types Archives

Advisory

Vtiger CRM <= 8.1.0 does not correctly check user's privileges. A low-privileged user can interact directly with the `Migration` administrative module to disable arbitrary modules in the instance.

Read more

Vtiger CRM <= 8.1.0 has a SQL injection vulnerability in the MailManager module.

Read more

Element Android (<1.6.12) is affected by an intent redirection, allowing a third-party malicious application to start any internal activity by passing extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript, bypassing PIN code protection, and account takeover by spawning a login screen to send credentials to an arbitrary Matrix home server.

Read more

Element Android (<1.6.12) is affected by a sensitive file disclosure, allowing a third-party malicious application to force sharing files stored under the `files` directory in the application's private sandboxed data directory to an arbitrary room. Sensitive files include the encrypted chat database, the FCM tokens, etc.

Read more

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing user's session in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them and gain code execution.

Read more

CVE-2022-20958: Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform. The lack of file validation and a broken access control on the vulnerable upload serverlet allows any authenticated user to upload a file which could be abused to run arbitrary code on the server.

Read more

CVE-2022-20951: Cisco BroadWorks CommPilot Application exposes a servlet that allows the application to be used as an HTTP proxy server. The lack of validation of the the target URL and the lack of authentication protection allows an unauthenticated attacker to achieve a full-read SSRF.

Read more

Autodesk Fusion 360 <= 2.0.12887 parses SVG files with a vulnerable XML parser, leading to a Blind XML External Entities (XXE).

Read more

pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.

Read more

Visual Studio Code Remote Development Extension 1.50 failed to sanitize the host field before using it as an argument of the ssh command, allowing to inject a ProxyCommand option which could be used to run arbitray commands.

Read more