Vulnerabilities

Vulnerability discovered by executing a planned security audit.<br /> <br /> Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10.

An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components.

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php.

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> af_unix: Update unix_sk(sk)-&gt;oob_skb under sk_receive_queue lock.<br /> <br /> Billy Jheng Bing-Jhong reported a race between __unix_gc() and<br /> queue_oob().<br /> <br /> __unix_gc() tries to garbage-collect close()d inflight sockets,<br /> and then if the socket has MSG_OOB in unix_sk(sk)-&gt;oob_skb, GC<br /> will drop the reference and set NULL to it locklessly.<br /> <br /> However, the peer socket still can send MSG_OOB message and<br /> queue_oob() can update unix_sk(sk)-&gt;oob_skb concurrently, leading<br /> NULL pointer dereference. [0]<br /> <br /> To fix the issue, let&amp;#39;s update unix_sk(sk)-&gt;oob_skb under the<br /> sk_receive_queue&amp;#39;s lock and take it everywhere we touch oob_skb.<br /> <br /> Note that we defer kfree_skb() in manage_oob() to silence lockdep<br /> false-positive (See [1]).<br /> <br /> [0]:<br /> BUG: kernel NULL pointer dereference, address: 0000000000000008<br /> PF: supervisor write access in kernel mode<br /> PF: error_code(0x0002) - not-present page<br /> PGD 8000000009f5e067 P4D 8000000009f5e067 PUD 9f5d067 PMD 0<br /> Oops: 0002 [#1] PREEMPT SMP PTI<br /> CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc5-00191-gd091e579b864 #110<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014<br /> Workqueue: events delayed_fput<br /> RIP: 0010:skb_dequeue (./include/linux/skbuff.h:2386 ./include/linux/skbuff.h:2402 net/core/skbuff.c:3847)<br /> Code: 39 e3 74 3e 8b 43 10 48 89 ef 83 e8 01 89 43 10 49 8b 44 24 08 49 c7 44 24 08 00 00 00 00 49 8b 14 24 49 c7 04 24 00 00 00 00 89 42 08 48 89 10 e8 e7 c5 42 00 4c 89 e0 5b 5d 41 5c c3 cc cc<br /> RSP: 0018:ffffc900001bfd48 EFLAGS: 00000002<br /> RAX: 0000000000000000 RBX: ffff8880088f5ae8 RCX: 00000000361289f9<br /> RDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff8880088f5b00<br /> RBP: ffff8880088f5b00 R08: 0000000000080000 R09: 0000000000000001<br /> R10: 0000000000000003 R11: 0000000000000001 R12: ffff8880056b6a00<br /> R13: ffff8880088f5280 R14: 0000000000000001 R15: ffff8880088f5a80<br /> FS: 0000000000000000(0000) GS:ffff88807dd80000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000000008 CR3: 0000000006314000 CR4: 00000000007506f0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> unix_release_sock (net/unix/af_unix.c:654)<br /> unix_release (net/unix/af_unix.c:1050)<br /> __sock_release (net/socket.c:660)<br /> sock_close (net/socket.c:1423)<br /> __fput (fs/file_table.c:423)<br /> delayed_fput (fs/file_table.c:444 (discriminator 3))<br /> process_one_work (kernel/workqueue.c:3259)<br /> worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416)<br /> kthread (kernel/kthread.c:388)<br /> ret_from_fork (arch/x86/kernel/process.c:153)<br /> ret_from_fork_asm (arch/x86/entry/entry_64.S:257)<br /> <br /> Modules linked in:<br /> CR2: 0000000000000008

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through

Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP.