A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[day\] \[month\] \[year\] \[list\]

Date: Fri, 3 Dec 2021 12:24:32 +0100
From: Oswald Buddenhagen <oswald.buddenhagen@....de>
To: isync-devel@...ts.sourceforge.net
Cc: oss-security@...ts.openwall.com
Subject: CVE-2021-3657: multiple buffer overflows in isync/mbsync

description:

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate
handling of extremely large (>=2GiB) IMAP literals, malicious or
compromised IMAP servers, and hypothetically even external email
senders, could cause several different buffer overflows, which could
conceivably be exploited for remote code execution.

mitigation:

upgrade to the freshly released v1.4.4 available from 
https://sourceforge.net/projects/isync/files/isync/ , or apply the 
matching attached patch. note that while a patch for v1.3.x is provided, 
no upstream release will be made any more.

details:

i'm not sure it's actually possible to pull off RCE with these. a
non-server attacker would be additionally impaired by message size
limitations and being unable to predict the exact size of the headers
stored in the box, so they would likely need an account on the same
liberally configured system, apart from knowing to target mbsync.

**View attachment "**CVE-2021-3657-buffer-overflows-on-big-1.4.patch**" of type "**text/x-diff**" (7190 bytes)**

**View attachment "**CVE-2021-3657-buffer-overflows-on-big-1.3.patch**" of type "**text/x-diff**" (5489 bytes)**

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2021-3657: security - CVE-2021-3657: multiple buffer overflows in isync/mbsync

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 14

*   Code
*   Issues 67
*   Pull requests 2
*   Actions
*   Projects 3
*   Wiki
*   Security
*   Insights

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

fix: \[security\] open endpoints should only be open when enabled

\- as reported by Dawid Czarnecki from Zigrin Security

*   Loading branch information

Showing **2 changed files** with **10 additions** and **2 deletions**.

*   *   IndividualsController.php
    *   OrganisationsController.php

6 changes: 5 additions & 1 deletion src/Controller/Open/IndividualsController.php

Expand Up

@@ -11,13 +11,17 @@

use Cake\\Http\\Exception\\MethodNotAllowedException;

use Cake\\Http\\Exception\\ForbiddenException;

use Cake\\Event\\EventInterface;

use Cake\\Core\\Configure;

  

class IndividualsController extends AppController

{

public function beforeFilter(EventInterface $event)

{

parent::beforeFilter($event);

$this\->Authentication\->allowUnauthenticated(\['index'\]);

$open = Configure::read('Cerebrate.open');

if (!empty($open) && in\_array('individuals', $open)) {

$this\->Authentication\->allowUnauthenticated(\['index'\]);

}

}

  

public function index()

Expand Down

6 changes: 5 additions & 1 deletion src/Controller/Open/OrganisationsController.php

Expand Up

@@ -10,13 +10,17 @@

use Cake\\Http\\Exception\\MethodNotAllowedException;

use Cake\\Http\\Exception\\ForbiddenException;

use Cake\\Event\\EventInterface;

use Cake\\Core\\Configure;

  

class OrganisationsController extends AppController

{

public function beforeFilter(EventInterface $event)

{

parent::beforeFilter($event);

$this\->Authentication\->allowUnauthenticated(\['index'\]);

$open = Configure::read('Cerebrate.open');

if (!empty($open) && in\_array('organisations', $open)) {

$this\->Authentication\->allowUnauthenticated(\['index'\]);

}

}

  

public function index()

Expand Down

**0 comments on commit a263234**

Please sign in to comment.

CVE-2022-25319: fix: [security] open endpoints should only be open when enabled · cerebrate-project/cerebrate@a263234

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

**hp-concentra-wrapper-portlet**

 Actions

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Severity

High

HP Reference

HPSBGN03762 Rev. 2

Release date

January 21, 2022

Last updated

January 25, 2022

Category

HP Support Assistant

Potential Security Impact

Privilege Escalation, Compromise of Integrity, Allowed Communication with Untrusted Clients, Unauthorized Modification of Files

**Relevant Common Vulnerabilities and Exposures (CVE) List**

PSR-2021-0077, CVE-2022-23453 (Ammarit Thongthua and Sitthinut Haruanpuach (Secure D Research team)), PSR-2021-0090, CVE-2022-23454 (Ammarit Thongthua and Chayanin Khawsanit (Secure D Research team)), PSR-2021-0091, CVE-2022-23455 (Ammarit Thongthua and Chayanin Khawsanit (Secure D Research team)), PSR-2021-0103, CVE-2022-23456 (Ammarit Thongthua, Chayanin Khawsanit, and Krischat Thataristorai (Secure D Research team)), PSR-2020-0083, CVE-2020-6917 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6918 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6919 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6920 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6921 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6922 (Jake Valletta and Rod Deichler, FireEye/Mandiant)

List of CVE IDs    

CVE ID

CVS 3.0

Severity

Vector

CVE-2022-23453

7.8

High

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23454

7.8

High

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23455

7.8

High

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23456

7.8

High

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-6917

7.2

High

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

CVE-2020-6918

6.9

Medium

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CVE-2020-6919

6.9

Medium

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CVE-2020-6920

5.0

Medium

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CVE-2020-6921

6.9

Medium

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CVE-2020-6922

6.9

Medium

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2021-0077, PSR-2021-0090, PSR-2021-0091, PSR-2021-0103, PSR-2020-0083

**Resolution**

HP strives to address all security issues with HP Support Assistant at best possible speed and makes the latest version available with the fixes. HP recommends customers to update to latest version of HP Support Assistant that includes fixes to above listed issues by turning on automatic updates within HP Support Assistant settings. If the system has HP Support Assistant 8x version, HP advises customers to upgrade to HP Support Assistant 9 version by going to **About** section and checking for updates. If the system has HP Support Assistant version 9, HP recommends keeping MS store updates turned on so that the application is always kept up to date.

Alternately customers can also get latest version at https://www.hp.com/go/hpsupportassistant.

HP recommends keeping your system up to date with the latest firmware and software.

Note:

This bulletin might be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive:

*   Product support eAlerts
    
*   Driver updates
    
*   Security Bulletin updates
    

**Supported software versions**

Versions earlier than 9.11 of HP Support Assistant.

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

2

Relevant Common Vulnerabilities and Exposures (CVE) List text added.

January 25, 2022

1

Initial Release

January 22, 2022

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2022 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2020-6922: Multiple vulnerabilities in HP Support Assistant

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2022-24226: CVE/CVE-2022-24226/CVE-2022-24226.pdf at main · Nguyen-Trung-Kien/CVE

Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.

CVE-2021-46253 XSS v.0.12.7 store in archor cms 5.4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46253 https://nvd.nist.gov/vuln/detail/CVE-2021-46253 CVE-2021-46458 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add\_post. This vulnerability can be exploited through a crafted POST request via the post\_title parameter. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46458 https://nvd.nist.gov/vuln/detail/CVE-2021-46458 CVE-2021-46459 Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add\_user. These vulnerabilities can be exploited through a crafted POST request via the user\_name, user\_firstname,user\_lastname, or user\_email parameters. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46459 https://nvd.nist.gov/vuln/detail/CVE-2021-46459 CVE-2021-46253 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24226 https://nvd.nist.gov/vuln/detail/CVE-2022-24226 CVE-2022-24227 A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. 6.1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 CVE-2022-24585 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24585 https://nvd.nist.gov/vuln/detail/CVE-2022-24585 CVE-2022-24586 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24586 https://nvd.nist.gov/vuln/detail/CVE-2022-24586 CVE-2022-24587 A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24587 https://nvd.nist.gov/vuln/detail/CVE-2022-24587 CVE-2022-24588 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24588 https://nvd.nist.gov/vuln/detail/CVE-2022-24588 CVE-2022-24589 Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24589 https://nvd.nist.gov/vuln/detail/CVE-2022-24589 CVE-2022-24590 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24590 https://nvd.nist.gov/vuln/detail/CVE-2022-24590

CVE-2022-24588: GitHub - Nguyen-Trung-Kien/CVE: CVE Update

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.

CVE-2022-24206

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.

CVE-2022-23902

Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1.

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

Svg sanitization (#11386)

\* setting up the svg saniziter on logo and assets upload

\* more detailed exception message

\* changed to mime type check instead of file extension

\* adding the sanitization to "Upload new version"

\* refactor to sanitize on preAdd/preUpdate, rollback AssetController.php

\* fix resource|string, null given on mime\_content\_type

\* using symfony mime component + small tweaks

\* avoiding save without changes case

\* tweak when checking if is image type

*   Loading branch information

CVE-2022-0565: Svg sanitization (#11386) · pimcore/pimcore@7697f70

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.

*   **cmp-coming-soon-maintenance/trunk/readme.txt**
    
    r2633406
    
    r2657597
    
     
    
    6
    
    6
    
    Requires PHP: 5.6
    
    7
    
    7
    
    Tested up to: 5.8
    
    8
    
     
    
    Stable tag: 4.0.18
    
     
    
    8
    
    Stable tag: 4.0.19
    
    9
    
    9
    
    License: GPLv2 or later
    
    10
    
    10
    
    License URI: https://www.gnu.org/licenses/gpl-2.0.html
    
    …
    
    …
    
     
    
    161
    
    161
    
    162
    
    162
    
    \== Changelog ==
    
     
    
    163
    
    <h4>CMP 4.0.19 - 14-Jan-22</h4>
    
     
    
    164
    
    <ul>
    
     
    
    165
    
        <li>Fixed security issue, when unauthenticated user could update the CSS styles for CMP themes.</li>
    
     
    
    166
    
        <li>Updated purge caching function</li>
    
     
    
    167
    
    </ul>
    
    163
    
    168
    
    <h4>CMP 4.0.18 - 22-Nov-21</h4>
    
    164
    
    169
    
    <ul>

CVE-2022-0188: Changeset 2657597 for cmp-coming-soon-maintenance – WordPress Plugin Repository

Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.

Exploit Title: Dairy Farm Shop Management System  — Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access

**Date: 2020–12-25****Exploit Author: VIVEK PANDAY    ****Vendor Homepage: https://phpgurukul.com/****Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/****Version: 1.0****Tested on: Windows 10****Linkedln Contact: https://www.linkedin.com/in/vivek-panday-796768149/****CVE:2020-36062**

**\[ Hardcoded Credentials:\]**

Hardcoded Passwords, also often referred to as Embedded Credentials, are plain text passwords or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non-encrypted) passwords and other secrets (SSH Keys, DevOps secrets, etc.) into the source code. Default, hardcoded passwords may be used across many of the same devices, applications, systems, which helps simplify set up at scale, but at the same time, poses a considerable cybersecurity risk.

**\[Attack Vectors\]**

An attacker can gain admin panel access using default credentials and do malicious activities

**Proof Of Concept**

1 Download source code from https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/

2 Now unzip it and go to the Database folder here we can see one SQL file.

3 Now open that file using Notepad and there we can see admin credentials. but the password is encrypted .from pattern I identified that this is MD5 hash. so we can easily decrypt using crackstation.net or any hash cracker tools like Hashcat, John the ripper.  
Mitigation:Always use a strong encryption algorithm like SHA-256 with SALT.Never use default credentials always change during installation time

CVE-2020-36062: CVE:2020-36062 Dairy Farm Shop Management System — Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access · Issue #3 · VivekPanday12/CVE-

Tag

#php