Monthly Archive: April 2022

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This...

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. Date published : 2022-04-15 https://code-byter.com/2022/04/06/fantec-wifi.html https://drive.google.com/file/d/1OvpNieX3pYFaZprglr5T0lV0WuLoLcLu/view?usp=sharing

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server....

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. Date published : 2022-04-15 https://github.com/nginx/njs/commit/f65981b0b8fcf02d69a40bc934803c25c9f607ab https://github.com/nginx/njs/issues/473

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Date published : 2022-04-15 https://github.com/nothings/stb/issues/1293 https://github.com/nothings/stb/pull/1297

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. Date published : 2022-04-15 https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 https://github.com/ckolivas/lrzip/issues/216

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Date published : 2022-04-15 https://github.com/nothings/stb/issues/1289 https://github.com/nothings/stb/pull/1297

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Date published : 2022-04-15 https://github.com/nothings/stb/issues/1292 https://github.com/nothings/stb/pull/1297

Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin)

Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin)

Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin)

Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin)

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. Date published : 2022-04-15 https://github.com/Mount4in/Mount4in.github.io/blob/master/poc.py https://github.com/Mount4in/Mount4in.github.io/blob/master/suitecrm.docx

A zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin. Date published : 2022-04-15 https://support.chamilo.org/projects/1/wiki/Security_issues