Tag
#vulnerability
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Historian Server Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to get read and write access to the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Historian Server, a Process database, are affected: Historian Server: Version 2023 R2 Historian Server: Versions 2023 to 2023 P03 Historian Server: Versions 2020 to 2020 R2 SP1 P01 3.2 Vulnerability Overview 3.2.1 CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL. CVE-2024-6456 has been assigned to this vulne...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from adjacent network. Vendor: PTC Equipment: Kepware ThingWorx Kepware Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the target device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PTC reports that the following products and versions are affected: PTC Kepware ThingWorx Kepware Server: V6 PTC Kepware KEPServerEX: V6 Software Toolbox TOP Server: V6 GE IGS: V7.6x 3.2 Vulnerability Overview 3.2.1 Allocation of Resources Without Limits or Throttling CWE-770 When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are...
A researcher used two Windows vulnerabilities to perform downgrade attacks. These flaws have now been patched by Microsoft
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume,
In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for Trix attachments with a `text/html` content type. However, Trix only checks the content type on the paste event's `dataTransfer` object. As long as the `dataTransfer` has a content type of `text/html`, Trix parses its contents and creates an `Attachment` with them, even if the attachment itself doesn't have a `text/html` content type. Trix then uses the attachment content to set the attachment element's `innerHTML`. ### Impact An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. ### Patches **Upda...
### Impact The validator for the RichText fieldtype blocklists `javascript:` and `vbscript:` in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which typically means Editor role or higher. The fix implements an allowlist instead, which allows only approved link protocols. The new check is case insensitive. ### Patches - See "Patched versions". - https://github.com/ezsystems/ezplatform-richtext/commit/6131975108fa9756e17043e7a06a4e72f786f842 (and follow-ups https://github.com/ezsystems/ezplatform-richtext/commit/8b75c603dfd1ad6f6f3db15ae2324876683cbaf9 and https://github.com/ezsystems/ezplatform-richtext/commit/7bbc6d024c6146d1e1ba84d27a3ebffe9459613e and https://github.com/ezsystems/ezplatform-richtext/commit/2c652915625c47b493a2be06924f4c87d1df7d8e and https://github.com/ezsystems/ezplatform-richtext/commit/dbe816f3ff4c903cc508dfdcdc...
### Impact The validator for the RichText fieldtype blocklists `javascript:` and `vbscript:` in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which typically means Editor role or higher. The fix implements an allowlist instead, which allows only approved link protocols. The new check is case insensitive. ### Patches - See "Patched versions". - https://github.com/ibexa/fieldtype-richtext/commit/59e9c1a9da60597f60cf7338bf289dccaa7e27ca (and follow-up https://github.com/ibexa/fieldtype-richtext/commit/0a3b830e8806d5169f697351fdc48ffd95a25c67) ### Workarounds None. ### References - Same issue in v3.3: https://github.com/ezsystems/ezplatform-richtext/security/advisories/GHSA-rhm7-7469-rcpw - Ibexa advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-005-persistent-xss-in-richtext ### Credit This vulnerability was di...
### Summary An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. ### Details Source: [packages/webcrack/src/unpack/bundle.ts#L79](https://github.com/j4k0xb/webcrack/blob/241f9469e6401f3dabc6373233d85a5e76966b54/packages/webcrack/src/unpack/bundle.ts#L79) ```ts import { posix } from 'node:path'; import type { Module } from './module'; // eslint-disable-next-line @typescript-eslint/unbound-method const { dirname, join, normalize } = posix; /* ... snip ... */ const modulePath = normalize(join(path, module.path)); if (!modulePath.startsWith(path)) { throw new Error(`detected path traversal: ${module.path}`); } await mkdir(dirname(modulePath...