Skip to content

TechMedia

Header Image
Category

MODERATE

588 Posts

Featured

Posted byWpmaster
[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

[sentry] Sentry vulnerable to invite code reuse via cookie manipulation

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/13/202212/13/2022

With a known valid invite link (i.e. not already accepted or expired) an unauthenticated attacker can manipulate the cookie to allow the same invite link to be reused on multiple accounts when joining an organization.
Impact
An attacker with a valid in…

[io.netty:netty-codec-http] Netty vulnerable to HTTP Response splitting from assigning header value iterator

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/13/202201/12/2023

Impact
When calling DefaultHttpHeaders.set with an iterator of values (as opposed to a single given value), header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting.
Patches
The nece…

[@claviska/jquery-minicolors] @claviska/jquery-minicolors vulnerable to Cross-site Scripting

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/13/202212/16/2022

A vulnerability was found in claviska jquery-minicolors up to 2.3.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the file jquery.minicolors.js. The manipulation leads to cross site scripting. The attack may…

[github.com/alist-org/alist/v3] Alist Cross-site Scripting vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/13/202212/15/2022

Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-45970
https://github.com/alist-org/alist/issues/2457
https://github.com/advisories/GHSA-957m-g6rf-4c2m

[yikesinc/yikes-inc-easy-mailchimp-extender] yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/13/202201/09/2023

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/…

[github.com/aws/amazon-cloudwatch-agent] Amazon CloudWatch Agent for Windows has Privilege Escalation Vector

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/12/202212/13/2022

Impact
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative acce…

[org.jenkins-ci.plugins:google-login] Jenkins Google Login Plugin Open Redirect vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/12/202212/13/2022

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Google Login Plugin 1.7 only redirects to relative (Jenkins) URLs.
References

https://nvd.nist.gov/…

[org.jenkins-ci.plugins:sonar-gerrit] Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/12/202212/13/2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credent…

[org.jenkins-ci.plugins:gitea] Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/12/202212/13/2022

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.
Gitea Plugin 1.4.5 adds support for masking of Gitea personal access tok…

[thorsten/phpmyfaq] phpMyFAQ vulnerable to Cross-site Scripting

  • Posted inMODERATE
  • Posted byWpmaster
  • 12/12/202212/13/2022

phpMyFAQ prior to version 3.1.9 is vulnerable to reflected Cross-site Scripting (XSS).
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4407
https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5
https://huntr.dev/bou…

Posts navigation

Previous Posts 1 … 28 29 30 31 32 … 59 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close