#git

A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.

### Summary A ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team. ### Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10 contains a vulnerable regex ### PoC pass the following string '\t'.repeat(13337) + '.' ### Impact Denial of service during currency parsing in experimental version 5 of fast-xml-parser-library https://gauss-security.com

### Summary The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. ### Details Twisted’s `redirectTo` function generates an `HTTP 302 Redirect` response. The response contains an HTML body, built for exceptional cases where the browser doesn’t properly handle the redirect, allowing the user to click a link, navigating them to the specified destination. The function reflects the destination URL in the HTML body without any output encoding. ```python # https://github.com/twisted/twisted/blob/trunk/src/twisted/web/_template_util.py#L88 def redirectTo(URL: bytes, request: IRequest) -> bytes: # ---snip--- content = b""" <html> <head> <meta http-equiv=\"refresh\" content=\"0;URL=%(url)s\"> </head> <body bgcolor=\"#FFFFFF\" text=\"#000000\"> <a href=\"%(url)...

Blog Site version 1.0 suffers from a remote SQL injection vulnerability.

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

### Summary The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. ### PoC 0. Start a fresh Debian container: ```sh docker run --workdir /repro --rm -it debian:bookworm-slim ``` 1. Install twisted and its dependencies: ```sh apt -y update && apt -y install ncat git python3 python3-pip \ && git clone --recurse-submodules https://github.com/twisted/twisted \ && cd twisted \ && pip3 install --break-system-packages . ``` 2. Run a twisted.web HTTP server that echos received requests' methods. e.g., the following: ```python from twisted.web import server, resource from twisted.internet import reactor class TheResource(resource.Resource): isLeaf = True def render_GET(self, request) -> bytes: return b"GET" def render_POST(self, request) -> bytes: return b"POST" site = server.Site(TheResource()) reactor.listenTCP(80, site) reactor.run() ``` 3. Send it a PO...

### Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. An attacker can upload a PHP web shell that executes OS commands on the server, compromising the application server. Note: I am using the docker-compose.yaml file from https://github.com/Admidio/admidio/blob/master/README-Docker.md#docker-compose-usage official documentation. ### Impact: An attacker can exploit this flaw to upload a PHP web shell, which can be used to execute arbitrary commands on the server. This can lead to a complete compromise of the application server, allowing the attacker to: - E...

### Description: An SQL Injection has been identified in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. I successfully exploited SQL Injections by causing Time Delays. Advancing the payload, I was able to exfiltrate data from the database based on trial and error conditions and step-wise enumerating the characters of the database name. This was done as a POC of SQL Injection. An attacker could simply drop the database by providing a single payload, steal data, and potentially update the database according to their will. ### Impact: SQL injection (SQLi) vulnerabilities can have serious c...

Senators have asked the FTC to investigate the consumer privacy violations by car makers that provide data brokers with information that could be used against them