immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server’s UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A…
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with checkuser access. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri…
Rumpus – FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
EXFO – BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
EXFO – BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
EXFO – BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Moodle Plugin – SAML Auth may allow Open Redirect through unspecified vectors. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
H C Mingham-Smith Ltd – Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
GLPI – Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) – The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then…
College Management System v1.0 – SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may interpret the content after the CRLF as…
College Management System v1.0 – Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database