๐จ CVE-2024-6879
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.
๐@cveNotify
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.
๐@cveNotify
WPScan
Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS
See details on Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS CVE 2024-6879. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-7313
The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
๐@cveNotify
The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
๐@cveNotify
WPScan
Shield Security < 20.0.6 - Reflected XSS
See details on Shield Security < 20.0.6 - Reflected XSS CVE 2024-7313. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-45241
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.
๐@cveNotify
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.
๐@cveNotify
Daly Whyte
CVE-2024-45241 - Path Traversal in CentralSquare's CryWolf
A path traversal vulnerability in the CryWolf (False Alarm Management) application allows unauthenticated attackers to read files outside of the working web directory leading to the disclosure of sensitive information.
By sending a traversal payload to theโฆ
By sending a traversal payload to theโฆ
๐จ CVE-2024-45256
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.
๐@cveNotify
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.
๐@cveNotify
Chebuya
Unauthenticated RCE on a BYOB via arbitrary file write (CVE-2024-45256)
PoC: https://github.com/chebuya/exploits/tree/main/BYOB-RCE Your browser does not support the video tag. Summary BYOB (Build Your Own Botnet) is an open-source post-exploitation framework for students, researchers and developers with support for Linux, Windowsโฆ
๐จ CVE-2024-31380
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.
๐@cveNotify
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.
๐@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Oxygen Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-43884
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.
Fixed by adding error handling in the function.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.
Fixed by adding error handling in the function.
๐@cveNotify
๐จ CVE-2024-43442
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.
This issue affects:
* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
๐@cveNotify
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.
This issue affects:
* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
๐@cveNotify
OTRS
OTRS Security Advisory 2024-10
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security@otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 uid OTRS Security Team <security@otrs.org>โฆ
๐จ CVE-2024-43443
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.
This issue affects:
* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
๐@cveNotify
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.
This issue affects:
* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
๐@cveNotify
OTRS
OTRS Security Advisory 2024-11
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security@otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 uid OTRS Security Team <security@otrs.org>โฆ
๐1
๐จ CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.
This issue affects:
* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
๐@cveNotify
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.
This issue affects:
* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
๐@cveNotify
OTRS
OTRS Security Advisory 2024-12
Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security@otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 uid OTRS Security Team <security@otrs.org>โฆ
๐จ CVE-2024-8161
SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database.
๐@cveNotify
SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database.
๐@cveNotify
www.incibe.es
SQL injection vulnerability in CIGESv2 system
INCIBE has coordinated the publication of a vulnerability of critical severity that affects the queue
๐จ CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
๐@cveNotify
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
๐@cveNotify
๐จ CVE-2024-43885
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double inode unlock for direct IO sync writes
If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip
inode logging or we get an error starting a transaction or an error when
flushing delalloc, we end up unlocking the inode when we shouldn't under
the 'out_release_extents' label, and then unlock it again at
btrfs_direct_write().
Fix that by checking if we have to skip inode unlocking under that label.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double inode unlock for direct IO sync writes
If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip
inode logging or we get an error starting a transaction or an error when
flushing delalloc, we end up unlocking the inode when we shouldn't under
the 'out_release_extents' label, and then unlock it again at
btrfs_direct_write().
Fix that by checking if we have to skip inode unlocking under that label.
๐@cveNotify
๐จ CVE-2024-43886
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check in resource_log_pipe_topology_update
[WHY]
When switching from "Extend" to "Second Display Only" we sometimes
call resource_get_otg_master_for_stream on a stream for the eDP,
which is disconnected. This leads to a null pointer dereference.
[HOW]
Added a null check in dc_resource.c/resource_log_pipe_topology_update.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check in resource_log_pipe_topology_update
[WHY]
When switching from "Extend" to "Second Display Only" we sometimes
call resource_get_otg_master_for_stream on a stream for the eDP,
which is disconnected. This leads to a null pointer dereference.
[HOW]
Added a null check in dc_resource.c/resource_log_pipe_topology_update.
๐@cveNotify
๐จ CVE-2023-26315
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
๐@cveNotify
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
๐@cveNotify
Mi
ไบงๅๅฎๅ
จไธญๅฟ
ๅฐ็ฑณไบงๅๅฎๅ
จไธญๅฟไธบๅฐ็ฑณ็็จๆทๅๅไฝไผไผดๆไพไบ่ฏฆ็ป็ๆๅ
ณๆบ่ฝๆๆบๅIoTไบงๅๅฎๅ
จ็ถๅต็ไฟกๆฏ๏ผ่ฆ็ไบงๅๅฎๅ
จๅปบ่ฎฎไธๅ
ฌๅใๅฎๅ
จๆดๆฐไธๆฏๆๆ
ๅต๏ผไปฅๅๅฎๅ
จๆผๆดๅๅบ่งๅใ
๐จ CVE-2024-41879
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
๐@cveNotify
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
๐@cveNotify
๐จ CVE-2024-44563
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
๐@cveNotify
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
๐@cveNotify
Arahat0's Notion on Notion
Tenda AX1806 Buffer Overflow in getIptvInfo | Notion
Information
๐จ CVE-2024-44565
Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set.
๐@cveNotify
Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set.
๐@cveNotify
๐จ CVE-2024-44938
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix shift-out-of-bounds in dbDiscardAG
When searching for the next smaller log2 block, BLKSTOL2() returned 0,
causing shift exponent -1 to be negative.
This patch fixes the issue by exiting the loop directly when negative
shift is found.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix shift-out-of-bounds in dbDiscardAG
When searching for the next smaller log2 block, BLKSTOL2() returned 0,
causing shift exponent -1 to be negative.
This patch fixes the issue by exiting the loop directly when negative
shift is found.
๐@cveNotify
๐จ CVE-2024-44939
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713
...
[Analyze]
In dtInsertEntry(), when the pointer h has the same value as p, after writing
name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the
previously true judgment "p->header.flag & BT-LEAF" to change to no after writing
the name operation, this leads to entering an incorrect branch and accessing the
uninitialized object ih when judging this condition for the second time.
[Fix]
After got the page, check freelist first, if freelist == 0 then exit dtInsert()
and return -EINVAL.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713
...
[Analyze]
In dtInsertEntry(), when the pointer h has the same value as p, after writing
name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the
previously true judgment "p->header.flag & BT-LEAF" to change to no after writing
the name operation, this leads to entering an incorrect branch and accessing the
uninitialized object ih when judging this condition for the second time.
[Fix]
After got the page, check freelist first, if freelist == 0 then exit dtInsert()
and return -EINVAL.
๐@cveNotify
๐จ CVE-2024-44940
In the Linux kernel, the following vulnerability has been resolved:
fou: remove warn in gue_gro_receive on unsupported protocol
Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is
not known or does not have a GRO handler.
Such a packet is easily constructed. Syzbot generates them and sets
off this warning.
Remove the warning as it is expected and not actionable.
The warning was previously reduced from WARN_ON to WARN_ON_ONCE in
commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad
proto callbacks").
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
fou: remove warn in gue_gro_receive on unsupported protocol
Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is
not known or does not have a GRO handler.
Such a packet is easily constructed. Syzbot generates them and sets
off this warning.
Remove the warning as it is expected and not actionable.
The warning was previously reduced from WARN_ON to WARN_ON_ONCE in
commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad
proto callbacks").
๐@cveNotify
๐จ CVE-2024-24051
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.
๐@cveNotify
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.
๐@cveNotify