HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
<p>A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator.</p> <p>To exploit the vulnerability, an authenticated attacker would need to send a specially crafted request to an affected SSRS server.</p> <p>The update addresses the vulnerability by modifying how SSRS validates attachment uploads.</p>
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353.
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured. Thus anyone who has access to the channel ID they wish to change settings for and the server settings panel for any server could change settings for the requested channel no matter which server it belonged to. Commit a947d7c resolves the issue and has been deployed to the official instance of the bot. The only workaround that exists is to disable the web config entirely by changing it to run on localhost. Note that a workaround is only necessary for those who run their own instance of the bot.
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.
A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by authenticating to the application as a Read-only user and sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device.
An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain.
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803.
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.
phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity.
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771.
Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265.
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.
PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.
PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client.
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a `Deno.makeTemp*` API containing path traversal characters. This is fixed in Deno 1.41.1.
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request.
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201.
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316.
Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.