Impact
Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to (including their own). While the Entity dropdown select field is greyed out in the UI, …
[pageflow] Pageflow vulnerable to sensitive user data extraction via Ransack query injection
Impact
The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to.
Pageflow uses the ActiveAdmin Ruby library to provide some management featur…
[kubevirt.io/kubevirt] KubeVirt vulnerable to arbitrary file read on host
Impact
Users with the permission to create VMIs can construct VMI specs which allow them to read arbitrary files on the host. There are three main attack vectors:
Some path fields on the VMI spec were not properly validated and allowed passing in rela…
[parse-url] Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2900
https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13
https://hu…
[feehi/cms] Feehi CMS host header injection vulnerability may allow attacker to spoof a particular header
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38796
https://www.youtube.com/wat…
[axum-core] Duplicate of GHSA-m77f-652q-wwp4
Duplicate advisory
This advisory is a duplicate of GHSA-m77f-652q-wwp4. This link is maintained to preserve external references.
Original Description
<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a lim…
[wonder:wonder] Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting
Project Wonder WebObjects 1.0 through 7.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available at commit number b0d2d74f13203268ea254b02552600…
[github.com/ouqiang/gocron] ouqiang gocron Cross-site scripting vulnerability
Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-40365
https://githu…
[unisharp/laravel-filemanager] UniSharp Laravel Filemanager directory traversal vulnerability
UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-40734
https…
[rdiffweb] rdiffweb 2.4.1 Missing Custom Error Page
rdiffweb version 2.4.1 is set to a default and leaks error information. Version 2.4.2 fixes this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3175
https://huntr.dev/bounties/c40badc3-c9e7-4b69-9e2e-2b9f05865159
https://github.com/ikus06…