Overview
A remote attacker can bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed WSFed assertion. Depending on the IDP used, fully unauthentic…
[typo3/cms] TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Problem
Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visi…
[typo3/cms] TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Problem
When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions.
Solution
Update…
[typo3/cms] TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
Problem
Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account – however, credentials must be k…
[typo3/cms] TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself rec…
[typo3/cms] TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
Problem
Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized. This allows bypassing the cross-site scripting mechanism of typo3/html-sani…
[org.apache.cxf:cxf-core] Apache CXF vulnerable to Exposure of Sensitive Information
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redir…
[cn.hutool:hutool-json] hutool-json stack overflow vulnerability
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45688
https://github.com/dromara/hutool/is…
[cn.hutool:hutool-json] hutool-json stack overflow vulnerability
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45690
http…
[mpl-candy-machine] Candy Machine Set Collection During Mint Missing Check
A problem with Candy Machine V2 allow minting NFTs to an arbitrary collection due to a missing check.
Here is a description of the exploit:
Details:
Here is the tx/ix to exploit:
Transaction:
Ix 1: candy_machine v2, mint_nft, passing in empty metadata …