Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-wwrg-2w5j-grvx: RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.

ghsa
Open in Source
#web#git
CVE-2023-32764

Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.

CVE-2023-36213: OffSec’s Exploit Database Archive

SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.

GHSA-735f-w79p-282x: pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name

### Impact As HTML injection works in email an attacker can trick a victim to click on such hyperlinks to redirect him to any malicious site and also can host a XSS page. All this will surely cause some damage to the victim. This could lead to users being tricked into giving logins away to malicious attackers. ### Patches Update to version 3.4.2 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2.patch ### Workarounds Apply https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2.patch manually. ### References https://huntr.dev/bounties/ce852777-2994-40b4-bb4e-c4d10023eeb0/

CVE-2023-33365: CVE-2023-33365

A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.

CVE-2023-38948: jizhi CMS 1.9.5 has a Arbitrary File Download RCE vulnerability via /A/c/PluginsController.php · Issue #I7LI4E · Pwn师傅/Pwn - Gitee.com

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.

RHSA-2023:4472: Red Hat Security Advisory: Release of OpenShift Serverless 1.29.1

Red Hat OpenShift Serverless version 1.29.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containin...

CVE-2023-39096: WebBoss.io CMS Persistent (Stored) XSS CVE-2023-39096 | RiSec Advisories

WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.

CVE-2023-39097: WebBoss.io CMS Persistent (Stored) XSS CVE-2023-39097 | RiSec Advisories

WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.

CVE-2023-36298: GitHub - MentalityXt/Dedecms-v5.7.109-RCE

DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).