Tag
### Summary When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the [SVG document does not reference itself](https://github.com/dompdf/dompdf/blob/v2.0.3/src/Image/Cache.php#L136-L153). However, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. ### Details php-svg-lib, when run in isolation, does not support SVG references for `image` elements. An SVG document can, however, be referenced and Dompdf will run that reference through the same validation. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion in the validation process by chaining references between two or more SVG images. ### PoC Thi...
By Waqas BazarCall Evolves: Unraveling the Complexities of Google Forms in the Latest Phishing Tactics! This is a post from HackRead.com Read the original post: Scammers Weaponize Google Forms in New BazarCall Attack
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.
By Owais Sultan Organizations must prioritize employee engagement to thrive and achieve growth. A strong workforce enhances productivity and performance. It… This is a post from HackRead.com Read the original post: Employee Engagement And The Psychology Of Team Dynamics
PDF24 Creator versions 11.15.1 and below suffer from a local privilege escalation vulnerability via the MSI installer.
Atos Unify OpenScape Session Border Controller (SBC) versions before V10 R3.4.0, Branch versions before V10 R3.4.0, and BCF versions before V10 R10.12.00 and V10 R11.05.02 suffer from an argument injection vulnerability that can lead to unauthenticated remote code execution and authentication bypass.
The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a report published today. BazaCall (aka BazarCall), which was first
Ubuntu Security Notice 6551-1 - It was discovered that Ghostscript incorrectly handled writing TIFF files. A remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service.
### Summary When parsing the attributes passed to a `use` tag inside an svg document, we can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. ### Details Inside `Svg\Tag\UseTag::before`, php-svg-lib parses the attributes passed to an `use` tag inside an svg document. When it finds a `href` or `xlink:href`, it will try to retrieve the object representing this tag: ``` $link = $attributes["href"] ?? $attributes["xlink:href"]; $this->reference = $document->getDef($link); if ($this->reference) { $this->reference->before($attributes); } ``` `$document->getDef` is implemented as follow: ``` public function getDef($id) { $id = ltrim($id, "#"); return isset($this->defs[$id]) ? $this->defs[$id] : null; } ``` _Note:_ the `$id` in the above method is actually the _link_ being used in `use` tag. This part is important, because thi...
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests