Latest News
### Summary A **arbitrary file deletion vulnerability** has been identified in the latest version of Siyuan Note. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. ### Details The vulnerability can be reproduced by sending a crafted request to the `/api/history/getDocHistoryContent` endpoint. Sending a request to the `/api/history/getDocHistoryContent` like: ``` curl "http://127.0.0.1:6806/api/history/getDocHistoryContent" -X POST -H "Content-Type: application/json" -d '{"historyPath":"<abs_filepath_of_a_file>"}' ``` Replace `<abs_filepath_of_a_file>` with the absolute file path of the target file you wish to delete. The `historyPath` parameter in the payload is processed by the `func getDocHistoryContent` in `api/history.go:133`. In turn, `historyPath` is passed to the `func GetDocHistoryContent` located in `model/history....
### Impact _What kind of vulnerability is it? Who is impacted?_ Both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTP(s) URL to retrieve the custom resource definitions(CRDs) needed by karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a TarSlip vulnerability. An attacker able to supply a malicious CRD file into a karmada initialization could write arbitrary files in arbitrary paths of the filesystem. ### Patches _Has the problem been patched? What versions should users upgrade to?_ From karmada version v1.12.0, when processing custom CRDs files, CRDs archive verification is utilized to enhance file system robustness. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ When using `karmadactl init` to set up Karmada, if you need to set flag `--crd` to customize the CRD files required for karmada initialization, you can manually inspect the CRD files to check whether th...
### Impact _What kind of vulnerability is it? Who is impacted?_ The [PULL](https://karmada.io/docs/next/userguide/clustermanager/cluster-registration#pull-mode) mode clusters registered with the `karmadactl register` command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster would be able to obtain administrative privileges over the entire federation system including all registered member clusters. ### Patches _Has the problem been patched? What versions should users upgrade to?_ Since Karmada v1.12.0, command `karmadactl register` restricts the access permissions of pull mode member clusters to control plane resources. This way, an attacker able to authenticate as the karmada-agent cannot control other member clusters in Karmada. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ Restricts the access permissions of pu...
# Unauthorized Reflected XSS in `Convert-Online.php` file **Product**: Phpspreadsheet **Version**: version 3.6.0 **CWE-ID**: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') **CVSS vector v.3.1**: 8.2 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N) **CVSS vector v.4.0**: 8.3 (AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:L/SI:H/SA:L) **Description**: using the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` script, an attacker can perform a XSS-type attack **Impact**: executing arbitrary JavaScript code in the browser **Vulnerable component**: the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file **Exploitation conditions**: an unauthorized user **Mitigation**: sanitization of the quantity variable **Researcher**: Aleksey Solovev (Positive Technologies) # Research The researcher discovered zero-day vulnerability Unauthorized Reflected Cross-Site Scripting (XSS) (in `Convert-Online.php` file) in Php...
Many people reported they hit a screen preventing them from seeing the alert unless they signed in.
The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated arbitrary content injection vulnerability in the webServerDeviceLabelUpdate.php script due to a lack of input validation. Authenticated attackers can exploit the 'deviceLabel' POST parameter to write arbitrary content to a fixed file location at /usr/local/aam/etc/deviceLabel, potentially causing a denial of service.
The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities.
The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticated reflected cross-site scripting vulnerability in the 'title' GET parameter. Input is not properly sanitized before being returned to the user, allowing the execution of arbitrary HTML/JS code in a user's browser session in the context of the affected site. While the factory test scripts included in the upgrade bundle are typically deleted, a short window for exploitation exists when the device is in the manufacturing phase.
The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticated blind command injection vulnerability. Input passed to the serial and ManufactureDate POST parameters is not properly sanitized, allowing attackers to execute arbitrary shell commands on the system. While factory test scripts included in the upgrade bundle are typically deleted, a short window for exploitation exists when the device is in the manufacturing phase.
The Christmas Eve compromise of data-security firm Cyberhaven's Chrome extension spotlights the challenges in shoring up third-party software supply chains.