🚨 CVE-2023-4475
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
🎖@cveNotify
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
🎖@cveNotify
ASUSTOR
發行資訊 - ASUSTOR NAS
🚨 CVE-2022-48545
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
🎖@cveNotify
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
🎖@cveNotify
🚨 CVE-2023-4404
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
🎖@cveNotify
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
🎖@cveNotify
Wordfence
Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation — Wordfence Intelligence
🚨 CVE-2023-3699
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
🎖@cveNotify
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
🎖@cveNotify
Asustor
發行資訊 - ASUSTOR NAS
🚨 CVE-2023-40170
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
🎖@cveNotify
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
🎖@cveNotify
GitHub
cross-site inclusion (XSSI) of files
### Impact
Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab...
Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab...
🚨 CVE-2023-39968
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
🎖@cveNotify
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
🎖@cveNotify
GitHub
Merge pull request from GHSA-r726-vmfq-j9j3 · jupyter-server/jupyter_server@2903625
Co-authored-by: Zachary Sailer <zsailer@apple.com>
🚨 CVE-2023-39652
theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().
🎖@cveNotify
theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().
🎖@cveNotify
Friends-Of-Presta Security Advisories
[CVE-2023-39652] Improper neutralization of SQL parameter in Theme Volty Video Tab module for PrestaShop
In the module “Theme Volty Video Tab” (tvcmsvideotab) up to version 4.0.0 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
🚨 CVE-2023-38969
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
🎖@cveNotify
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
🎖@cveNotify
Tuan Anh's Blog
Badaso version 2.9.7 has an XSS vulnerability in add books
Vendor Homepage:
Badaso - Open Collective
Version:
2.9.7
Tested On:
Marcos, review source code
Affected Page:
https://badaso-demo.uatech.co.id/dashboard/general/borrowing/add
https://badaso-demo.uatech.co.id/dashboard/general/borrowing/1/edit
Descrip...
Badaso - Open Collective
Version:
2.9.7
Tested On:
Marcos, review source code
Affected Page:
https://badaso-demo.uatech.co.id/dashboard/general/borrowing/add
https://badaso-demo.uatech.co.id/dashboard/general/borrowing/1/edit
Descrip...
🚨 CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
🎖@cveNotify
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
🎖@cveNotify
Launchpad
Bug #1863025 “Use-after-free after flush in TCG accelerator” : Bugs : QEMU
I believe I found a UAF in TCG that can lead to a guest VM escape. The security list informed me "This can not be treated as a security issue." and to post it here. I am looking at the 4.2.0 source code. The issue requires a race and I will try to describe…
🚨 CVE-2020-21699
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
🎖@cveNotify
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
🎖@cveNotify
GitHub
Nginx-variants/附件(Tengine).docx at master · ZxDecide/Nginx-variants
Here is a variant of Nginx web server that has been tried - ZxDecide/Nginx-variants
🚨 CVE-2023-41098
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
🎖@cveNotify
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
🎖@cveNotify
GitHub
fix: [security] reflected xss on dashboard edit · MISP/MISP@09fb0cb
MISP (core software) - Open Source Threat Intelligence and Sharing Platform - fix: [security] reflected xss on dashboard edit · MISP/MISP@09fb0cb
🚨 CVE-2023-39017
** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
🎖@cveNotify
** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
🎖@cveNotify
GitHub
API misuse of `org.quartz.jobs.ee.jms.SendQueueMessageJob.execute` would lead the code injection vulnerability. · Issue #943 ·…
Affected Version The latest version 2.3.2 and below. Describe the vulnerability There is a method, org.quartz.jobs.ee.jms.SendQueueMessageJob.execute(JobExecutionContext), designed to send a jms me...
🚨 CVE-2023-4569
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.
🎖@cveNotify
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.
🎖@cveNotify
🚨 CVE-2023-41005
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
🎖@cveNotify
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
🎖@cveNotify
GitHub
There is a logical flaw that leads to obtaining shell access. · Issue #977 · pagekit/pagekit
Problem There is a logical flaw that leads to obtaining shell access. Technical Details Pagekit version: 1.0.18 Webserver: nginx Database: mysql PHP Version: 7.4 Vulnerability Path: app/installer/s...
🚨 CVE-2023-40998
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.
🎖@cveNotify
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.
🎖@cveNotify
🚨 CVE-2023-40997
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.
🎖@cveNotify
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.
🎖@cveNotify
🚨 CVE-2023-40857
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
🎖@cveNotify
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
🎖@cveNotify
GitHub
heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code · Issue #1945 · VirusTotal/yara
Describe the bug AddressSanitizer: heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code To Reproduce Steps to reproduce the behavior: 1, compile yara with asan: ./configure CC=gcc CXX=g++ CF...
🚨 CVE-2023-40828
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
🎖@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
🎖@cveNotify
GitHub
Add security checks to prevent directory traversal when decompressing… by afeng2016-s · Pull Request #537 · pf4j/pf4j
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
🚨 CVE-2023-40827
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
🎖@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
🎖@cveNotify
GitHub
Add security checks to prevent directory traversal when decompressing… by afeng2016-s · Pull Request #537 · pf4j/pf4j
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
🚨 CVE-2023-40826
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
🎖@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
🎖@cveNotify
GitHub
The method of extracting the zip file has a path traversal vulnerability · Issue #536 · pf4j/pf4j
description Dear project developers, I use SpringBoot and pf4j to implement the system's extension plug-in function, the use of zip or jar package format is very easy to expand the system. When...
🚨 CVE-2023-40825
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
🎖@cveNotify
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
🎖@cveNotify
GitHub
The uploaded malicious plug-in is parsed and the command is executed · Issue #15 · perfree/PerfreeBlog
Vulnerability information PerfreeBlog implements the extension plug-in function based on SpringBoot and pf4j. After the plug-in is developed, it is packaged as a jar package, which can be directly ...