CVE-2020-2015
published 2020-05-13CVE-2020-2015: A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.91%
77.2th percentile
A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_redis_5.0.5-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_redis_5.0.5-4_on_cbl_mariner_1.0 | — | — |
| openstack | nova | >= 0 < 2:17.0.13-0ubuntu5.3 | 2:17.0.13-0ubuntu5.3 |
| openstack | nova | >= 0 < 2:21.2.4-0ubuntu2.2 | 2:21.2.4-0ubuntu2.2 |
| openstack | nova | >= 0 < 2:13.1.4-0ubuntu4.5+esm1 | 2:13.1.4-0ubuntu4.5+esm1 |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 7.1 < 7.1.26 | 7.1.26 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.13 | 8.1.13 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.7 | 9.0.7 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.1 | 9.1.1 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 7.1.0 < 7.1.26 | 7.1.26 |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.13 | 8.1.13 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.7 | 9.0.7 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.1 | 9.1.1 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.29+esm10 | 5.5.9+dfsg-1ubuntu4.29+esm10 |
| rails | actionview | >= 5.0.0 < 5.2.4.3 | 5.2.4.3 |
| rails | actionview | >= 6.0.0 < 6.0.3.1 | 6.0.3.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
ghsa9.6CRITICAL
osv6.5MEDIUM
vendor_redhat9.0CRITICAL
vendor_oracle8.8CRITICAL
vendor_msrc7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
nova vulnerabilities
osv·2023-02-13·CVSS 3.3
CVE-2015-9543 nova vulnerabilities
nova vulnerabilities
It was discovered that Nova did not properly manage data logged into the
log file. An attacker with read access to the service's logs could exploit
this issue and may obtain sensitive information. This issue only affected
Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2015-9543)
It was discovered that Nova did not properly handle attaching and
reattaching the encrypted volume. An attacker could possibly use this issue
to perform a denial of service attack. This issue only affected Ubuntu
16.04 ESM. (CVE-2017-18191)
It was discovered that Nova did not properly handle the updation of domain
XML after live migration. An attacker could possibly use this issue to
corrupt the volume or perform a denial of service attack. This issue only
affected Ubuntu 18.04 LTS. (CVE-2020-1
GHSA
GHSA-jgg4-3qfh-59c9: A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary
ghsa_unreviewed·2022-05-24
CVE-2020-2015 [HIGH] GHSA-jgg4-3qfh-59c9: A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary
A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1.
GHSA
OpenNMS Horizon vulnerable to XSS
ghsa·2022-05-24
CVE-2021-25934 [MEDIUM] CWE-79 OpenNMS Horizon vulnerable to XSS
OpenNMS Horizon vulnerable to XSS
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `createRequisitionedNode()` does not perform any validation checks on the input sent to the `node-label` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
GHSA
Cross-Site Request Forgery in OpenNMS Horizon
ghsa·2021-05-25
CVE-2021-25931 [HIGH] CWE-352 Cross-Site Request Forgery in OpenNMS Horizon
Cross-Site Request Forgery in OpenNMS Horizon
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at `/opennms/admin/userGroupView/users/updateUser`. This flaw allows assigning `ROLE_ADMIN` security role to a normal user. Using this flaw, an attacker can trick the admin user to assign administrator privileges to a normal user by enticing him to click upon an attacker-controlled website.
GHSA
Improper Input Validation in Spring Framework
ghsa·2021-04-30·CVSS 9.6
CVE-2020-5421 [CRITICAL] CWE-35 Improper Input Validation in Spring Framework
Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
GHSA
CSRF Vulnerability in rails-ujs
ghsa·2020-07-07·CVSS 5.0
CVE-2020-8167 [MEDIUM] CWE-352 CSRF Vulnerability in rails-ujs
CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.
Versions Affected: rails = 5.2.4.3, rails >= 6.0.3.1
Impact
This is a regression of CVE-2015-1840.
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.
Workarounds
To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.
For example, code like this:
link_to params
to code like this:
link_to filtered_params
def filtered_params
# F
OSV
php7.0 regression
osv·2020-02-19·CVSS 6.5
CVE-2015-9253 php7.0 regression
php7.0 regression
USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS.
(CVE-2015-9253)
It was discovered that PHP incorrectly handled certain inputs. An attacker
could possibly use this issue to expose sensitive information.
(CVE-2020-7059)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
a
OSV
php5, php7.0, php7.2, php7.3 vulnerabilities
osv·2020-02-17·CVSS 6.5
CVE-2015-9253 php5, php7.0, php7.2, php7.3 vulnerabilities
php5, php7.0, php7.2, php7.3 vulnerabilities
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS.
(CVE-2015-9253)
It was discovered that PHP incorrectly handled certain inputs. An attacker
could possibly use this issue to expose sensitive information.
(CVE-2020-7059)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 19.10. (CVE-2020-7060)
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
Oracle
Oracle Oracle Supply Chain Risk Matrix: Middle Tier (Apache Commons Collections) — CVE-2015-7501
vendor_oracle·2020-07-15·CVSS 8.8
CVE-2015-7501 [CRITICAL] Oracle Oracle Supply Chain Risk Matrix: Middle Tier (Apache Commons Collections) — CVE-2015-7501
Oracle Oracle Supply Chain Risk Matrix: Middle Tier (Apache Commons Collections) vulnerability
CVE: CVE-2015-7501
CVSS: 8.8
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpujul2020 (JUL 2020)
Oracle
Oracle Oracle Retail Applications Risk Matrix: Promotions (jQuery) — CVE-2015-9251
vendor_oracle·2020-07-15·CVSS 8.0
CVE-2015-9251 [MEDIUM] Oracle Oracle Retail Applications Risk Matrix: Promotions (jQuery) — CVE-2015-9251
Oracle Oracle Retail Applications Risk Matrix: Promotions (jQuery) vulnerability
CVE: CVE-2015-9251
CVSS: 8.0
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpujul2020 (JUL 2020)
Microsoft
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (mem
vendor_msrc·2020-06-09·CVSS 7.7
CVE-2020-14147 [HIGH] CWE-787 An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (mem
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micr
Red Hat
rubygem-actionview: CSRF vulnerability in rails-ujs
vendor_redhat·2020-05-18·CVSS 5.0
CVE-2020-8167 [MEDIUM] CWE-352 rubygem-actionview: CSRF vulnerability in rails-ujs
rubygem-actionview: CSRF vulnerability in rails-ujs
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity.
Package: cfme-amazon-smartstate (CloudForms Management Engine 5) - Not affected
Package: cfme-gemset (CloudForms Management Engine 5) - Will not fix
Palo Alto
PAN-OS: Buffer overflow in the management server
vendor_paloalto·2020-05-13·CVSS 8.8
CVE-2020-2015 [HIGH] CWE-120 PAN-OS: Buffer overflow in the management server
PAN-OS: Buffer overflow in the management server
A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges.
This issue affects:
PAN-OS 7.1 versions earlier than 7.1.26;
PAN-OS 8.1 versions earlier than 8.1.13;
PAN-OS 9.0 versions earlier than 9.0.7;
PAN-OS 9.1 versions earlier than 9.1.1;
All versions of PAN-OS 8.0.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.1, and all later PAN-OS versions.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.
Workaround: This issue affects the management interface of PAN-OS and is strongly miti
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Installation (Bouncy Castle Java Library) — CVE-2015-7940
vendor_oracle·2020-04-15·CVSS 7.5
CVE-2015-7940 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: Installation (Bouncy Castle Java Library) — CVE-2015-7940
Oracle Oracle Fusion Middleware Risk Matrix: Installation (Bouncy Castle Java Library) vulnerability
CVE: CVE-2015-7940
CVSS: 7.5
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2020 (APR 2020)
Red Hat
hw: dram: circumvent TRR to induce bit flips via Rowhammer
vendor_redhat·2020-03-10·CVSS 9.0
CVE-2020-10255 [CRITICAL] CWE-440 hw: dram: circumvent TRR to induce bit flips via Rowhammer
hw: dram: circumvent TRR to induce bit flips via Rowhammer
Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tr
Suricata
ET EXPLOIT Win32/Industroyer DDOS Siemens SIPROTEC (CVE-2015-5374)
suricata·2017-06-12·CVSS 7.8
CVE-2015-5374 [HIGH] ET EXPLOIT Win32/Industroyer DDOS Siemens SIPROTEC (CVE-2015-5374)
ET EXPLOIT Win32/Industroyer DDOS Siemens SIPROTEC (CVE-2015-5374)
Rule: alert udp any any -> $HOME_NET 50000 (msg:"ET EXPLOIT Win32/Industroyer DDOS Siemens SIPROTEC (CVE-2015-5374)"; dsize:18; content:"|11 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 9E|"; fast_pattern; reference:url,www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf; classtype:attempted-dos; sid:2024376; rev:3; metadata:attack_target Client_and_Server, created_at 2017_06_12, cve CVE_2015_5374, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2020_08_19;)
Suricata
ET MALWARE URI Struct Observed in Pawn Storm CVE-2015-2950
suricata·2015-07-31·CVSS 6.4
CVE-2015-2950 [MEDIUM] ET MALWARE URI Struct Observed in Pawn Storm CVE-2015-2950
ET MALWARE URI Struct Observed in Pawn Storm CVE-2015-2950
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE URI Struct Observed in Pawn Storm CVE-2015-2950"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/?p2="; content:"&recr="; distance:0; fast_pattern; content:"&p3="; distance:0; content:"&as="; distance:0; content:"&c="; distance:0; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/; classtype:trojan-activity; sid:2021560; rev:3; metadata:created_at 2015_07_31, cve CVE_2015_2950, signature_severity Major, updated_at 2020_05_29;)
Suricata
ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315
suricata·2015-07-07
CVE-2004-1315 ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315
ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315"; flow:established,to_server; http.uri; content:"viewtopic.php"; nocase; content:"highlight="; nocase; http.uri.raw; pcre:"/[&?]highlight=[^&]*?\x2525[a-f0-9]{2}/i"; reference:cve,2004-1315; classtype:web-application-attack; sid:2021390; rev:3; metadata:created_at 2015_07_07, cve CVE_2004_1315, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_28;)
Suricata
ET WEB_SPECIFIC_APPS ManageEngine Desktop Central Administrator Account Creation
suricata·2015-01-05·CVSS 9.8
CVE-2014-7862 [CRITICAL] ET WEB_SPECIFIC_APPS ManageEngine Desktop Central Administrator Account Creation
ET WEB_SPECIFIC_APPS ManageEngine Desktop Central Administrator Account Creation
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ManageEngine Desktop Central Administrator Account Creation"; flow:established,to_server; http.uri; content:"/servlets/DCPluginServelet?"; nocase; content:"action=addPlugInUser"; nocase; content:"role="; nocase; content:"userName="; nocase; content:"email="; nocase; content:"password="; nocase; content:"salt="; nocase; reference:cve,CVE-2014-7862; reference:url,seclists.org/fulldisclosure/2015/Jan/2; classtype:trojan-activity; sid:2020092; rev:3; metadata:created_at 2015_01_05, signature_severity Major, updated_at 2020_05_14;)
Exploit-DB
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
exploitdb·2023-05-25
CVE-2020-6627 Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
---
##
# Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
# Date: Dec 9 2019
# Exploit Author: Ege Balci
# Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/
# Version: 2015.0916
# CVE : 2020-6627
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'net/http'
require 'net/ssh'
require 'net/ssh/command_stream'
class MetasploitModule "Seagate Central External NAS Arbitrary User Creation",
'Description' => %q{
This module exploits the broken access control vulnerability in Seagate Central External
Exploit-DB
Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection
exploitdb·2020-11-19·CVSS 8.8
CVE-2020-24365 [HIGH] Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection
Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection
---
# Exploit Title: Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection
# Date: 13/09/2020
# Exploit Author: Gabriele Zuddas
# Version: 01.01.02.127, 01.01.02.141
# CVE : CVE-2020-24365
Service Provider : Linkem
Product Name : LTE CPE
Model ID : WVRTM-127ACN
Serial ID : GMK170418011089
IMEI : XXXXXXXXXXXXX
ICCID : XXXXXXXXXXXXXXXXXX
Firmware Version : 01.01.02.141
Firmware Creation Date : May 15 13:04:30 CST 2019
Bootrom Version : U-Boot 1.1.3
Bootrom Creation Date : Oct 23 2015 - 16:03:05
LTE Support Band : 42,43
Injecting happens here:
sh -c (ping -4 -c 1 -s 4 -W 1 "INJECTION" > /tmp/mon_diag.log 2>&1; cmscfg -s -n mon_diag_status -v 0)&
Exploit has been tested on older verions
Exploit-DB
Online-Exam-System 2015 - 'fid' SQL Injection
exploitdb·2020-05-28
Online-Exam-System 2015 - 'fid' SQL Injection
Online-Exam-System 2015 - 'fid' SQL Injection
---
# Exploit Title: Online-Exam-System 2015 - 'fid' SQL Injection
# Exploit Author: Berk Dusunur
# Google Dork: N/A
# Type: Web App
# Date: 2020-05-28
# Vendor Homepage: https://github.com/sunnygkp10/
# Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git
# Affected Version: 2015
# Tested on: MacosX
# CVE : N/A
# PoC
Affected code
';
$id=@$_GET['fid'];
$result = mysqli_query($con,"SELECT * FROM feedback WHERE id='$id' ") or
die('Error');
http://berklocal/dash.php?fid=SQL-INJECTION
Bugzilla
CVE-2020-5421 springframework: RFD protection bypass via jsessionid
bugzilla·2020-09-21·CVSS 9.6
CVE-2020-5421 [CRITICAL] CVE-2020-5421 springframework: RFD protection bypass via jsessionid
CVE-2020-5421 springframework: RFD protection bypass via jsessionid
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Reference:
https://tanzu.vmware.com/security/cve-2020-5421
Discussion:
Created springframework tracking bugs for this issue:
Affects: fedora-all [bug 1881159]
---
Statement:
This issue does not affect the version of SpringFramework (embedded in rhvm-dependencies) shipped with Red Hat Virtualization, as it does not provide support for spring-web.
In Red Hat Gluster Storage 3, SpringFramework (embedded in rhvm-dependencies) was shipped as a part of
Bugzilla
CVE-2020-8167 rubygem-actionview: CSRF vulnerability in rails-ujs
bugzilla·2020-06-02·CVSS 5.0
CVE-2020-8167 [MEDIUM] CVE-2020-8167 rubygem-actionview: CSRF vulnerability in rails-ujs
CVE-2020-8167 rubygem-actionview: CSRF vulnerability in rails-ujs
There is an vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. This is a regression of CVE-2015-1840.
Reference:
https://groups.google.com/forum/#!msg/rubyonrails-security/x9DixQDG9a0/1kX1XubAAQAJ
Discussion:
Created rubygem-actionview tracking bugs for this issue:
Affects: fedora-all [bug 1843085]
---
External References:
https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
---
GitHub Commit: https://github.com/rails/rails/commit/a20fbf9bc52e9596a675c1071ab3fe052ac4f0dc
Bugzilla
CVE-2015-9543 openstack-nova: leak consoleauth tokens into log files
bugzilla·2020-02-20·CVSS 3.3
CVE-2015-9543 [LOW] CVE-2015-9543 openstack-nova: leak consoleauth tokens into log files
CVE-2015-9543 openstack-nova: leak consoleauth tokens into log files
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.
Reference:
https://security.openstack.org/ossa/OSSA-2020-001.html
Discussion:
Created openstack-nova tracking bugs for this issue:
Affects: openstack-rdo [bug 1805389]
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2015-9543
2020-05-13
Published