Vulnerabilities

External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes.<br /> <br /> <br /> <br /> This issue affects: Gallagher Controller 6000 and 7000 <br /> <br /> 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. <br /> <br /> This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).

Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.

The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever an administrative user accesses wp-admin dashboard

A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271060.

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity.

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability.

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on <br /> <br /> SRX4600 and SRX5000 Series<br /> <br /> allows an attacker to send TCP packets with <br /> <br /> SYN/FIN or SYN/RST<br /> <br /> flags, bypassing the expected blocking of these packets.<br /> <br /> A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path are enabled, these TCP packets are unexpectedly transferred to the downstream network.<br /> <br /> This issue affects Junos OS on SRX4600 and SRX5000 Series: <br /> <br /> <br /> * All versions before 21.2R3-S8, <br /> * from 21.4 before 21.4R3-S7, <br /> * from 22.1 before 22.1R3-S6, <br /> * from 22.2 before 22.2R3-S4, <br /> * from 22.3 before 22.3R3-S3, <br /> * from 22.4 before 22.4R3-S2, <br /> * from 23.2 before 23.2R2, <br /> * from 23.4 before 23.4R1-S1, 23.4R2.

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.<br /> <br /> The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH.<br /> <br /> Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.  See WORKAROUND section below.<br /> <br /> Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:<br /> <br />   &gt; show system processes | match sshd<br />   root   25219 30901 0 Jul16 ?       00:00:00 [sshd] <br /> <br /> This issue affects Juniper Networks Junos OS Evolved:<br /> * All versions prior to 21.4R3-S7-EVO<br /> * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;<br /> * 22.4-EVO versions prior to 22.4R3-EVO;<br /> * 23.2-EVO versions prior to 23.2R2-EVO.<br /> <br /> <br /> <br /> This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.

An Improper Neutralization of Data within XPath Expressions (&amp;#39;XPath Injection&amp;#39;) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. <br /> <br /> While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user&amp;#39;s credentials. In the worst case, the attacker will have full control over the device.<br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * All versions before 21.2R3-S8, <br /> * from 21.4 before 21.4R3-S7,<br /> * from 22.2 before 22.2R3-S4,<br /> * from 22.3 before 22.3R3-S3,<br /> * from 22.4 before 22.4R3-S2,<br /> * from 23.2 before 23.2R2,<br /> * from 23.4 before 23.4R1-S1, 23.4R2.