MODERATE

[pyload-ng] Improper Input Validation in pyload-ng

Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0434
https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104
https://huntr.dev/bounties/…

[libgit2-sys] git2-rs fails to verify SSH keys by default

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks….

[cakephp/cakephp] CakePHP vulnerable to Cross-site Scripting in some development error pages

CakePHP 3.4 prior to 3.4.14, 3.5 prior to 3.5.17, and 3.6 prior to 3.6.4 contains a cross-site-scripting (XSS) vulnerability in the development only missing route and duplicate named route error pages.
References

https://github.com/cakephp/cakephp/com…

[cakephp/cakephp] CakePHP vulnerable to Remote File Inclusion through View template name manipulation

CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.
References

https://github.com/cakephp/cakephp/comm…

[cakephp/cakephp] CakePHP allows direct access of prefixed controller actions

Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters.
References

https://github.com/cakephp/cakephp/commit/056f24a77428ad35e23cab6840a72b7c25c4ccc0
https://bakery.cakephp.org/2015/08/06/…

[elf_rs] ELF header parsing library doesn’t check for valid offset

The crate has several unsafe sections that don’t perform proper pointer validation.
An example can be found in the following function:
fn section_header_raw(&self) -> &[ET::SectionHeader] {
let sh_off = self.elf_header().section_header_o…

[github.com/sylabs/scs-library-client] scs-library-client may leak user credentials to third-party service via HTTP redirect

Impact
When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific fl…

[bumpalo] bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`

Posted inMODERATE
Posted byWpmaster
01/21/2023

In affected versions of this crate, the lifetime of the iterator produced by Vec::into_iter() is not constrained to the lifetime of the Bump that allocated the vector’s memory. Using the iterator after the Bump is dropped causes use-after-free accesses…

[github.com/uber/kraken] Kraken has arbitrary file read vulnerability via component testfs

kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-47747
https://github.com/uber/kraken/issues/333
https://github.com/advisories/GHSA-hj4g-4w36-x8hp

[pimcore/pimcore] pimcore is vulnerable to cross-site scripting via “title field ” in data objects

Impact
The vulnerability is capable of resulting in stolen user cookies.
Proof of Concept
Login with dev account https://11.x-dev.pimcore.fun/admin/?_dc=1670962076&perspective=

Go to setting –> data objects –> classes –> events

Click …

TechMedia

Featured

[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces

[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter