π¨ CVE-2023-39578
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.
π@cveNotify
GitHub
Zenaio-xss Β· Issue #1 Β· anh91/Zenario-xss
Summary hi team, I found a small Stored XSS Info Zenario 9.4 Step 1: Login to account https://demo.zenar.io/admin Step 2: In the tab menu click on event and create a new event Step 3: Inject payloa...
π¨ CVE-2023-39348
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.
π@cveNotify
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.
π@cveNotify
GitHub
fix(gha): Fix github status log and add tests by jasonmcintosh Β· Pull Request #1316 Β· spinnaker/echo
Fixes output logs when using github status checks
π¨ CVE-2023-35785
Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.
π@cveNotify
Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.
π@cveNotify
Manageengine
ManageEngine: ITOps, cybersecurity & service management software
ManageEngine powers businesses like yours to take control of your IT with enterprise-grade solutions built from the ground up.
π¨ CVE-2023-39650
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
π@cveNotify
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
π@cveNotify
Friends-Of-Presta Security Advisories
[CVE-2023-39650] Improper neutralization of SQL parameters in Theme Volty CMS Blog module for PrestaShop
In the module βTheme Volty CMS Blogβ (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
π¨ CVE-2023-4569
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.
π@cveNotify
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.
π@cveNotify
π¨ CVE-2023-41005
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
π@cveNotify
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
π@cveNotify
GitHub
There is a logical flaw that leads to obtaining shell access. Β· Issue #977 Β· pagekit/pagekit
Problem There is a logical flaw that leads to obtaining shell access. Technical Details Pagekit version: 1.0.18 Webserver: nginx Database: mysql PHP Version: 7.4 Vulnerability Path: app/installer/s...
π¨ CVE-2023-40998
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.
π@cveNotify
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.
π@cveNotify
π¨ CVE-2023-40997
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.
π@cveNotify
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.
π@cveNotify
π¨ CVE-2023-40857
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
π@cveNotify
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
π@cveNotify
GitHub
heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code Β· Issue #1945 Β· VirusTotal/yara
Describe the bug AddressSanitizer: heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code To Reproduce Steps to reproduce the behavior: 1, compile yara with asan: ./configure CC=gcc CXX=g++ CF...
π¨ CVE-2023-40828
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
π@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
π@cveNotify
GitHub
Add security checks to prevent directory traversal when decompressing⦠by afeng2016-s · Pull Request #537 · pf4j/pf4j
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
π¨ CVE-2023-40827
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
π@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
π@cveNotify
GitHub
Add security checks to prevent directory traversal when decompressing⦠by afeng2016-s · Pull Request #537 · pf4j/pf4j
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.S...
π¨ CVE-2023-40826
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
π@cveNotify
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
π@cveNotify
GitHub
The method of extracting the zip file has a path traversal vulnerability Β· Issue #536 Β· pf4j/pf4j
description Dear project developers, I use SpringBoot and pf4j to implement the system's extension plug-in function, the use of zip or jar package format is very easy to expand the system. When...
π¨ CVE-2023-40825
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
π@cveNotify
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
π@cveNotify
GitHub
The uploaded malicious plug-in is parsed and the command is executed Β· Issue #15 Β· perfree/PerfreeBlog
Vulnerability information PerfreeBlog implements the extension plug-in function based on SpringBoot and pf4j. After the plug-in is developed, it is packaged as a jar package, which can be directly ...
π¨ CVE-2023-40781
Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.
π@cveNotify
Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.
π@cveNotify
GitHub
heap-buffer-overflow in r_readc() at fromswf.c:264 Β· Issue #288 Β· libming/libming
A heap buffer overflow occurs when makeswf parse a invalid swf file, and the filename extension is .swf. Test Environment Ubuntu 20.04, 64 bit libming (master 04aee52) Steps to reproduce compile li...
π¨ CVE-2023-39059
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
π@cveNotify
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
π@cveNotify
Gist
CVE-2023-39059
CVE-2023-39059. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2023-34725
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
π@cveNotify
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.
π@cveNotify
Jaycar
Wireless Gateway Home Automation Controller | Jaycar Australia
Have you ever dreamt of controlling your homes lighting and appliances remotely? Have you ever wanted to turn your homes lights and appliances off and...
π¨ CVE-2023-34724
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.
π@cveNotify
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.
π@cveNotify
Jaycar
Wireless Gateway Home Automation Controller | Jaycar Australia
Have you ever dreamt of controlling your homes lighting and appliances remotely? Have you ever wanted to turn your homes lights and appliances off and...
π¨ CVE-2023-41361
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
π@cveNotify
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
π@cveNotify
GitHub
bgpd: Check the length of the rcv software version by ton31337 Β· Pull Request #14241 Β· FRRouting/frr
Make sure we don't exceed the maximum of BGP_MAX_SOFT_VERSION.
The Capability Length SHOULD be no greater than 64.
Reported-by: Iggy Frankovic iggyfran@amazon.com
The Capability Length SHOULD be no greater than 64.
Reported-by: Iggy Frankovic iggyfran@amazon.com
π¨ CVE-2023-41360
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
π@cveNotify
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
π@cveNotify
GitHub
bgpd: Don't read the first byte of ORF header if we are ahead of stream by ton31337 Β· Pull Request #14245 Β· FRRouting/frr
Reported-by: Iggy Frankovic iggyfran@amazon.com
π¨ CVE-2023-37435
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
π¨ CVE-2023-37436
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
π@cveNotify