVE-2023-40756
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
π@cveNotify
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
π@cveNotify
π¨ CVE-2023-40755
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
π@cveNotify
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
π@cveNotify
π¨ CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
π@cveNotify
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
π@cveNotify
GitHub
1.2.23 - Cacti PHP 8.2 LDAP Errors with php-ldap Installed Β· Issue #5189 Β· Cacti/cacti
This is basically the same issue as #5140 just with LDAP. 2023.01.24 08:40:11 - CMDPHP PHP ERROR Backtrace: (/index.php[25]:include(), /include/auth.php[158]:require_once(), /auth_login.php[99]:lda...
π¨ CVE-2020-24113
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).
π@cveNotify
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).
π@cveNotify
π¨ CVE-2020-12272
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
π@cveNotify
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
π@cveNotify
π¨ CVE-2023-41109
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
π@cveNotify
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
π@cveNotify
www.syss.de
SySS GmbH - The Pentest Experts
IT Security Anbieter β Schwachstellen erkennen | IT-Sicherheit prΓΌfen | Systeme absichern | Risiken nachhaltig minimieren | Schutz gezielt verbessern | Syss
π¨ CVE-2023-39578
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.
π@cveNotify
GitHub
Zenaio-xss Β· Issue #1 Β· anh91/Zenario-xss
Summary hi team, I found a small Stored XSS Info Zenario 9.4 Step 1: Login to account https://demo.zenar.io/admin Step 2: In the tab menu click on event and create a new event Step 3: Inject payloa...
π¨ CVE-2023-39348
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.
π@cveNotify
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.
π@cveNotify
GitHub
fix(gha): Fix github status log and add tests by jasonmcintosh Β· Pull Request #1316 Β· spinnaker/echo
Fixes output logs when using github status checks
π¨ CVE-2023-35785
Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.
π@cveNotify
Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.
π@cveNotify
Manageengine
ManageEngine: ITOps, cybersecurity & service management software
ManageEngine powers businesses like yours to take control of your IT with enterprise-grade solutions built from the ground up.
π¨ CVE-2023-4475
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
π@cveNotify
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
π@cveNotify
ASUSTOR
ηΌθ‘θ³θ¨ - ASUSTOR NAS
π¨ CVE-2022-48545
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
π@cveNotify
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
π@cveNotify
π¨ CVE-2023-4404
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
π@cveNotify
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
π@cveNotify
Wordfence
Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation β Wordfence Intelligence
π¨ CVE-2023-3699
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
π@cveNotify
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
π@cveNotify
Asustor
ηΌθ‘θ³θ¨ - ASUSTOR NAS
π¨ CVE-2023-40170
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
π@cveNotify
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
π@cveNotify
GitHub
cross-site inclusion (XSSI) of files
### Impact
Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab...
Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab...
π¨ CVE-2023-39968
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
Merge pull request from GHSA-r726-vmfq-j9j3 Β· jupyter-server/jupyter_server@2903625
Co-authored-by: Zachary Sailer <zsailer@apple.com>
π¨ CVE-2023-39652
theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().
π@cveNotify
theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().
π@cveNotify
Friends-Of-Presta Security Advisories
[CVE-2023-39652] Improper neutralization of SQL parameter in Theme Volty Video Tab module for PrestaShop
In the module βTheme Volty Video Tabβ (tvcmsvideotab) up to version 4.0.0 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
π¨ CVE-2023-38969
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
π@cveNotify
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
π@cveNotify
Tuan Anh's Blog
Badaso version 2.9.7 has an XSS vulnerability in add books
Vendor Homepage:
Badaso - Open Collective
Version:
2.9.7
Tested On:
Marcos, review source code
Affected Page:
https://badaso-demo.uatech.co.id/dashboard/general/borrowing/add
https://badaso-demo.uatech.co.id/dashboard/general/borrowing/1/edit
Descrip...
Badaso - Open Collective
Version:
2.9.7
Tested On:
Marcos, review source code
Affected Page:
https://badaso-demo.uatech.co.id/dashboard/general/borrowing/add
https://badaso-demo.uatech.co.id/dashboard/general/borrowing/1/edit
Descrip...
π¨ CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
π@cveNotify
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
π@cveNotify
Launchpad
Bug #1863025 βUse-after-free after flush in TCG acceleratorβ : Bugs : QEMU
I believe I found a UAF in TCG that can lead to a guest VM escape. The security list informed me "This can not be treated as a security issue." and to post it here. I am looking at the 4.2.0 source code. The issue requires a race and I will try to describeβ¦
π¨ CVE-2020-21699
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
π@cveNotify
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
π@cveNotify
GitHub
Nginx-variants/ιδ»Ά(Tengine).docx at master Β· ZxDecide/Nginx-variants
Here is a variant of Nginx web server that has been tried - ZxDecide/Nginx-variants