Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-j5vv-6wjg-cfr8: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

### Summary Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using `file:../../../etc/passwd` or `file: ///etc/passwd` can bypass weak validations and allow unauthorized access to sensitive files. Even though this has been addressed in previous patch, it is still insufficient. ### Details The check in this line of code is insufficient. ``` if re.search(r'^file:/', url.strip(), re.IGNORECASE): ``` The attacker can still bypass this by using: -`file:../../../../etc/passwd` -`file: ///etc/passwd` (with space before /) ### PoC - Open up a changedetection.io instance with a webdriver configured. - Create a new watch with `file:../../../../etc/passwd`. - Check the watch preview. - The contents of `/etc/passwd` should pop out. ### Screenshots ![image](https://github.com/user-attachme...

ghsa
#vulnerability#web#git#auth
Defining & Defying Cybersecurity Staff Burnout

Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.

Hackers Are Hot for Water Utilities

The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here's how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities.

ABB Cylon Aspect 3.08.02 (clearProjectConfigurationAjax.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'variant' HTTP POST parameter called by the clearProjectConfigurationAjax.php script.

ABB Cylon Aspect 3.08.02 (calendarUpdate.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by calendarUpdate.php script.

GHSA-9mgx-552f-59p6: TCPDF missing certificate validation

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

GHSA-4p8j-vhjm-6pvw: TCPDF lacks SVG sanitization

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

Marp Core ([`@marp-team/marp-core`](https://www.npmjs.com/package/@marp-team/marp-core)) from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting (XSS) due to improper neutralization of HTML sanitization. ### Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by default. When the allowlist is active, if insufficient HTML comments are included, the sanitizer may fail to properly sanitize HTML content and lead cross-site scripting (XSS). ### Patches Marp Core [v3.9.1](https://github.com/marp-team/marp-core/releases/tag/v3.9.1) and [v4.0.1](https://github.com/marp-team/marp-core/releases/tag/v4.0.1) have been patched to fix that. ### Workarounds If you are unable to update the package immediately, disable all HTML tags by setting `html: false` option in the `Marp` class constructor. ```javascript const marp = new Marp({ html: false }) ``` ### References - [CWE-79: Improper Neutralization...

Emerging Threats & Vulnerabilities to Prepare for in 2025

From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

Researchers Uncover Dark Web Operation Entirely Focused on KYC Bypass

iProov uncovers a major Dark Web operation selling stolen identities with matching biometrics, posing a serious threat to KYC verification systems