Monthly Archive: March 2020

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP...

The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. Date published : 2020-03-12 https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/-credential-disclosure-in-watchguard-fireware-ad-helper-component https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_ad_helper_c.html

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. Date published : 2020-03-12...

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf27 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-editing-a-comment-cve-2020-10504

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf26 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-disapproving-a-new-comment-cve-2020-10503

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf25 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-approving-a-new-comment-cve-2020-10502

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf24 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-editing-a-department-cve-2020-10501

CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf23 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-replying-to-a-ticket-cve-2020-10500

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf22 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-closing-a-ticket-cve-2020-10499

CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf21 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-editing-a-category-cve-2020-10498

CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf20 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-deleting-a-category-cve-2020-10497

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf19 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-editing-an-article-cve-2020-10496

CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf18 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-editing-an-article-template-cve-2020-10495

CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request. Date published : 2020-03-12 http://antoniocannito.it/?p=343#csrf17 https://antoniocannito.it/phpkb3#cross-site-request-forgery-when-editing-a-news-article-cve-2020-10494