Palasthotel By Edward Bock, Katharina Rompf Security Vulnerabilities

Malicious code in by-fetch (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (bbe17032deb287c69fb57c7e240590cb829a046c49e904b65d01686694636d5b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in by-dynamic-domain (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (4c793f13f0128e865eaa4b39e8ccadf06126154f88e34537d0b31845a5b5f638) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in by-network (npm)

-= Per source details. Do not edit below this...

Malicious code in by-storage (npm)

-= Per source details. Do not edit below this...

Malicious code in by-skynet (npm)

-= Per source details. Do not edit below this...

Malicious code in by-gtm (npm)

-= Per source details. Do not edit below this...

CVE-2022-35956

This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 update_by_case gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection....

Authentication Bypass By Spoofing

github.com/openshift/telemeter/ is vulnerable to Authentication Bypass By Spoofing. The vulnerability is due to improper checks which allows an attacker to bypass the issue ("iss") check during JSON Web Token (JWT)...

Exploit for Authentication Bypass by Spoofing in Zabbix

cve-2022-23131 使用方式：python3...

Exploit for Authentication Bypass by Spoofing in Zabbix

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp ...

AMD Processors February 2024 Security Updates

AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

Authentication Bypass By Spoofing

github.com/kubernetes/kubernetes/ is vulnerable to Authentication Bypass By Spoofing. The vulnerability is due to improper issuers check which allows an attacker to bypass the issue ("iss") check during JSON Web Token (JWT)...

AMD SPI Lock Bypass June 2024 Security Update

AMD has informed HP of a potential weakness in AMD SPI protection features, which might allow arbitrary code execution. AMD is releasing firmware updates and HP is enabling AMD ROM Armor to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has...

Intel PROSet/Wireless WiFi and Bluetooth May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Bluetooth® products, which might allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...

CVE-2023-41670

Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4...

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017-PoC ``` pip install -r requirements.txt...

bock-versorgungstechnik.de Cross Site Scripting vulnerability OBB-3906481

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

PDoS by large zen rule names

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

[ADP Grant] Guest user can see the trace logs recorded by Admin user by MainActivity

In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[ADP Grant] Guest user can see the trace logs recorded by Admin user by MainTvActivity

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2024-5859

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5791

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...

CVE-2024-35761

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through...

Ability to by-pass second factor

Description Impact Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 It is recommended that the Nextcloud Enterprise Server is...

Directory creation by malicious user in saltstack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...

Directory creation by malicious user in saltstack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...

Exploit for Authentication Bypass by Spoofing in Apache Apisix

CVE-2022-24112 Apache APISIX...

Photo Gallery by 10Web <= 1.8.25 - Missing Authorization

Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.25. This makes it possible for authenticated attackers, with Subscriber-level...

Exploit for Authentication Bypass by Spoofing in Apache Apisix

exploit_CVE-2022-24112 CVE-2022-24112...

goreleaser shows environment by default

Summary Since #4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet (or run goreleaser later in a container, or...

Task Hijacking Using startActivityForResults - Phone by Google Example

In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

BAL bypass by utilizing UsbManager.requestPermission (*android 14 beta4*)

In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Etcd pkg Insecure ciphers are allowed by default

Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd by default contains weak ciphers. Workarounds Provide a desired ciphers using the --cipher-suites flag as described with examples in the security documentation References Find out more on this vulnerability in the...

Enumerate photos across users by SystemUI media resumption

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...

PDoS by using dynamic shortcuts to exhaust memory

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...

Exploit for Authentication Bypass by Spoofing in Zabbix

zabbix-saml-bypass-poc cve-2022-23131 ...

Outgoing call redirection by phone account settings tapjacking

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

Telerik Report Server Authentication Bypass - CVE-2024-4358...

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

Email Subscribers by Icegram Express < 5.7.21 - Unauthenticated SQL Injection via hash

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query....

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

Exploit for Off-by-one Error in Sudo Project Sudo

PE_CVE-CVE-2021-3156 Exploit for Ubuntu 20.04 using...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 An Vulnerability detection and Mass...

Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting

The sender plugin before 1.2.1 for WordPress has multiple XSS...

Photo Gallery by 10Web < 1.6.0 - SQL Injection

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL...

Popup by Supsystic <1.10.5 - Cross-Site scripting

WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting...