Handsome Testimonials & Reviews Project Security Vulnerabilities

Exploit for CVE-2024-4367

PDF.js Vulnerability Demo Project This project is intended to...

AIX is affected by a denial of service due to Python (CVE-2024-0450)

IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:07:51 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory10.asc Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)...

CVE-2024-4146

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

CVE-2015-10045

A vulnerability, which was classified as critical, was found in tutrantta project_todolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141......

CVE-2023-35940

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this...

CVE-2023-35924

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...

CVE-2023-34244

GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8.....

CVE-2024-29093 WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

Security Updates for Microsoft SharePoint Server and Microsoft Project Server (May 2018)

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a ...

CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and...

CVE-2023-49675 CODESYS: Out-of-bounds write through corrupted project files

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write...

Security Updates for Microsoft SharePoint Server and Microsoft Project Server (November 2017)

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not ...

CVE-2023-29941

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...

CVE-2024-2293

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and...

lunary-ai/lunary allows users unauthorized access to projects

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:10:30 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_jun2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...

CVE-2022-4766

A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a.....

CVE-2023-28849

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory...

Exploit for Insufficiently Protected Credentials in Rpc.Py Project Rpc.Py

rpc.py 0.6.0...

CVE-2023-48161

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Vm4J A tool for detect vmware product log4j vulnerability....

Gitlab -- Vulnerabilities

Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's...

OpenSSH -- Race condition resulting in potential remote code execution

The OpenSSH project reports: A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD...

Cluster Name Enumeration

github.com/argoproj/argo-cd is vulnerable to Cluster Name Enumeration. This vulnerability is due to inadequate handling of error messages such as cluster names, allowing attackers to enumerate clusters and project names within project-scoped...

FreeBSD : kanboard -- Project Takeover via IDOR in ProjectPermissionController (91929399-249e-11ef-9296-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...

CVE-2024-2293

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and...

CVE-2023-49675 CODESYS: Out-of-bounds write through corrupted project files

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write...

CVE-2023-42802

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP....

CVE-2023-35939

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version...

Privilege Escalation

github.com/glpi-project/glpi-agent is vulnerable to Privilege Escalation. The vulnerability is due to improper security controls in the MSI package installer that allow a local user to manipulate the GLPI server URL or disable the agent service, and in some cases, configure a malicious server to...

CVE-2022-38856

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder...

CVE-2022-38853

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder...

CVE-2023-2485

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they...

Exploit for Out-of-bounds Write in Polkit Project Polkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit...

Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure

The version of IntegraXor installed on the remote host is a version prior to 4.1 Build 4369. It is, therefore, reportedly affected by an information disclosure vulnerability due to credentials being stored in plaintext. An attacker can potentially exploit this vulnerability to disclose credentials....

Privilege Escalation

github.com/glpi-project/glpi-agent is vulnerable to Privilege Escalation. The vulnerability is due to the ability of a local user to modify GLPI-Agent code or used DLLs, which can alter agent logic and potentially grant higher...

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Impact An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as permissive instead of strict) to potentially use artifacts with signatures that are no...

ntpd has Dependency on Vulnerable Third-Party Component

During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...

CVE-2024-34763

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2024-34763

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

Directory creation by malicious user in saltstack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...

BIT-gitlab-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...

AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...

Strong Testimonials < 3.1.12 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed PoC Setup...

Directory creation by malicious user in saltstack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...

Malicious code in zsbpwebsdktest3 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a25d6ab5c8c52c4020f38d78237f6c953a826c3e8abc287370befada0727c50a) The OpenSSF Package Analysis project identified 'zsbpwebsdktest3' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package.....