#vulnerability

WordPress SeatReg plugin version 1.54.0 suffers from an open redirection vulnerability.

WordPress WP Event Manager plugin version 3.1.44 suffers from a cross site scripting vulnerability.

The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,

### Summary The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. ### Details The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method: <https://github.com/restsharp/RestSharp/blob/777bf194ec2d14271e7807cc704e73ec18fcaf7e/src/RestSharp/Request/HttpRequestMessageExtensions.cs#L32> This method does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. ### PoC The below example code creates a console app that takes one command line variable "api key" and then makes a request to some status page with the provided key inse...

Serilog (before v2.1.0) contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. It is not possible to configure Serilog.Enrichers.ClientInfo to not trust the X-Forwarded-For header.

### Impact _What kind of vulnerability is it? Who is impacted?_ This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. ### Patches _Has the problem been patched? What versions should users upgrade to?_ >= v0.14.6 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ Update and Limit the ClusterRole using [security-role](https://github.com/hwameistor/hwameistor/blob/main/helm/hwameistor/templates/clusterrole.yaml). ### References _Are there any links users can visit to find out more?_ issues: https://github.com/hwameistor/hwameistor/issues/1457 https://github.com/hwameistor/hwameistor/issues/1460 also reported by users via mails: [sparkEchooo](https://github.com/sparkEchooo), [younaman](https://github.com/younaman)

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (`plugin.tx_powermail.settings.db.enable=1`), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.

### Summary `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. ### PoC Example target script: ``` <?php require 'vendor/autoload.php'; $reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReader("Xlsx"); $spreadsheet = $reader->load(__DIR__ . '/book.xlsx'); $writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet); print($writer->generateHTMLAll()); ``` Save this file in the same directory: [book.xlsx](https://github.com/PHPOffice/PhpSpreadsheet/files/15212797/book.xlsx) Open index.php in a web browser. An alert should be displayed. ### Impact Full takeover of the session of users viewing spreadsheet files as HTML.

### Summary OpenTelemetry Collector module [`awsfirehosereceiver`](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/awsfirehosereceiver) allows unauthenticated remote requests, even when configured to require a key. OpenTelemetry Collector can be configured to receive CloudWatch metrics via an AWS Firehose Stream. [Firehose sets the header](https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html) `X-Amz-Firehose-Access-Key` with an arbitrary configured string. The OpenTelemetry Collector awsfirehosereceiver can optionally be configured to require this key on incoming requests. However, when this is configured it **still accepts incoming requests with no key**. ### Impact Only OpenTelemetry Collector users configured with the “[alpha](https://github.com/open-telemetry/opentelemetry-collector#alpha)” `awsfirehosereceiver` module are affected. This module was [added](https://github.com/open-telemetry/opentelemetry-collector-...