#git

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.

MISP 2.4174 allows XSS in app/View/Events/index.ctp.

# Summary An arbitrary file write vulnerability could lead to direct control of the server # Details ## Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations.It looks like this: - Vulnerable Code  # PoC - We can write the SSH public key into the /etc/.root/authorized_keys configuration file on the server.  - The server was successfully written to the public key  - Successfully connected to the target server using an SSH priv...

### Summary Any file downloading vulnerability exists in 1Panel backend. ### Details Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access.  ### PoC payload: POST /api/v1/files/download/bypath HTTP/1.1 Host: ip Content-Type: application/json {"path":"/etc/passwd"}  ### Impact Attackers can freely download the file content on the target system. This will be caused a large amount of information leakage.

### Summary Arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. ### Details In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameter[path]. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability  ### PoC Request /api/v1/files/loadfile, carry /etc/passwd data to read, as shown below:  ### Impact 1Panel v1.4.3

Moq v4.20.0 and 4.20.1 include support for [SponsorLink](https://github.com/devlooped/SponsorLink), which runs an obfuscated DLL at build time that scans local `git config` data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality.

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. As a workaround, disable app files_external. This also makes the external storage inaccessible but retains the configurations until a patched version has been deployed.