Category Archives: Advisories

Advisories

ZDI-24-106: Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22505.

Read More

Advisories

ZDI-24-105: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22506.

Read More

Advisories

ZDI-24-104: Allegra saveFile Directory Traversal Remote Code Execution Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22548.

Read More