π¨ CVE-2024-29193
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API in the client side. Then, it uses `Object.entries` to iterate over the result whose first item (`name`) gets appended using `innerHTML`. In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtcβs origin. As of time of publication, no patch is available.
π@cveNotify
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API in the client side. Then, it uses `Object.entries` to iterate over the result whose first item (`name`) gets appended using `innerHTML`. In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtcβs origin. As of time of publication, no patch is available.
π@cveNotify
GitHub Security Lab
GHSL-2023-205_GHSL-2023-206: Cross-site scripting (XSS) and arbitrary command execution vulnerability in go2rtc - CVE-2024-29191β¦
Go2rtc is susceptible to a cross-site scripting (XSS) vulnerability and an arbitrary command execution vulnerability due to the lack of user-input sanitization.
π¨ CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
π@cveNotify
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
π@cveNotify
π¨ CVE-2024-41265
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
π@cveNotify
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
π@cveNotify
Gist
CVE-2024-41265
CVE-2024-41265. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-41259
Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.
π@cveNotify
Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.
π@cveNotify
Gist
CVE-2024-41259
CVE-2024-41259. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-42460
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
π@cveNotify
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
π@cveNotify
GitHub
Missing checks during decoding of signatures leading to a certain degree of malleability of ECDSA and EDDSA signatures by Markusβ¦
There are some checks that need to be included during the decoding stage of both ECDSA and EDDSA signatures.
The absence of these checks leads to some mailability issues for ECDSA and EDDSA signatu...
The absence of these checks leads to some mailability issues for ECDSA and EDDSA signatu...
π¨ CVE-2024-34832
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
π@cveNotify
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
π@cveNotify
GitHub
GitHub - julio-cfa/CVE-2024-34832: CVE-2024-34832
CVE-2024-34832. Contribute to julio-cfa/CVE-2024-34832 development by creating an account on GitHub.
π¨ CVE-2024-36773
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php.
π@cveNotify
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php.
π@cveNotify
GitHub
VulDiscovery/cve-2024-36773.md at main Β· OoLs5/VulDiscovery
Persional vulDiscovery . Contribute to OoLs5/VulDiscovery development by creating an account on GitHub.
π¨ CVE-2023-35042
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
π@cveNotify
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
π@cveNotify
π¨ CVE-2023-34940
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
cve/ASUS-N10LX_2.0.0.39/URLFilterList_Stack_BOF.md at main Β· OlivierLaflamme/cve
Contribute to OlivierLaflamme/cve development by creating an account on GitHub.
π¨ CVE-2023-34941
A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
π¨ CVE-2023-34942
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
cve/ASUS-N10LX_2.0.0.39/MAC_Address_StackBOF.md at main Β· OlivierLaflamme/cve
Contribute to OlivierLaflamme/cve development by creating an account on GitHub.
π¨ CVE-2023-35116
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
π@cveNotify
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
π@cveNotify
GitHub
Stack overflow error caused by serialization of `Map` with cyclic dependency -- NOT CVE Β· Issue #3972 Β· FasterXML/jackson-databind
Stack overflow error caused by jackson serialization Map Description jackson before v2.15.2 was discovered to contain a stack overflow via the map parameter. Error Log Exception in thread "mai...
π¨ CVE-2023-34845
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
π@cveNotify
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
π@cveNotify
GitHub
Store XSS Β· Issue #1212 Β· bludit/bludit
Describe your problem https://github.com/bludit/bludit/blob/master/bl-kernel/ajax/logo-upload.php Logo upload only determines the suffix, but not the content, which causes XSS and the user can inje...
π¨ CVE-2023-35866
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."
π@cveNotify
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."
π@cveNotify
GitHub
Password for export and change password Β· Issue #9339 Β· keepassxreboot/keepassxc
I am disappointed because when exporting the database no password is required. And when I want to change the master password no password is required. For me it is a bad lack of security because if ...
π¨ CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
π@cveNotify
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
π@cveNotify
GitHub
GitHub - 970198175/Simply-use: A simple vulnerability library
A simple vulnerability library. Contribute to 970198175/Simply-use development by creating an account on GitHub.
π¨ CVE-2023-36632
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.
π@cveNotify
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.
π@cveNotify
Python documentation
email β An email and MIME handling package
Source code: Lib/email/__init__.py The email package is a library for managing email messages. It is specifically not designed to do any sending of email messages to SMTP ( RFC 2821), NNTP, or othe...
π¨ CVE-2023-36631
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."
π@cveNotify
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."
π@cveNotify
π¨ CVE-2023-37152
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
π@cveNotify
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
π@cveNotify
GitHub
arbitrary-file-upload-RCE/Online Art gallery project 1.0.md at main Β· Trinity-SYT-SECURITY/arbitrary-file-upload-RCE
Contribute to Trinity-SYT-SECURITY/arbitrary-file-upload-RCE development by creating an account on GitHub.
π¨ CVE-2023-36266
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).
π@cveNotify
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2023-35833
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement for Admin access in order to change the configuration.
π@cveNotify
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement for Admin access in order to change the configuration.
π@cveNotify
π¨ CVE-2023-36089
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
D-Link
Security Bulletin