![]() If you use this method in site or plugin code, these uses may be affected by the same vulnerability. The issue was caused by the underlying `Kirby\Http\Response::file()` method, which didn't have an explicit fallback if the MIME type could not be determined from the file extension. The browser would then run the script, which could for example trigger requests to Kirby's API with the permissions of the victim. If the victim opened that link in a browser where they are logged in to Kirby and the file had not been opened by anyone since the upload, Kirby would not be able to send the correct MIME content type, instead falling back to `text/html`. The direct link to that file could be sent to other users or visitors of the site. This may be used to hide the source of malicious traffic. ![]() This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user. The flaw exists within the network_traffic API endpoint. Authentication to the API is required to exploit this vulnerability. Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. ![]() This may be used to bypass bruteforce protection. The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.Ī CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. No POP chain is present in the vulnerable plugin. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. The OpenSSL SSL/TLS implementation is not affected by this issue. Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). An application calling any of those other functions may similarly be affected. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. ![]() Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |