π¨ CVE-2024-6595
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.
π@cveNotify
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.
π@cveNotify
vlt /vΕlt/ - blog
The massive bug at the heart of the npm ecosystem
An article detailing the massive bug at the heart of the npm ecosystem; encompassing a lack of validation by the public registry, package manifest inconsistancies & assumptions about package managers & security products
π¨ CVE-2024-6801
A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271703.
π@cveNotify
A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271703.
π@cveNotify
GitHub
SourceCodester Online student management system in php free download /add-students.php Unrestricted Upload Β· Issue #1 Β· aaajuna/demo
SourceCodester Online student management system in php free download /add-students.php Unrestricted Upload NAME OF AFFECTED PRODUCT(S) Online student management system in php free download Vendor H...
π¨ CVE-2024-6802
A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.
π@cveNotify
A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.
π@cveNotify
Casino020
Beste Online Casino Zonder Cruks 2025 β Veilig Spelen Zonder Beperkingen Casino020
Zoek je informatie over het Beste Online Casino Zonder Cruks Casino020? Op deze pagina lees je alles over gokken zonder Cruks in Nederland.
π¨ CVE-2024-1955
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings.
π@cveNotify
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings.
π@cveNotify
π¨ CVE-2024-3610
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme and activate it cause the site to whitescreen.
π@cveNotify
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme and activate it cause the site to whitescreen.
π@cveNotify
π¨ CVE-2024-5344
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βforgoturlβ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βforgoturlβ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
Theplusaddons
Give feedback and suggest new ideas for The Plus Addons for Elementor.
π¨ CVE-2024-4377
The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
WPScan
DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode
See details on DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode CVE 2024-4377. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4381
The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS
See details on CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS CVE 2024-4381. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4382
The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks
π@cveNotify
The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks
π@cveNotify
WPScan
CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF
See details on CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF CVE 2024-4382. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4384
The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
CSSable Countdown <= 1.5 - Admin+ Stored XSS
See details on CSSable Countdown <= 1.5 - Admin+ Stored XSS CVE 2024-4384. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4474
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
WPScan
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
See details on WP Logs Book <= 1.0.1 - Disable Logging via CSRF CVE 2024-4474. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4475
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack
π@cveNotify
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack
π@cveNotify
WPScan
WP Logs Book <= 1.0.1 - Log Clearing via CSRF
See details on WP Logs Book <= 1.0.1 - Log Clearing via CSRF CVE 2024-4475. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.
π@cveNotify
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.
π@cveNotify
π¨ CVE-2024-6803
A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert.php. The manipulation of the argument anothercont leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271705 was assigned to this vulnerability.
π@cveNotify
A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert.php. The manipulation of the argument anothercont leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271705 was assigned to this vulnerability.
π@cveNotify
GitHub
Itsourcecode Document Management System Open Source PHP v1.0 insert.php SQL injection Β· Issue #3 Β· hzy11111111/cve
Itsourcecode Document Management System Open Source PHP v1.0 insert.php SQL injection NAME OF AFFECTED PRODUCT(S) Document Management System Open Source PHP Vendor Homepage https://itsourcecode.com...
π¨ CVE-2024-6807
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.
π@cveNotify
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.
π@cveNotify
Casino020
Beste Online Casino Zonder Cruks 2025 β Veilig Spelen Zonder Beperkingen Casino020
Zoek je informatie over het Beste Online Casino Zonder Cruks Casino020? Op deze pagina lees je alles over gokken zonder Cruks in Nederland.
π¨ CVE-2024-6808
A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271707.
π@cveNotify
A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271707.
π@cveNotify
GitHub
code-projects Simple Task List In PHP With Source Code v1.0 signUp.php SQL injection Β· Issue #1 Β· qianqiusujiu/cve
code-projects Simple Task List In PHP With Source Code v1.0 signUp.php SQL injection NAME OF AFFECTED PRODUCT(S) Simple Task List In PHP With Source Code Vendor Homepage https://code-projects.org/s...
π¨ CVE-2024-5037
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
π@cveNotify
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
π@cveNotify
π¨ CVE-2024-5154
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (β../β). This flaw allows the container to read and write to arbitrary files on the host system.
π@cveNotify
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (β../β). This flaw allows the container to read and write to arbitrary files on the host system.
π@cveNotify
π¨ CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
π@cveNotify
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
π@cveNotify
π¨ CVE-2024-41009
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overrunning reservations in ringbuf
The BPF ring buffer internally is implemented as a power-of-2 sized circular
buffer, with two logical and ever-increasing counters: consumer_pos is the
consumer counter to show which logical position the consumer consumed the
data, and producer_pos which is the producer counter denoting the amount of
data reserved by all producers.
Each time a record is reserved, the producer that "owns" the record will
successfully advance producer counter. In user space each time a record is
read, the consumer of the data advanced the consumer counter once it finished
processing. Both counters are stored in separate pages so that from user
space, the producer counter is read-only and the consumer counter is read-write.
One aspect that simplifies and thus speeds up the implementation of both
producers and consumers is how the data area is mapped twice contiguously
back-to-back in the virtual memory, allowing to not take any special measures
for samples that have to wrap around at the end of the circular buffer data
area, because the next page after the last data page would be first data page
again, and thus the sample will still appear completely contiguous in virtual
memory.
Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
book-keeping the length and offset, and is inaccessible to the BPF program.
Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
possible to make a second allocated memory chunk overlapping with the first
chunk and as a result, the BPF program is now able to edit first chunk's
header.
For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
allocate a chunk B with size 0x3000. This will succeed because consumer_pos
was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
page and could cause a crash.
Fix it by calculating the oldest pending_pos and check whether the range
from the oldest outstanding record to the newest would span beyond the ring
buffer size. If that is the case, then reject the request. We've tested with
the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
before/after the fix and while it seems a bit slower on some benchmarks, it
is still not significantly enough to matter.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overrunning reservations in ringbuf
The BPF ring buffer internally is implemented as a power-of-2 sized circular
buffer, with two logical and ever-increasing counters: consumer_pos is the
consumer counter to show which logical position the consumer consumed the
data, and producer_pos which is the producer counter denoting the amount of
data reserved by all producers.
Each time a record is reserved, the producer that "owns" the record will
successfully advance producer counter. In user space each time a record is
read, the consumer of the data advanced the consumer counter once it finished
processing. Both counters are stored in separate pages so that from user
space, the producer counter is read-only and the consumer counter is read-write.
One aspect that simplifies and thus speeds up the implementation of both
producers and consumers is how the data area is mapped twice contiguously
back-to-back in the virtual memory, allowing to not take any special measures
for samples that have to wrap around at the end of the circular buffer data
area, because the next page after the last data page would be first data page
again, and thus the sample will still appear completely contiguous in virtual
memory.
Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
book-keeping the length and offset, and is inaccessible to the BPF program.
Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
possible to make a second allocated memory chunk overlapping with the first
chunk and as a result, the BPF program is now able to edit first chunk's
header.
For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
allocate a chunk B with size 0x3000. This will succeed because consumer_pos
was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
page and could cause a crash.
Fix it by calculating the oldest pending_pos and check whether the range
from the oldest outstanding record to the newest would span beyond the ring
buffer size. If that is the case, then reject the request. We've tested with
the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
before/after the fix and while it seems a bit slower on some benchmarks, it
is still not significantly enough to matter.
π@cveNotify