Vulnerabilities

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server.

Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client.This issue affects HumanSuite: before 53.21.0.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Patika Global Technologies HumanSuite allows Cross-Site Scripting (XSS), Phishing.This issue affects HumanSuite: before 53.21.0.

code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the disclosure of the admin's cookie information.

An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function

In Frappe ERPNext v15.57.5, the function get_stock_balance() at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventory_dimensions_dict parameter.

SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfs: do not propagate ENODATA disk errors into xattr code<br /> <br /> ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code;<br /> namely, that the requested attribute name could not be found.<br /> <br /> However, a medium error from disk may also return ENODATA. At best,<br /> this medium error may escape to userspace as "attribute not found"<br /> when in fact it&amp;#39;s an IO (disk) error.<br /> <br /> At worst, we may oops in xfs_attr_leaf_get() when we do:<br /> <br /> error = xfs_attr_leaf_hasname(args, &amp;bp);<br /> if (error == -ENOATTR) {<br /> xfs_trans_brelse(args-&gt;trans, bp);<br /> return error;<br /> }<br /> <br /> because an ENODATA/ENOATTR error from disk leaves us with a null bp,<br /> and the xfs_trans_brelse will then null-deref it.<br /> <br /> As discussed on the list, we really need to modify the lower level<br /> IO functions to trap all disk errors and ensure that we don&amp;#39;t let<br /> unique errors like this leak up into higher xfs functions - many<br /> like this should be remapped to EIO.<br /> <br /> However, this patch directly addresses a reported bug in the xattr<br /> code, and should be safe to backport to stable kernels. A larger-scope<br /> patch to handle more unique errors at lower levels can follow later.<br /> <br /> (Note, prior to 07120f1abdff we did not oops, but we did return the<br /> wrong error code to userspace.)

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> efi: stmm: Fix incorrect buffer allocation method<br /> <br /> The communication buffer allocated by setup_mm_hdr() is later on passed<br /> to tee_shm_register_kernel_buf(). The latter expects those buffers to be<br /> contiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause<br /> various corruptions or BUGs, specifically since commit 9aec2fb0fd5e<br /> ("slab: allocate frozen pages"), though it was broken before as well.<br /> <br /> Fix this by using alloc_pages_exact() instead of kmalloc().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow<br /> <br /> When an invalid stc_type is provided, the function allocates memory for<br /> shared_stc but jumps to unlock_and_out without freeing it, causing a<br /> memory leak.<br /> <br /> Fix by jumping to free_shared_stc label instead to ensure proper cleanup.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mISDN: hfcpci: Fix warning when deleting uninitialized timer<br /> <br /> With CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads<br /> to the following splat:<br /> <br /> [ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0<br /> [ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0<br /> [ 250.218775] Modules linked in: hfcpci(-) mISDN_core<br /> [ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)<br /> [ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> [ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0<br /> [ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d<br /> [ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286<br /> [ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95<br /> [ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0<br /> [ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39<br /> [ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001<br /> [ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8<br /> [ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000<br /> [ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0<br /> [ 250.236117] Call Trace:<br /> [ 250.236599] <br /> [ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130<br /> [ 250.237920] debug_object_assert_init+0x1f6/0x310<br /> [ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10<br /> [ 250.239658] ? __lock_acquire+0xdea/0x1c70<br /> [ 250.240369] __try_to_del_timer_sync+0x69/0x140<br /> [ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10<br /> [ 250.242058] ? __timer_delete_sync+0xc6/0x120<br /> [ 250.242842] ? lock_acquire+0x30/0x80<br /> [ 250.243474] ? __timer_delete_sync+0xc6/0x120<br /> [ 250.244262] __timer_delete_sync+0x98/0x120<br /> [ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]<br /> [ 250.245704] __do_sys_delete_module+0x348/0x510<br /> [ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10<br /> [ 250.247338] do_syscall_64+0xc1/0x360<br /> [ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> Fix this by initializing hfc_tl timer with DEFINE_TIMER macro.<br /> Also, use mod_timer instead of manual timeout update.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: Fix lockdep assertion on sync reset unload event<br /> <br /> Fix lockdep assertion triggered during sync reset unload event. When the<br /> sync reset flow is initiated using the devlink reload fw_activate<br /> option, the PF already holds the devlink lock while handling unload<br /> event. In this case, delegate sync reset unload event handling back to<br /> the devlink callback process to avoid double-locking and resolve the<br /> lockdep warning.<br /> <br /> Kernel log:<br /> WARNING: CPU: 9 PID: 1578 at devl_assert_locked+0x31/0x40<br /> [...]<br /> Call Trace:<br /> <br /> mlx5_unload_one_devl_locked+0x2c/0xc0 [mlx5_core]<br /> mlx5_sync_reset_unload_event+0xaf/0x2f0 [mlx5_core]<br /> process_one_work+0x222/0x640<br /> worker_thread+0x199/0x350<br /> kthread+0x10b/0x230<br /> ? __pfx_worker_thread+0x10/0x10<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x8e/0x100<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1a/0x30<br />