The backdoor is the democritus-hypothesis package. The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. As of this release, the inputted strings are properly escaped when rendered. In particular, the end-user could enter javascript or similar and this would be executed. Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. Go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function.
0 kommentar(er)
