Search the Community

ClonOs WEB UI version 19.09 suffers from an improper access control vulnerability. View the full article

A FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected. View the full article

Inteno EG200 routers with firmware versions EG200-WU7P1U_ADAMO3.16.4-190226_1650 and below have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. View the full article

Totaljs CMS version 12.0 suffers from a broken access control on an API call. View the full article

Open-Xchange AppSuite versions 7.10.1 and below suffer from information exposure and improper access control vulnerabilities. View the full article

Researchers discovered a way to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods when symmetric encryption is used. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on the first line of stdin, and the ciphertext to be decrypted or plaintext to be encrypted on subsequent lines. By supplying a passphrase containing a newline an attacker can control/modify the ciphertext/plaintext being decrypted/encrypted. Proof of concept exploit included. Version 0.4.3 is affected. View the full article

Ektron CMS version 9.20 SP2 suffers from an improper access restriction vulnerability. View the full article

Android sdcardfs changes current->fs without proper locking. View the full article

Collaboration Compliance and Quality Management Platform versions 9.1.1.5482 and below suffer from an improper access control vulnerability. View the full article

Citrix StorageZones Controller versions prior to 5.4.2 suffer from padding oracle, improper access restriction, and path traversal vulnerabilities. View the full article

Postman versions 6.3.0 and below suffer from a man-in-the-middle vulnerability due to improper certificate validation. View the full article