The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.

Published at: October 13, 2020 at 03:15PM
View on website

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that’s uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Published at: October 13, 2020 at 03:15PM
View on website

In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability.

Published at: October 13, 2020 at 02:15PM
View on website

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode�) and access the underlying operating system. Successful exploitation requires direct physical access to the system.

Published at: October 13, 2020 at 12:15PM
View on website

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595.

Published at: October 13, 2020 at 01:15PM
View on website