The Zero (0) Day Division is a group of security professionals working towards a common goal; securing open-source projects.
Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution.
An attacker must be authenticated to perform this attack.
Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution.
An attacker must be authenticated to perform this attack.
Yes, this is another instance of the same bug
Unrestricted file deletion vulnerabilities are caused by overly trusting a user’s input and allowing the user to manipulate the path of the file to be deleted. This may allow an attacker to create a denial of service scenario.
An attacker must be authenticated to perform this attack.
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
RDF4j contains the functionality to parse rdf files. These files are in XML format. 0dd identified that the parser used within the program was not securely implemented.
Local file disclosure is a vulnerability which allows an attacker to disclose the contents of files on the server. An attacker can use this vulnerability to disclose the contents of sensitive files like /etc/passwd, config files, etc.
In lh-ehr, an attacker must be authenticated to perform this attack. Should the attacker know the path to a file and the web server user has sufficient access to read the file, the contents of the file will be echoed in the page.