#vulnerability

Incorrect CSRF token checks resulted in multiple CSRF risks.

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments.

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/go-git/go-git/v5` library on these lines: https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L55-L89 The Git provider does the following on these lines: First, it sets the `CloneOptions`, specifying the url, the depth etc: https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L56-L62 It then validates the options: https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L66-L68 It then sets up an in-memory filesystem, to which it clones: https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L70-L71 Finally, it clones the repository: https://github.com/stacklok/minder/blob/85985445c...

A controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name. "Mandating mass scanning of private communications fundamentally

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.

Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal vulnerability. The vulnerable endpoint /webtools/control/forgotPassword allows an attacker to access the ProgramExport endpoint which in turn allows for remote code execution in the context of the user running the application.

Forcing Microsoft to compete fairly is the most important next step in building a better defense against foreign actors.

Microweber version 2.0.15 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice 6835-1 - It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. Thomas Rinsma discovered that Ghostscript did not prevent changes to uniprint device argument strings after SAFER is activated, resulting in a format-string vulnerability. An attacker could possibly use this to execute arbitrary code.