Vulnerabilities

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to upload arbitrary media to the site, even if no forms exist.

Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.

A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: gup: stop abusing try_grab_folio<br /> <br /> A kernel warning was reported when pinning folio in CMA memory when<br /> launching SEV virtual machine. The splat looks like:<br /> <br /> [ 464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520<br /> [ 464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6<br /> [ 464.325477] RIP: 0010:__get_user_pages+0x423/0x520<br /> [ 464.325515] Call Trace:<br /> [ 464.325520] <br /> [ 464.325523] ? __get_user_pages+0x423/0x520<br /> [ 464.325528] ? __warn+0x81/0x130<br /> [ 464.325536] ? __get_user_pages+0x423/0x520<br /> [ 464.325541] ? report_bug+0x171/0x1a0<br /> [ 464.325549] ? handle_bug+0x3c/0x70<br /> [ 464.325554] ? exc_invalid_op+0x17/0x70<br /> [ 464.325558] ? asm_exc_invalid_op+0x1a/0x20<br /> [ 464.325567] ? __get_user_pages+0x423/0x520<br /> [ 464.325575] __gup_longterm_locked+0x212/0x7a0<br /> [ 464.325583] internal_get_user_pages_fast+0xfb/0x190<br /> [ 464.325590] pin_user_pages_fast+0x47/0x60<br /> [ 464.325598] sev_pin_memory+0xca/0x170 [kvm_amd]<br /> [ 464.325616] sev_mem_enc_register_region+0x81/0x130 [kvm_amd]<br /> <br /> Per the analysis done by yangge, when starting the SEV virtual machine, it<br /> will call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. <br /> But the page is in CMA area, so fast GUP will fail then fallback to the<br /> slow path due to the longterm pinnalbe check in try_grab_folio().<br /> <br /> The slow path will try to pin the pages then migrate them out of CMA area.<br /> But the slow path also uses try_grab_folio() to pin the page, it will<br /> also fail due to the same check then the above warning is triggered.<br /> <br /> In addition, the try_grab_folio() is supposed to be used in fast path and<br /> it elevates folio refcount by using add ref unless zero. We are guaranteed<br /> to have at least one stable reference in slow path, so the simple atomic add<br /> could be used. The performance difference should be trivial, but the<br /> misuse may be confusing and misleading.<br /> <br /> Redefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()<br /> to try_grab_folio(), and use them in the proper paths. This solves both<br /> the abuse and the kernel warning.<br /> <br /> The proper naming makes their usecase more clear and should prevent from<br /> abusing in the future.<br /> <br /> peterx said:<br /> <br /> : The user will see the pin fails, for gpu-slow it further triggers the WARN<br /> : right below that failure (as in the original report):<br /> : <br /> : folio = try_grab_folio(page, page_increm - 1,<br /> : foll_flags);<br /> : if (WARN_ON_ONCE(!folio)) {

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the &amp;#39;af2DeleteFontFile&amp;#39; function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the &amp;#39;af2_add_font&amp;#39; function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site&amp;#39;s server which may make remote code execution possible.

Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1.