Monthly Archive: February 2020

** DISPUTED ** The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers...

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com...

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3)...

An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use...

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which...

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker...

SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. Date published :...

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the...

taffy through 2.6.2 allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data...

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. Date published : 2020-02-17 https://plugins.trac.wordpress.org/changeset?&old=2244363%40wp-central&new=2244363%40wp-central https://wordpress.org/plugins/wp-central/#developers

Joplin through 1.0.184 allows Arbitrary File Read via XSS. Date published : 2020-02-17 http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation...

meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server....

In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. Date published : 2020-02-17 https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/ https://about.gitlab.com/releases/categories/releases/