Vulnerabilidades

*** Pendiente de traducción *** A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nft_set_pipapo: fix null deref for empty set<br /> <br /> Blamed commit broke the check for a null scratch map:<br /> - if (unlikely(!m || !*raw_cpu_ptr(m-&gt;scratch)))<br /> + if (unlikely(!raw_cpu_ptr(m-&gt;scratch)))<br /> <br /> This should have been "if (!*raw_ ...)".<br /> Use the pattern of the avx2 version which is more readable.<br /> <br /> This can only be reproduced if avx2 support isn&amp;#39;t available.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: fix runtime warning on truncate_folio_batch_exceptionals()<br /> <br /> Commit 0e2f80afcfa6("fs/dax: ensure all pages are idle prior to<br /> filesystem unmount") introduced the WARN_ON_ONCE to capture whether<br /> the filesystem has removed all DAX entries or not and applied the<br /> fix to xfs and ext4.<br /> <br /> Apply the missed fix on erofs to fix the runtime warning:<br /> <br /> [ 5.266254] ------------[ cut here ]------------<br /> [ 5.266274] WARNING: CPU: 6 PID: 3109 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0xff/0x260<br /> [ 5.266294] Modules linked in:<br /> [ 5.266999] CPU: 6 UID: 0 PID: 3109 Comm: umount Tainted: G S 6.16.0+ #6 PREEMPT(voluntary)<br /> [ 5.267012] Tainted: [S]=CPU_OUT_OF_SPEC<br /> [ 5.267017] Hardware name: Dell Inc. OptiPlex 5000/05WXFV, BIOS 1.5.1 08/24/2022<br /> [ 5.267024] RIP: 0010:truncate_folio_batch_exceptionals+0xff/0x260<br /> [ 5.267076] Code: 00 00 41 39 df 7f 11 eb 78 83 c3 01 49 83 c4 08 41 39 df 74 6c 48 63 f3 48 83 fe 1f 0f 83 3c 01 00 00 43 f6 44 26 08 01 74 df 0b 4a 8b 34 22 4c 89 ef 48 89 55 90 e8 ff 54 1f 00 48 8b 55 90<br /> [ 5.267083] RSP: 0018:ffffc900013f36c8 EFLAGS: 00010202<br /> [ 5.267095] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000<br /> [ 5.267101] RDX: ffffc900013f3790 RSI: 0000000000000000 RDI: ffff8882a1407898<br /> [ 5.267108] RBP: ffffc900013f3740 R08: 0000000000000000 R09: 0000000000000000<br /> [ 5.267113] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000<br /> [ 5.267119] R13: ffff8882a1407ab8 R14: ffffc900013f3888 R15: 0000000000000001<br /> [ 5.267125] FS: 00007aaa8b437800(0000) GS:ffff88850025b000(0000) knlGS:0000000000000000<br /> [ 5.267132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 5.267138] CR2: 00007aaa8b3aac10 CR3: 000000024f764000 CR4: 0000000000f52ef0<br /> [ 5.267144] PKRU: 55555554<br /> [ 5.267150] Call Trace:<br /> [ 5.267154] <br /> [ 5.267181] truncate_inode_pages_range+0x118/0x5e0<br /> [ 5.267193] ? save_trace+0x54/0x390<br /> [ 5.267296] truncate_inode_pages_final+0x43/0x60<br /> [ 5.267309] evict+0x2a4/0x2c0<br /> [ 5.267339] dispose_list+0x39/0x80<br /> [ 5.267352] evict_inodes+0x150/0x1b0<br /> [ 5.267376] generic_shutdown_super+0x41/0x180<br /> [ 5.267390] kill_block_super+0x1b/0x50<br /> [ 5.267402] erofs_kill_sb+0x81/0x90 [erofs]<br /> [ 5.267436] deactivate_locked_super+0x32/0xb0<br /> [ 5.267450] deactivate_super+0x46/0x60<br /> [ 5.267460] cleanup_mnt+0xc3/0x170<br /> [ 5.267475] __cleanup_mnt+0x12/0x20<br /> [ 5.267485] task_work_run+0x5d/0xb0<br /> [ 5.267499] exit_to_user_mode_loop+0x144/0x170<br /> [ 5.267512] do_syscall_64+0x2b9/0x7c0<br /> [ 5.267523] ? __lock_acquire+0x665/0x2ce0<br /> [ 5.267535] ? __lock_acquire+0x665/0x2ce0<br /> [ 5.267560] ? lock_acquire+0xcd/0x300<br /> [ 5.267573] ? find_held_lock+0x31/0x90<br /> [ 5.267582] ? mntput_no_expire+0x97/0x4e0<br /> [ 5.267606] ? mntput_no_expire+0xa1/0x4e0<br /> [ 5.267625] ? mntput+0x24/0x50<br /> [ 5.267634] ? path_put+0x1e/0x30<br /> [ 5.267647] ? do_faccessat+0x120/0x2f0<br /> [ 5.267677] ? do_syscall_64+0x1a2/0x7c0<br /> [ 5.267686] ? from_kgid_munged+0x17/0x30<br /> [ 5.267703] ? from_kuid_munged+0x13/0x30<br /> [ 5.267711] ? __do_sys_getuid+0x3d/0x50<br /> [ 5.267724] ? do_syscall_64+0x1a2/0x7c0<br /> [ 5.267732] ? irqentry_exit+0x77/0xb0<br /> [ 5.267743] ? clear_bhb_loop+0x30/0x80<br /> [ 5.267752] ? clear_bhb_loop+0x30/0x80<br /> [ 5.267765] entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> [ 5.267772] RIP: 0033:0x7aaa8b32a9fb<br /> [ 5.267781] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 e9 83 0d 00 f7 d8<br /> [ 5.267787] RSP: 002b:00007ffd7c4c9468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6<br /> [ 5.267796] RAX: 0000000000000000 RBX: 00005a61592a8b00 RCX: 00007aaa8b32a9fb<br /> [ 5.267802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005a61592b2080<br /> [ 5.267806] RBP: 00007ffd7c4c9540 R08: 00007aaa8b403b20 R09: 0000000000000020<br /> [ 5.267812] R10: 0000000000000001 R11: 0000000000000246 R12: 00005a61592a8c00<br /> [ 5.267817] R13: 00000000<br /> ---truncated---

*** Pendiente de traducción *** A security vulnerability has been detected in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/weweee.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

*** Pendiente de traducción *** A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

*** Pendiente de traducción *** A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. The impacted element is an unknown function of the file /admin/inv-print.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

*** Pendiente de traducción *** A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/print-payment.php. This manipulation of the argument sql111 causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

*** Pendiente de traducción *** A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.<br /> <br /> <br /> Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

*** Pendiente de traducción *** SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

*** Pendiente de traducción *** The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the &amp;#39;api_requests&amp;#39; function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute code.

*** Pendiente de traducción *** The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s &amp;#39;do_sidebar&amp;#39; shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

*** Pendiente de traducción *** A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.