Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the

The Hacker News
#xss#csrf#vulnerability#git#oauth#auth#The Hacker News
GHSA-94cc-xjxr-pwvf: DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

### Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser _may_ execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter privileges in the repository. The submitter must upload the malicious HTML/XML/JavaScript file themselves. The attack itself would not occur until a different authenticated user downloads the malicious file. CORS and CSRF protection built into DSpace help to limit the impact of the attack (and may block it in some scenarios). If the repository is configured to only download HTML / XML / JavaScript Bitstreams using the [`Content-Disposition: attachment`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition) header, then the attack is no longer possible. See "Workarounds" below. ### Patches The fix is included in both 8.0 and 7.6.2. Please upgrade to one of t...

Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

Carbon Forum version 5.9.0 suffers from access control, cross site request forgery, file upload, outdated library, and remote SQL injection vulnerabilities.

Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery

Paradox IP150 Internet Module version 1.40.00 suffers from a cross site request forgery vulnerability.

Cacti Import Packages Remote Code Execution

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.

Siemens SINEC Traffic Analyzer

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC Traffic Analyzer Vulnerabilities: Out-of-bounds Write, Insufficient Session Expiration, Cross-Site Request Forgery (CSRF), Insufficiently Protected Credentials, Exposed Dangerous Method or Function, Cleartext Transmission of Sensitive Information, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, disclose sensitive information, or modify files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRO...

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

Kiuwan SAST versions prior to 2.8.2402.3, Kiuwan Local Analyzer versions prior to master.1808.p685.q13371, and Kiuwan SaaS versions prior to 2024-02-05 suffer from XML external entity injection, cross site scripting, insecure direct object reference, and various other vulnerabilities.

GHSA-xg9w-r469-m455: ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities

In Zend Framework 2, the `Zend\Math\Rand` component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's `mt_rand()` function as a fallback. All outputs from `mt_rand()` are predictable for the same PHP process if an attacker can brute force the seed used by the Marsenne-Twister algorithm in a Seed Recovery Attack. This attack can be successfully applied with minimum effort if the attacker has access to either a random number from `mt_rand()` or a Session ID generated without using additional entropy. This makes `mt_rand()` unsuitable for generating non-trivial random bytes since it has Insufficient Entropy to protect against brute force attacks on the seed. The `Zend\Validate\Csrf` component generates CSRF tokens by SHA1 hashing a salt, random number possibly generated using `mt_rand()` and a form name. Where the salt is known, an attacker can brute force the SHA1 hash with minimum effort to discover the random number when `mt_rand...