π¨ CVE-2024-3179
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
π@cveNotify
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-3180
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
π@cveNotify
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-3181
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
π@cveNotify
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-44682
ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters.
π@cveNotify
ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters.
π@cveNotify
GitHub
Qianyi/xss.md at main Β· 147536951/Qianyi
Contribute to 147536951/Qianyi development by creating an account on GitHub.
π¨ CVE-2024-44683
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
π@cveNotify
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
π@cveNotify
π¨ CVE-2024-44684
TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields.
π@cveNotify
TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields.
π@cveNotify
GitHub
Qianyi/Tp_xss.md at main Β· 147536951/Qianyi
Contribute to 147536951/Qianyi development by creating an account on GitHub.
π¨ CVE-2024-8285
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.
π@cveNotify
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.
π@cveNotify
π¨ CVE-2024-8347
A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
gaorenyusi/lms2.md at main Β· gaorenyusi/gaorenyusi
Contribute to gaorenyusi/gaorenyusi development by creating an account on GitHub.
π¨ CVE-2024-8348
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
gaorenyusi/lms3.md at main Β· gaorenyusi/gaorenyusi
Contribute to gaorenyusi/gaorenyusi development by creating an account on GitHub.
π¨ CVE-2024-6585
Multiple stored cross-site scripting (βXSSβ) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a userβs session with the application.
π@cveNotify
Multiple stored cross-site scripting (βXSSβ) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a userβs session with the application.
π@cveNotify
GitHub
Lightdash - Stored Cross-Site Scripting
### Summary
Multiple stored cross-site scripting (βXSSβ) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated thr...
Multiple stored cross-site scripting (βXSSβ) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated thr...
π¨ CVE-2024-6586
Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting userβs session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover.
π@cveNotify
Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting userβs session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover.
π@cveNotify
GitHub
Lightdash - Server-Side Request Forgery Session Takeover
### Summary
Server-Side Request Forgery (βSSRFβ) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any u...
Server-Side Request Forgery (βSSRFβ) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any u...
π¨ CVE-2023-7256
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
π@cveNotify
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
π@cveNotify
GitHub
Have sock_initaddress() return the list of addrinfo structures or NULL. Β· the-tcpdump-group/libpcap@262e4f3
Its return address is currently 0 for success and -1 for failure, with a
pointer to the first element of the list of struct addrinfos returned
through a pointer on success; change it to return that...
pointer to the first element of the list of struct addrinfos returned
through a pointer on success; change it to return that...
π¨ CVE-2024-45304
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contract after the original owner has renounced ownership. This could also be used by a malicious owner to simulate leaving a contract without an owner, to later regain ownership by previously having proposed himself as a pending owner. This issue has been addressed in release version 0.16.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contract after the original owner has renounced ownership. This could also be used by a malicious owner to simulate leaving a contract without an owner, to later regain ownership by previously having proposed himself as a pending owner. This issue has been addressed in release version 0.16.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
Fix pending owner late overwrite issue (#1122) Β· OpenZeppelin/cairo-contracts@ef87d78
* fix: pending owner late overwrite issue
* feat: add tests
* tests: remove old version
* feat: update CHANGELOG
* Update packages/access/src/tests/test_ownable.cairo
Co-authored-by:...
* feat: add tests
* tests: remove old version
* feat: update CHANGELOG
* Update packages/access/src/tests/test_ownable.cairo
Co-authored-by:...
π¨ CVE-2024-8006
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.
π@cveNotify
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.
π@cveNotify
GitHub
makes pcap_findalldevs_ex errors out if the directory does not exist Β· the-tcpdump-group/libpcap@0f8a103
the LIBpcap interface to various kernel packet capture mechanism - makes pcap_findalldevs_ex errors out if the directory does not exist Β· the-tcpdump-group/libpcap@0f8a103
π¨ CVE-2024-39747
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
π@cveNotify
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
π@cveNotify
Ibmcloud
IBM Sterling Connect:Direct Web Services information disclosure CVE-2024-39747 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π1
π¨ CVE-2024-42939
A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.
π@cveNotify
A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.
π@cveNotify
π1
π¨ CVE-2024-7030
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order.
π@cveNotify
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order.
π@cveNotify
π¨ CVE-2024-7032
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.
π@cveNotify
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.
π@cveNotify
π¨ CVE-2024-23491
Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-01075
π¨ CVE-2024-7651
The App Builder β Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the βapp-builder-searchβ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
π@cveNotify
The App Builder β Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the βapp-builder-searchβ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
π@cveNotify
π¨ CVE-2024-7435
The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
π@cveNotify
The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
π@cveNotify