Vulnerabilidades

Horilla es un Sistema de Gestión de Recursos Humanos (HRMS) gratuito y de código abierto. Una vulnerabilidad de cross-site scripting (XSS) almacenado en Horilla HRM 1.3.0 permite a usuarios administradores o privilegiados autenticados inyectar cargas útiles de JavaScript maliciosas en múltiples campos en los módulos de Proyecto y Tarea. Estas cargas útiles persisten en la base de datos y se ejecutan cuando son vistas por un administrador u otros usuarios privilegiados a través de la interfaz web. Aunque el problema no es explotable por usuarios no autenticados, aún representa un alto riesgo de secuestro de sesión y acción no autorizada dentro de cuentas de alto privilegio. Al momento de la publicación no existe un parche conocido.

Horilla es un Sistema de Gestión de Recursos Humanos (HRMS) gratuito y de código abierto. Usuarios no autenticados pueden acceder a archivos de currículum vitae subidos en Horilla 1.3.0 adivinando o prediciendo directamente las URL de los archivos. Estos archivos se almacenan en un directorio de acceso público, lo que permite a los atacantes recuperar información sensible de los candidatos sin autenticación. En el momento de la publicación, no existe un parche conocido.

La vulnerabilidad de Neutralización Inadecuada de Elementos Especiales utilizados en un Comando de SO ('Inyección de Comandos de SO') en TOTOLINK X6000R permite la inyección de comandos de SO. Este problema afecta a X6000R: hasta V9.4.0cu.1360_B20241207.

*** Pendiente de traducción *** A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following:<br /> <br /> <br /> An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. <br /> An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. <br /> <br /> An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. <br /> <br /> This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.<br /> <br /> Note: This vulnerability affects all versions of SNMP.

*** Pendiente de traducción *** A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition.<br /> <br /> This vulnerability is due to improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. An attacker could exploit this vulnerability by sending malformed CAPWAP packets through an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.

*** Pendiente de traducción *** A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device.<br /> <br /> This vulnerability is due to the flooding of traffic from an unlearned MAC address on a switch virtual interface (SVI) that has an egress ACL applied. An attacker could exploit this vulnerability by causing the VLAN to flush its MAC address table. This condition can also occur if the MAC address table is full. A successful exploit could allow the attacker to bypass an egress ACL on an affected device.

*** Pendiente de traducción *** A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device.<br /> <br /> This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

*** Pendiente de traducción *** A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.<br /> <br /> This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.

*** Pendiente de traducción *** Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust.<br /> <br /> These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system.<br /> <br /> Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.<br /> <br /> For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> ERP

*** Pendiente de traducción *** A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper validation of software packages. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this vulnerability allows an attacker to bypass a major security feature of a device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

*** Pendiente de traducción *** A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. <br /> <br /> This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device.

*** Pendiente de traducción *** A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device.<br /> <br /> This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute a reflected XSS attack and steal user cookies from the affected device.