Skip to content

トピトピニュース

Header Image
Category

HIGH

381 Posts

Featured

Posted byGitHub
[phpxmlrpc/phpxmlrpc] code injection in phpxmlrpc/phpxmlrpc
Posted byGitHub
[ghost] ghost vulnerable to unauthorized newsletter modification via improper access controls
Posted byGitHub
[microweber/microweber] Account Takeover Through Password Reset Poisoning
Posted byGitHub
[apache-airflow] OS Command Injection in Apache Airflow

[phpxmlrpc/phpxmlrpc] code injection in phpxmlrpc/phpxmlrpc

  • Posted inHIGH
  • Posted byGitHub
  • 11/29/2022

code injection in Wrapper::buildClientWrapperCode via manipulation of the $client argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server’s url.
References

https://github.c…

[ghost] ghost vulnerable to unauthorized newsletter modification via improper access controls

  • Posted inHIGH
  • Posted byGitHub
  • 11/29/202211/29/2022

Impact
On sites where members is enabled (this is the default) it is possible for members (unprivileged users) to make changes to newsletter settings. This gives unprivileged users the ability to view and change settings they were not intended to have …

[microweber/microweber] Account Takeover Through Password Reset Poisoning

  • Posted inHIGH
  • Posted byGitHub
  • 11/23/202211/29/2022

Microweber 1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-33012
https://blog.jitendrapatro.me/cve-2022-33012-account-takeover-through-pas…

[apache-airflow] OS Command Injection in Apache Airflow

  • Posted inHIGH
  • Posted byGitHub
  • 11/22/202211/29/2022

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access…

[apache-airflow] OS Command Injection in Apache Airflow

  • Posted inHIGH
  • Posted byGitHub
  • 11/22/202211/30/2022

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write acces…

[org.xwiki.platform:xwiki-platform-oldcore] Creation of new database tables through login form on PostgreSQL

  • Posted inHIGH
  • Posted byGitHub
  • 11/22/202211/22/2022

Impact
It’s possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form.
Patches
The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2.
Workarounds
The only workarounds …

[org.xwiki.platform:xwiki-platform-user-profile-ui] Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui

  • Posted inHIGH
  • Posted byGitHub
  • 11/22/202211/22/2022

Impact
Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki.
Patches
The …

[org.xwiki.platform:xwiki-platform-tag-ui] Cross-Site Request Forgery (CSRF) allowing to delete or rename tags

  • Posted inHIGH
  • Posted byGitHub
  • 11/22/2022

Impact
It’s possible with a simple request to perform deletion or renaming of tags without needing any confirmation, by using a CSRF attack.
Patches
The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1.
Workarounds
It’s possible to patch…

[github.com/duke-git/lancet/v2/fileutil] Lancet vulnerable to path traversal when unzipping files

  • Posted inHIGH
  • Posted byGitHub
  • 11/22/202211/23/2022

Impact
What kind of vulnerability is it? Who is impacted?
ZipSlip issue when use fileutil package to unzip files.
Patches
Has the problem been patched? What versions should users upgrade to?
It will fixed in v2.1.10, Please upgrade version to v2.1.10 o…

[tflite] Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

  • Posted inHIGH
  • Posted byGitHub
  • 11/22/2022

Impact
The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result.
Instead of data_ptr += num_channels; it should be data_ptr += output_num_channels; as if the number of inp…

Posts navigation

1 2 3 … 39 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close