Each great research deserves
some great advisories.
Research is one of Shielder’s pillars. The company invests from 25% to 100% of their employees' work time in training and security research and they pay back with these great advisories.
CVE-2020-28042: ServiceStack prior to version 5.9.2 is affected by a JWT signature verification bypass in the 'ServiceStack.Auth.JwtAuthProviderReader' method, which could be used to bypass the authentication mechanisms and/or to elevate privileges.
Bitwarden Server 1.35.1 is affected by a blind Server-Side Request Forgery (SSRF): an authenticated attacker can trigger arbitrary HTTP GET requests, even to locally exposed services, by adding a credential for a malicious domain.
Chadha PHPKB 9.0 Enterprise Edition is affected by an arbitrary file disclosure: installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
LibreNMS 1.65 is affected by an authenticated command-injection vulnerability via the HTTP GET "title" parameter in the "/graph.php" API endpoint. A "normal" privileges attacker can gain Remote Code Execution (RCE) on the LibreNMS host.
LibreNMS 1.65 is affected by multiple SQL Injection vulnerabilities via the 'searchPhrase' parameter in the '/ajax_table.php' API endpoint. A 'normal' privileges attacker can gain access to the database in use by LibreNMS.
LibreNMS 1.65 is affected by multiple SQL Injection vulnerabilities via the `sort` parameter in the '/ajax_table.php' API endpoint. A 'normal' privileges attacker can gain access to the database in use by LibreNMS.
Horde Gollem 3.0.12, as used in Horde Groupware Webmail Edition 5.2.22, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality. An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL.