Monthly Archive: June 2020

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature...

An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when...

An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS. Date...

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. Date published : 2020-06-24 https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. Date published : 2020-06-24 https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. Date published : 2020-06-24 https://gist.github.com/alert3/c9dcce5474e55f408c93c086c30cdbb7 https://www.zerodayinitiative.com/advisories/ZDI-21-063/

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the...

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing ‘

The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. Date published : 2020-06-24 https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able...

BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx. Date published : 2020-06-24 https://app.boolebox.com/release/vulnerabilities/CVE-2020-13247-13248.html BooleBox Secure Sharing, Multiple Vulnerabilities

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area. Date published : 2020-06-24 https://app.boolebox.com/release/vulnerabilities/CVE-2020-13247-13248.html BooleBox...

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Date published : 2020-06-24 https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html...

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. Date published : 2020-06-24 https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html...