Monthly Archive: June 2021

Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. Date published : 2021-06-23 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1322

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. Date published : 2021-06-23 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1321

GetSimpleCMS

Cross Site Scripting vulnerability in GetSimpleCMS

Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. Date published : 2021-06-22...

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. Date published : 2021-06-22 https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. Date published : 2021-06-22 https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece https://seclists.org/oss-sec/2010/q4/282

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. Date published : 2021-06-22 https://seclists.org/oss-sec/2010/q3/357 https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf

A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file...

Gitpod before 0.6.0 allows unvalidated redirects. Date published : 2021-06-22 https://github.com/gitpod-io/gitpod/blob/main/CHANGELOG.md https://github.com/gitpod-io/gitpod/commit/8ca431f86ae3a6f9a17afcfed51cdd065fcff1a5

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. Date published : 2021-06-22 https://github.com/xoffense/POC/blob/main/Account%20takeover%20%28Chaining%20session%20fixation%20%2B%20reflected%20Cross%20Site%20Scripting%29%20in%20ICE%20Hrm%20Version%2029.0.0.OS.md

Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. Date published : 2021-06-22 https://github.com/xoffense/POC/blob/main/Account%20takeover%20%28Chaining%20session%20fixation%20%2B%20reflected%20Cross%20Site%20Scripting%29%20in%20ICE%20Hrm%20Version%2029.0.0.OS.md