This article is contributed. See the original author and article here.
As technology advances, so do customer expectations. Whether a consumer or a buyer, it no longer matters as the respective lines between customer expectations have blurred, and, at the end of the day, the business-to-business (B2B) buyer is a consumer too. Hyper-personalized, self-driven, seamless interaction across any channel at any time is no longer a nice-to-have but a must-have as customers want to engage on their own terms and expect businesses to deliver even better experiences. At the same time, exacerbated by a turbulent economy, businesses need to reduce cost and complexity to innovate quickly and stay resilient so they can meet current customers’ expectations and find new ways to engage them. Businesses that take the opportunity to optimize their processes to do more with less will stand out against the competition and be better positioned to drive loyalty, retain customers, and emerge stronger from these uncertain times.
We’re excited to share the new capabilities coming in the 2022 release wave 2 for Microsoft Dynamics 365 Marketing and Microsoft Dynamics 365 Customer Insights, and, more importantly, how these new capabilities will help you deliver greater efficiency, empower marketers to be more productive, and provide value to customers in moments that matter. Ready? Let’s get started!
1. Maximize the value of your data to understand your customers
The first step in driving impactful experiences is to grasp the needs and intent of each customer.
If you are a new Customer Insights user, you will be delighted by the first-run experience feature that helps you accelerate understanding your customers. To fuel your journeys, valuable insights are generated in a matter of minutes simply from a customer list, saving you time and avoiding advanced configurations.
2. Engage your customers in moments that matter with real-time marketing
To deliver unforgettable experiences, marketers need to send the right message on the right channel at the right time. To allow you to do just this, we have further developed our real-time engagement capabilities in Dynamics 365 Marketing.
Whether it’s to catch your customer’s attention to collect relevant details, or capture leads to nurture and strengthen the sales funnel, we’ve enhanced our capabilities so that marketers can effortlessly design customized forms with a few clicks. Through the modern drag-and-drop editor, marketers are guided step-by-step from creation to preview, test, and publish. Within seconds they can deliver compelling branded forms, on websites or landing pages, while directly tracking conversions.
To engage customers through their preferred channel, marketers can now easily build custom channels in real-time marketing. We’ve improved upon the model in outbound marketing by providing the ability to create a channel with all the power and flexibility that the box channels have. It enables marketers to extend their reach across bespoke text message providers, Viber, or direct mail, and activate these new channels in customer journeys using out-of-the-box modern templates, text message editor, and consent collection. In addition, marketers can natively track deliverability analytics to monitor the success of the custom channel activation.
Customers often qualify for multiple journeys and campaigns that run simultaneously. The frequency cap feature prevents message fatigue by setting limits on the number of messages that can be sent per channel per day, week, or month. At the same time, marketers can bypass the limit for the most important journeys, ensuring customers never miss an important message.
Define the maximum number of commercial messages with the frequency cap feature.
3. Personalize content to grow your audience engagement
Each customer is unique and driven by different incentives. To get noticed, businesses need to easily create personalized content that stands out and resonates to keep their brand top of mind.
Finding inspiration to create enthralling emails has never been so easy. Thanks to AI, marketers receive engaging content ideas, based on the key messaging points they want to convey. Marketers can also use feature-rich text links and QR codes for events and coupons within email campaignsto get more customers to engage, click, and convert.
Kick-start your email creation thanks to AI-generated content ideas.
Managing multi-brand content is often demanding as marketers spend time customizing each email to comply with specific brand guidelines. The new brand profile functionality helps them to gain time and consistency, and reduce content-related errors by defining default senders for emails and social links, as well as custom values such as URLs or compliance messages, and easily switch these settings for the brand they are working on.
To ensure compliance and privacy of customer interactions across multiple brands or business units, marketers now have the ability to fully customize out-of-the-box preference centers to match their business needs, from tracking or isolating consent data to adhering to brand guidelines for logos, styles, and colors. Furthermore, marketers can create and manage topics that align with your brands and business for customers to opt-in to marketing subscriptions, for example: “Get cooking tips and tricks”. Last but not least, consent is becoming entity agnostic and will work with customer profiles, contacts, leads, and custom entities.
Maximizing the impact of personalized content requires effectively targeting the right audiences. As part of our effort to improve marketers’ efficiency, we have redesigned our segment builder. The workflow and UX have been enhanced, and we’ve set the foundation for supporting contacts, leads, and any entity, including custom, in the future. Segments can be created instantly using an intuitive and powerful logic builder that doesn’t require specialized knowledge of complex data structures. Marketers are empowered by AI-assisted natural language capabilities, the ability to create a static snapshot of segment membership, as well as previewing segment members and size. This not only scales reach but improves marketing productivity.
Improve your efficiency with the new segment builder, target both contact and leads, and preview segment members.
4. Connect your sales and marketing to provide seamless experiences
By placing customer needs at the center of the organization, deep collaboration within and across departments unlocks significant business growth opportunities.
For instance, as marketers nurture leads with real-time journeys, signals from the lead might indicate an urgency to engage with the sales team. Marketers can directly trigger a sales sequence or assign a follow-up call from the journey to the sales team to ensure the lead gets individualized attention at the right time when they are most likely to engage. Marketers identify potential leads, and sales teams receive smart assistance to optimize their time and prioritize opportunities in the lead nurturing process.
Hand off leads to sales by directly assigning, or phone call, or a sale sequence from the journey.
Businesses can capitalize on B2B contact unification in Customer Insights to create a complete view of accounts and contacts within the same environment. Typically, businesses engage with contacts, however, the context for engagement is based on the attributes of the organization in which the contact resides. Unified contacts provide the ability for marketers to now generate segments of contacts based on account attributes.
5. Use data and AI to optimize your campaigns and scale up your business
Harnessing the power of data and AI is key to marketing at scale and achieving higher levels of marketing maturity.
As businesses create a vast number of assets, they need to organize them according to their organizational structure to remain compliant and productive. They can now effortlessly organize their digital assets, content and journeys according to their business structure. Whether it’s business data or customer data, it can be isolated by departments, regions, brands, business units, and product lines, reducing your compliance risk.
In the upcoming months, you will be able to increase your throughput to send up to 300 million messages per month. This added capacity empowers your team to deliver personalized experiences at scale and will help you grow your business, whether you are increasing your customer base in new markets, expanding geographies, promoting new products, or building your prospective customer pipeline to reach higher sales targets.
Use new features for Dynamics 365 Marketing and Customer Insights with the 2022 release wave 2
From leveraging AI to capitalize on your data, optimizing real-time interactions and personalization capabilities, to customizing tools to meet your unique business needs, or facilitating deeper collaboration between departments, we are thrilled to deliver solutions that are designed to make your job easier, more productive, and ultimately enable you to transform customer experiences.
This article is contributed. See the original author and article here.
Today, the technology sector is growing very rapidly across Europe and requires many trained, prepared, and qualified professionals to help large, medium, and small companies meet the new global challenges ahead. A report by the agency DigitalES estimates that there are currently more than 120,000 unfilled jobs in Spain related to software development, communications, security, Cloud, Big Data, AI, and AR/VR.
From the Spanish Microsoft Technical Communities, we have always tried to bring technology to all people. That’s why we’ve designed a new type of event focused on learning with the aim of training professionals who are starting to work with the Microsoft 365 ecosystem and who need to get the most out of its services.
In 2021, We Designed Academy365
This new type of event was born last year under the name of Academy365, and it was organized by a few Most Valuable Professionals (MVPs) and coordinators of MadPoint, the Microsoft 365 Technical Community of Madrid. As the objective of the event was to train the attendees, we organized an agenda of level 100 and 200 sessions, and we got several Microsoft Certified Trainer (MCT) professionals to help us teach attendees about Microsoft Teams, SharePoint, Planner, Power Automate, Intune, Security, and other technologies.
Last year, Academy365 was broadcasted as a virtual experience on Twitch, and it was a success in Spain, with an average of 300 attendees on each training and an extraordinary reception. Attendees finished the event with a diploma that certified they had received quality training from our MCT and MVP people.
Example of one of our sessions during 2021
MadPoint coordinators prepared a professional-quality broadcast of the event, leveraging Microsoft Teams’ NDI capabilities, which allow us to extract video and audio signals from each trainer inside a Teams meeting and take that signal to a professional production environment such as OBS Studio.
Here you can check the recording of last year, in which you can see how Microsoft Teams helped us to have a fantastic production: YouTube – Academy365
In addition, Academy365 is a solidarity event. Last year we collaborated with the Food Bank Foundation of Madrid, which is a non-profit organization that is responsible for helping the neediest families, bringing them food and helping them as much as possible, especially on Christmas dates. All the amounts received by sponsors and individuals were invested in helping many families.
And this year?
This year we want to resume the physical events experience, and we have designed a second hybrid edition. Attendees can join online on Twitch, but they can also come in person to the Global Sports Innovation Center in Madrid. This center is powered by Microsoft, and it is a non-profit association that facilitates synergies and provides its members with value-added services that enable sports entities and companies to grow and develop with the help of experienced professionals in sports tech ecosystem.
In person attendees will be able to receive the training live from our speakers and will have some additional surprises, as we are preparing an innovation tour of the center, a Metaverse Corner and some additional activity thanks to our friends at Microsoft Education.
As for the online experience, we maintain our Twitch broadcast. We will combine live speakers and speakers by Microsoft Teams in a single production.
This year we have a very interesting agenda, where Microsoft Teams and Microsoft Viva will be the main protagonists. In addition, we can learn about security, Mixed Reality, Power Apps, migrations, development, accessibility, and Windows 365.
If you live in Spain and you are interested in our event, we recommend that you visit our website to know all the details and register for the event.
This article is contributed. See the original author and article here.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.
This article is contributed. See the original author and article here.
Microsoft Teams has been in extensive use for collaboration features such as IM, Teams meetings, 1:1 or group calls, files collaboration, etc., and has been explored by all organizations without any additional financial costs with existing Microsoft 365 licenses. This has been a boon to organizations for increasing productivity. However, one of the added functionalities of Microsoft Teams, which comes in handy, is to replace traditional telephone systems by enabling the Teams integrated Cloud telephone system that includes Calling Plans and PSTN Audio conferencing options for dial out and dial in capabilities—all without any additional on-premises PSTN infrastructure set up.
The Catch with Microsoft Teams Audio Conferencing Features
Availability across a given tenant is based on the initial data residence location (or organization billing address), and it must align with Microsoft 365 calling and conferencing features available for the given region. For Example, any M365 tenant initially set up with a billing address in India or China is devoid of Audio-conferencing Capabilities by design.
For a complete list of the latest M365 Audio Conferencing and Calling Plans region-wide availability, please Click here. This link is handy for all architect professionals while setting up new tenants to decide on an initial data residence location and to check on available MS Teams audio conferencing features. Owing to taxation regulations and compliance, the M365 tenant’s initial or billing location cannot be updated later, and the given tenant is devoid of the required features.
Microsoft Teams PSTN/calling and conferencing features can be categorized as follows:
Dial out to domestic/telephone numbers for users enabled with the respective calling plans.
Dial out from an Audio-Conferencing meeting to add someone else from anywhere in the world.
Dial out from an Audio-Conferencing meeting to your mobile/office phone with the user logged into Microsoft Teams app.
Dial in (Toll/Toll Free Numbers) and dial out capabilities to MS Teams meetings.
Dial into a meeting using the service numbers or Toll-Free numbers enabled for given tenant.
Audio conferencing features for given users are based upon enablement of the given Audio-Conferencing licenses: as a part of Microsoft Business Voice, Microsoft Teams Phone standard, MS Teams phone with Calling, E5 license, or as an M365 Add-on license.
For leveraging and billing purposes of calling features across MS Teams, Microsoft has categorized all countries across the globe into two zones which is Zone A and another zone for rest of the countries not included in the aforementioned. For example, Albania, Argentina, Cayman Islands, Dubai, Egypt, Zimbabwe, Israel and many more. To access the update list of M365 Zone A countries please click here.
Microsoft Teams Audio conferencing licenses can be categorized in to 2 types:
Pay per minute.
Standard subscription per user
Audio conferencing pay per minute, which is only available as part of volume licensing, allows organizations to pay for all the Audio-Conferencing usage on a per-minute basis. All the inbound and outbound calls are charged based upon the standard pay per minute charges.
On the other end, Audio conferencing standard subscription license enables free dial in capabilities for toll numbers and 60 minutes per user a month for dial out to non-premium numbers in ANY of the Zone A countries. Thus, this license does not enable licensed users to place calls to any other non-Zone A countries within the pooled minutes. Those calls are separate, and any charges are counted against communication credits.
Minutes are pooled against an office 365 subscription are calculated at tenant-level and can be leveraged and shared by all the licensed users in the tenant. If a customer has purchased subscriptions for 500 Audio Conferencing licenses—with 400 users in the United States, 50 users in Australia, and 50 users in Dubai, then all 500 users share a pool of Audio-conferencing minutes. This is calculated as 500 users x 60 min = 30,000 minutes for conferencing dial-out minutes per calendar month. This may be used to place outbound calls to non-premium numbers in any of the Zone A countries. The minutes pooled for an Audio-Conferencing tenant is always based upon the licenses assigned to a user rather than total licenses available across the given tenant.
Call Charges are Calculated Against the Call Destination
The organizer’s country of residence, and the participant initiating the call, do not change the calling charges. Furthermore, calls placed between Zone A: non-Zone A and between non-Zone A: non-Zone A, they are always charged on a per minute basis against the Communication Credits rather than a minute pool for the tenant’s Audio-Conferencing.
To ease the burden of carrier calling charges and facilitate users struggling with internet connectivity, MS Teams Toll free conference number bridges the cost to the organization rather than the caller. All Toll-free conference calls are billed on a per minute basis in tenant Communication Credits and are never calculated against Audio-Conferencing minutes.
Communications Credits: Convenience to Pay for Audio-Conferencing and Calling Plan minutes
In laymen terms, these are a prepaid top-up amount across the tenant to be used for calls not included in Audio conferencing options.
Communication Credits Help Organizations Ensure Users Are Never Caught Without the Ability to:
Add toll-free numbers to Audio-Conferencing meetings, auto attendants, call queues. (Toll Free Numbers are charged on a minute basis.)
Dial out from an Audio-Conference meeting to add someone else from anywhere in the world or add your mobile or office phone in non-Zone A countries.
Dial any international phone number when enabled only with Domestic Calling Plan subscriptions.
Dial international phone numbers beyond what is included in a Domestic and International Calling Plan subscription.
Dial out and pay per minute once the monthly minute allotment is exhausted.
Dial out and pay per minute for all outgoing calls if you have a Pay-As-You-Go Calling Plan.
Communication Credits are specifically utilized for the below scenarios.
Tenants enabled with Audio-Conferencing pay-per-minute.
Enabling Toll-free Bridges across a given tenant, billed per minute.
Dial-out calls exceeding Audio-Conferencing minutes per calendar month are billed per minute using Communications Credits at published rates to that destination.
Dial-out calls to destinations not in the Zone A countries list are billed per minute using Communications Credits at the published rates to that given destination.
For users to leverage the Communication Credits across given Tenant, they are required to be assigned with Communication Credit license, which grant them access to the balance. The minimum amount of Communication Credit balance can be a minimum of $50. Setting up a toll-free number across a given tenant does require a positive Communication Credit.
Below is a quick reference diagram to understand the various types of meeting participant types and how the MS Teams calling charges are applied.
With a subscription to pay per license, Audio-Conferencing Dial-in capabilities are considered free of cost with Toll number. Zone A dial out users are considered with Tenant pool minutes. Non-Zone A Dial out users and users with toll free dial in are charged per minute from Communication Credits.
With only Audio-Conferencing pay-per-minute licenses enabled, the dial in calls with a toll conference bridge and Zone A dial out users are charged against Communication Credits (owing to non-availability of any polled minutes). Toll free dial in users and Non-Zone A dial out users total against Communication Credits.
In conclusion, Toll Free and Calling capabilities to Non-Zone A countries can come with a hefty financial consideration; hence, proper planning and stringent controls in place are required for tracking MS Teams calling budgets to ensure a seamless experience for the required users.
Bio:
Sanjay Kumar Pendyala has a decade plus of experience across architecting, operations, and maintenance of Microsoft collaboration and cloud Technologies. Currently serving as an Infrastructure Architect with Cognizant Technology Solutions, Sanjay Kumar has a technical expertise across architecting and administration of SharePoint On-premises, Azure IAAS/PAAS, Microsoft 365 (Exchange Online, SharePoint Online, Teams, Azure AD, Yammer, Power Automate platform, Graph API automation), and he has been working for a few fortune 500 clients.
This article is contributed. See the original author and article here.
Now you can reach even more customers using the new Apple Messages for Business channel in Microsoft Dynamics 365 Customer Service. Customers can use the familiar Messages app on their Apple devices to connect with your service teams, confident that their conversation is verified and secure. Rich messages help your service team resolve customer issues, collect information, schedule appointments, and complete sales, all in the same conversation.
Like other asynchronous digital and social channels, Apple Messages for Business gives users the flexibility to start a conversation with your support team and return to it when it is convenient for them. Plus, a customer can initiate a conversation on their mobile device and continue it seamlessly on their Mac or iPad.
Benefits of Apple Messages for Business in Dynamics 365 Customer Service
By including Apple Messages for Business in your digital messaging solution, your service team can provide a more meaningful and personal customer service experience. The enhanced interactions available through this channel help your service team spend less time crafting messages and collecting data, and more time ensuring quality customer experiences.
Apple Messages for Business simplifies many common service interactions. With integration in Dynamics 365 Customer Service, it expands the options for how you engage with customers.
Using Dynamics 365 Customer Service with Apple Messages for Business in your omnichannel digital contact center provides the following benefits:
Customers can look up your company in Apple Maps, Safari, or Search and start messaging by tapping the Messages icon. It’s also easy to add a link directly in your own app, website, or other touch points.
Rich messages are used to simplify interactions like collecting information, scheduling appointments, completing transactions, and authenticating user identity.
Agents can use the same unified, contextual, and productive interface used by chat and other social channels to engage with customers and resolve issues.
Customers engaging with your digital contact center will find a consistent, customer-focused experience across any channel.
Administrators, supervisors, and managers can access the same integrations, services, and insights available for chat and other social channels.
Better together
As a digital channel, the addition of Apple Messages for Business expands and unifies the core omnichannel capabilities of Dynamics 365 Customer Service with a configurable, high-productivity interface. It provides contextual customer identification, real-time notifications, integrated communications, and agent productivity tools, including rich messages, knowledge base integration, and search. Apple Messages for Business helps deliver more innovation and opportunities into your digital contact center to empower you to continually exceed customer expectations.
This article is contributed. See the original author and article here.
airbnb — optica
A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`.
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php.
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor’s ID is BSECV-2022-21.
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.
Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: “` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } “` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin.
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states “This is not a vulnerability of H2 Console … Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.”
A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user’s role.
A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O.
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.
In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: “In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.”
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user’s system. This vulnerability is also known as ‘Zip-Slip’. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It’s not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user’s system, though.
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server’s file system. This vulnerability is also known as ‘Zip-Slip’. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server’s file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor’s operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin’s account.
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally.
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally.
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules.
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules.
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illgally.
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module.
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle’s inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ’s use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r–r–`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.
Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability.
user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser.
user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings).
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim’s browser.
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system’s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has “deps: qs@6.9.7” in its release description, is not vulnerable).
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page’s meta description and get it executed in the versioned history compare view.
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user’s network traffic could bypass the application’s use of SSL/TLS encryption and use the application as a platform for attacks against its users.
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the file:// protocol.
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.
A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability.
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324.
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331.
super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.
super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.
A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue.
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names.
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names.
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.
The target’s backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users’ passwords via a bruteforce attack.
A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f.
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It’s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: “` #if (!$services.csrf.isTokenValid($request.get(‘form_token’))) #set ($discard = $response.sendError(401, “Wrong CSRF token”)) #end “`
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: – 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 – 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 – 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa.
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the “Forgot your password” link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It’s also possible for administrators to set some properties for the migration: it’s possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won’t be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user’s rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds.
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
This article is contributed. See the original author and article here.
Inserting image as choices is a long expected feature from forms and quizzes users. Today, we are excited to share you can now add image as answers in Microsoft Forms. Starting from December, it will be gradually rolling out globally, hope you can explore these new updates when it’s available to you.
Images as answer is supported in both forms and quiz. We understand that visualization is critically important in teaching and learning to assist students digest context easier and create connection with knowledge faster, especially for young kids when they are still growing language skills.
How to insert image
You can insert images in multiple choice question with following methods. Let’s walk you through each of them in details.
bulk import
drag and drop
copy and paste
1) Bulk import are supported in both desktop and mobile, with 5MB size limit per image. Images from OneDrive, local or Bing search are all accessible. You could bulk select 5 images each batch and continue to add another batch if needed.
2) Drag & drop images directly is also enabled if you need to quickly grab an image from your desktop, local folders or somewhere handy.
3) Copy-and-paste is enabled if you would like to save time storing images here or there, you can simply paste the image from somewhere or just pull a screenshot even faster.
Image customization
Last but not least, image resizing is enabled for further customization if needed. On default status, uploaded images will be auto center-cropped fitting to the predefine border. If that is not yet best fitting what you expected, you can zoom in/out to resize image or drag the images to change focus through the image editor.
Data visualization
Images will be displayed when users create & preview the survey in design time, when responders fill the survey or when the owner wants to check details in individual result page. The rest of other cases (such as analysis view in response tab or data in Excel worksheet), there is only text showing up as representations of these choices.
Feedback
We want to hear from you! To send your feedback, you can leave message below or go to the upper right corner of Forms design page and select Settings (…) > Feedback. Thank you.
This article is contributed. See the original author and article here.
I recently learned about 2 exciting ways that you can use your coding skills to extend the functionality of the Power Platform. The 2 ways:
Using your experience of working with APIs tobuild custom connectorsthat allow Low Code Applications to connect to external and your favorite data sources
[Focus for this blog] Bringing in your coding skills to build custom controls that will be deployed to the Dataverse to be accessed by citizen developers as drag-and-drop controls for their applications. Learn why you should build custom controls in this 2-minute video:
Tools & Concepts: VS Code, Power Platform CLI (pac), PowerApps Component Framework (PCF), TypeScript, Browser-debugging, Power Platform Tools Extension
Steps to get you started
Good News! Join our LinkedIn community for frequent updates on different ways to use your developer experience & skills to improve the Power Platform.
1. Get yourself a free M365 Developer Account
To access an environment on Power Platform for you to deploy your control, you would need to sign in using a work account. If you already have one, drop to step 2, but if not, click join now on the M365 Developer Program page to create a free E5 Developer Subscription, which will allow you to create your own sandbox and you will forever be able to develop solutions for the Power Platform Step-by-step to create a free work account
2. Initialize a Custom control
Just like any other developer project, you need to initialize the control-project and you will use the power platform CLI directly on your VS Code terminal, i.e.
Testing will be done on the PowerApps Component Framework Test Environment rendered on your browser, and you can use available browser-debugging tools as well
3. Walkthrough sample TypeScript Code to implement a simple control
Implement your control’s functionality by adding TypeScript code. Watch this short video as I briefly take you through the code that renders a simple Hi [UserName] control. Depending on your skill-level, you can build simple controls such as this one, or more complex ones
4. Deploy Control or Submit it as an Open-Source Sample
Option 1: If you would like to use the control in your own Power App, or perhaps you built the control for a specific organization to utilize for their solutions, you would ideally deploy it to the organization’s environment. Note that every developer with access to that environment will be able to use your control. Watch this short video as it shows how to deploy your control to a specific Dataverse environment.
Option 2: You can build custom controls and submit them to the PCF Gallery. This way, citizen developers from across the world can find your control and import it to use in their solutions.
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Recent Comments