Vulnerabilities

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /category.php of the component HTTP POST Request Handler. The manipulation of the argument categoryname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /bwdates-reports.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush<br /> <br /> In KVM guests with Hyper-V hypercalls enabled, the hypercalls<br /> HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX<br /> allow a guest to request invalidation of portions of a virtual TLB.<br /> For this, the hypercall parameter includes a list of GVAs that are supposed<br /> to be invalidated.<br /> <br /> However, when non-canonical GVAs are passed, there is currently no<br /> filtering in place and they are eventually passed to checked invocations of<br /> INVVPID on Intel / INVLPGA on AMD. While AMD&amp;#39;s INVLPGA silently ignores<br /> non-canonical addresses (effectively a no-op), Intel&amp;#39;s INVVPID explicitly<br /> signals VM-Fail and ultimately triggers the WARN_ONCE in invvpid_error():<br /> <br /> invvpid failed: ext=0x0 vpid=1 gva=0xaaaaaaaaaaaaa000<br /> WARNING: CPU: 6 PID: 326 at arch/x86/kvm/vmx/vmx.c:482<br /> invvpid_error+0x91/0xa0 [kvm_intel]<br /> Modules linked in: kvm_intel kvm 9pnet_virtio irqbypass fuse<br /> CPU: 6 UID: 0 PID: 326 Comm: kvm-vm Not tainted 6.15.0 #14 PREEMPT(voluntary)<br /> RIP: 0010:invvpid_error+0x91/0xa0 [kvm_intel]<br /> Call Trace:<br /> vmx_flush_tlb_gva+0x320/0x490 [kvm_intel]<br /> kvm_hv_vcpu_flush_tlb+0x24f/0x4f0 [kvm]<br /> kvm_arch_vcpu_ioctl_run+0x3013/0x5810 [kvm]<br /> <br /> Hyper-V documents that invalid GVAs (those that are beyond a partition&amp;#39;s<br /> GVA space) are to be ignored. While not completely clear whether this<br /> ruling also applies to non-canonical GVAs, it is likely fine to make that<br /> assumption, and manual testing on Azure confirms "real" Hyper-V interprets<br /> the specification in the same way.<br /> <br /> Skip non-canonical GVAs when processing the list of address to avoid<br /> tripping the INVVPID failure. Alternatively, KVM could filter out "bad"<br /> GVAs before inserting into the FIFO, but practically speaking the only<br /> downside of pushing validation to the final processing is that doing so<br /> is suboptimal for the guest, and no well-behaved guest will request TLB<br /> flushes for non-canonical addresses.

The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

A vulnerability, which was classified as problematic, was found in PHPGurukul Apartment Visitors Management System 1.0. Affected is an unknown function of the file /visitor-detail.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as problematic, has been found in PHPGurukul Apartment Visitors Management System 1.0. This issue affects some unknown processing of the file /manage-newvisitors.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code.

The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such as the wp-config.php file from the affected site.

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the &amp;#39;fileid&amp;#39; parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.