Zero-Day

Inject JavaScript code within the WSO2 Identity server application using the URL of the login.

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout.

This vulnerability allows the user to rename the system folders of the Zscaler Client Connector, blocking the services’ restart, configuring the agent in Turn Off and to navigate the web while avoiding the requests’ redirect through the protected tunnel.

This vulnerability allows the user to rename the system folders of the Zscaler Client Connector, bypassing the password request throughout the phase of the agent removal.

PwnDoc through 0.5.3 allows remote attackers to identify disabled user account names by leveraging response messages for authentication attempts.

PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.

The vulnerability allows malicious users to execute malicious code on target systems, preventing Windows from setting the “Mark of the Web” flag on files extracted from an archive

Abuse of Open Graph protocol for creating previews to misleading links to the detriment of WhatsApp users

The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well

The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.

This authentication mechanism allows a malicious site to show legitimate content to Googlebot in order to be indexed and made reachable to users, and malicious content at the same time for users.

RSA Archer 6.9.SP1 P3 suffer of a privilege escalation vulnerability letting administrators access presumibily inaccessible functionalities.

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.

XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command.

The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows remote attackers to perform internal port scanning via SSRF.

DOM-based XSS attack in WSO2 Identity Server 5.7.0 allows remote attackers to inject arbitrary web script in password reset procedure. This vulnerability can be used to perform Open Redirection attacks too.

Blind Command Injection in L.E.F. srl Radio Web Streamer 1.0 allows an
authenticated attacker to execute arbitrary command on the target system via specially crafted HTTP POST request.

Arbitrary File Upload in L.E.F. srl Radio Web Streamer 1.0 allows an
authenticated attacker to upload arbitrary file on the target system, hence
executing arbitrary command by uploading a PHP file.

Unauthenticated Command Injection in L.E.F. srl Radio Web Streamer 1.0 allows  an attacker to execute arbitrary command on the target system.

This vulnerability allows unauthenticated attacker with network access via HTTP to create, delete, edit critical data and read accessible data.

This vulnerability allows unauthenticated attacker with network access via HTTP to update, insert, delete and partially read accessible data.

An Insecure Direct Object Reference (IDOR) in Archimista 3.1.0 allows authenticated attacker to read and export all the reports in the application.

An arbitrary file read in Archimista 3.1.0 allows remote attacker to read arbitrary files on the file system.

A SQL injection in Archimista 3.1.0 allows remote attacker to execute arbitrary query on the database via the “term” parameter.

A SQL injection in Archimista 3.1.0 allows remote attacker to execute arbitrary query on the database via the “order” parameter.

Dettagli non pubblici

Dettagli non pubblici

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs.

Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.

Dettagli non pubblici