Archivos mensuales: septiembre 2024

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.
A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.

Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.

SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php.

A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input alert(1) leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely.

Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.

D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function.