Monthly Archive: May 2022

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the...

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. Date published : 2022-05-20 https://www.vmware.com/security/advisories/VMSA-2022-0014.html

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access...

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID:...

All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. Date published : 2022-05-20 https://github.com/AlexFlipnote/url_regex/blob/master/url_regex/url_regex.py https://snyk.io/vuln/SNYK-PYTHON-URLREGEX-2347643

Cross-site Scripting (XSS) – Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. Date published : 2022-05-20 https://huntr.dev/bounties/101a2a31-0b27-433a-ad3a-a216238ca4d1 https://github.com/rtxteam/rtx/commit/9bb109b0014f952f315c7b89e0f29a9ba84ee04c

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. Date published : 2022-05-20 https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124 https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. Date published : 2022-05-20 https://huntr.dev/bounties/d1330ce8-cccb-4bae-b9a9-a03b97f444a5 https://github.com/jgraph/drawio/commit/c63f3a04450f30798df47f9badbc74eb8a69fbdf

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. Date published : 2022-05-20 https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53

Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. Date published : 2022-05-20 https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. Date published : 2022-05-20 https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2 https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. Date published : 2022-05-20 https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform...

An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. Date published : 2022-05-19 https://github.com/gongfuxiang/shopxo/issues/64