MODERATE

[thorsten/phpmyfaq] thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)

Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0312
https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a
https://huntr.de…

[publify_core] Publify Core does not strip metadata from images

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-2815
https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd
https://huntr….

[org.apache.shiro:shiro-root] Apache Shiro Interpretation Conflict vulnerability

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both…

[grumpydictator/firefly-iii] Improper Authorization in grumpydictator/firefly-iii

Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0298
https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
https://huntr.dev/…

[@curveball/a12n-server] a12nserver vulnerable to potential SQL Injections via Knex dependency

Impact
Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs.
If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those tha…

[org.wildfly.security:wildfly-elytron] Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, us…

[org.keycloak:keycloak-core] Keycloak allows impersonation and lockout due to email trust not being handled correctly

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
References

https://nvd.nis…

[com.fasterxml.util:java-merge-sort] Java Merge-sort Insecure Temporary File vulnerability

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temp…

[pyload-ng] Pyload Insufficient Session Expiration vulnerability

Pyload 0.5.0b3.dev35 has an Insufficient Session Expiration vulnerability. A patch is available and anticipated to be part of version 0.5.0b3.dev36.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0227
https://github.com/pyload/pyload/commit/c035…

[phpxmlrpc/phpxmlrpc] XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Posted inMODERATE
Posted byWpmaster
01/12/2023

Abusing the $method argument of Client::send, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server’s url (the one used in the Client constructor).
This weakness only affects instal…

TechMedia

Featured

[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces

[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter