SEC Consult SA-20230628-0 :: Stored XSS & Privilege Escalation in Boomerang Parental Control App

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jul 07

SEC Consult Vulnerability Lab Security Advisory < 20230628-0 >
=======================================================================
title: Stored XSS & Privilege Escalation
product: Boomerang Parental Control App
vulnerable version: <13.83
fixed version: >=13.83 (only issue 1), rest not fixed
CVE number: CVE-2023-36620, CVE-2023-36621
impact: High...

SEC Consult SA-20230705-0 :: Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jul 07

SEC Consult Vulnerability Lab Security Advisory < 20230705-0 >
=======================================================================
title: Path traversal bypass & Denial of service
product: Kyocera TASKalfa 4053ci printer
vulnerable version: TASKalfa 4053ci Version <= 2VG_S000.002.561
fixed version: 2VG_S000.002.574
CVE numbers: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261...

SEC Consult SA-20230703-0 :: Multiple Vulnerabilities including Unauthenticated RCE in Siemens A8000

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jul 07

SEC Consult Vulnerability Lab Security Advisory < 20230703-0 >
=======================================================================
title: Multiple Vulnerabilities including Unauthenticated RCE
product: Siemens A8000 CP-8050 MASTER MODULE (6MF2805-0AA00)
Siemens A8000 CP-8031 MASTER MODULE (6MF2803-1AA00)
vulnerable version: <= V04.92
fixed version: CPCI85 V05
CVE...

SEC Consult Vulnerability Lab Whitepaper: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jul 07

SEC Consult Vulnerability Lab Whitepaper < 20230629-0 >
=======================================================================
Title: Everyone Knows SAP®, Everyone Uses SAP,
Everyone Uses RFC, No One Knows RFC:
From RFC to RCE 16 Years Later
Researcher: Fabian Hagg (Office Vienna)
SEC Consult Vulnerability Lab...

[remote] Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

[remote] Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution

Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution

[webapps] Faculty Evaluation System v1.0 - SQL Injection

Faculty Evaluation System v1.0 - SQL Injection

[webapps] Lost and Found Information System v1.0 - SQL Injection

Lost and Found Information System v1.0 - SQL Injection

[webapps] Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)

Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)

[webapps] Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)

Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)

Debian Security Advisory 5446-1

Debian Linux Security Advisory 5446-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.

Ubuntu Security Notice USN-6200-1

Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.

Ubuntu Security Notice USN-6198-1

Ubuntu Security Notice 6198-1 - It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was installed as setuid or setgid, a local attacker could possibly use this issue to cause a denial of service on a target application.

Ubuntu Security Notice USN-6199-1

Ubuntu Security Notice 6199-1 - It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6197-1

Ubuntu Security Notice 6197-1 - It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service.

[webapps] Car Rental Script 1.8 - Stored Cross-site scripting (XSS)

Car Rental Script 1.8 - Stored Cross-site scripting (XSS)

[webapps] Beauty Salon Management System v1.0 - SQLi

Beauty Salon Management System v1.0 - SQLi

Ubuntu Security Notice USN-6196-1

Ubuntu Security Notice 6196-1 - It was discovered that ReportLab incorrectly handled certain PDF files. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice USN-6195-1

Ubuntu Security Notice 6195-1 - It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained a heap-based buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

[webapps] GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] FuguHub 8.1 - Remote Code Execution

FuguHub 8.1 - Remote Code Execution

[webapps] WebsiteBaker v2.13.3 - Stored XSS

WebsiteBaker v2.13.3 - Stored XSS

[webapps] Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

[webapps] D-Link DAP-1325 - Broken Access Control

D-Link DAP-1325 - Broken Access Control

[webapps] WP AutoComplete 1.0.4 - Unauthenticated SQLi

WP AutoComplete 1.0.4 - Unauthenticated SQLi

[webapps] WebsiteBaker v2.13.3 - Directory Traversal

WebsiteBaker v2.13.3 - Directory Traversal

[webapps] WBCE CMS 1.6.1 - Open Redirect & CSRF

WBCE CMS 1.6.1 - Open Redirect & CSRF

[webapps] spip v4.1.10 - Spoofing Admin account

spip v4.1.10 - Spoofing Admin account

[dos] TP-Link TL-WR940N V4 - Buffer OverFlow

TP-Link TL-WR940N V4 - Buffer OverFlow

[webapps] Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)

[webapps] Rukovoditel 3.4.1 - Multiple Stored XSS

Rukovoditel 3.4.1 - Multiple Stored XSS

[remote] Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)

Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)

[remote] Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

[webapps] Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] Prestashop 8.0.4 - Cross-Site Scripting (XSS)

Prestashop 8.0.4 - Cross-Site Scripting (XSS)

[webapps] PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

[webapps] POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

Debian Security Advisory 5444-1

Debian Linux Security Advisory 5444-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Debian Security Advisory 5445-1

Debian Linux Security Advisory 5445-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Debian Security Advisory 5443-1

Debian Linux Security Advisory 5443-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Debian Security Advisory 5442-1

Debian Linux Security Advisory 5442-1 - It was discovered that in some conditions the Flask web framework may disclose a session cookie.

Red Hat Security Advisory 2023-3954-01

Red Hat Security Advisory 2023-3954-01 - This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, code execution, denial of service, information leakage, resource exhaustion, server-side request forgery, and traversal vulnerabilities.

Ubuntu Security Notice USN-6194-1

Ubuntu Security Notice 6194-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6193-1

Ubuntu Security Notice 6193-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

Red Hat Security Advisory 2023-3947-01

Red Hat Security Advisory 2023-3947-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-6192-1

Ubuntu Security Notice 6192-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-3950-01

Red Hat Security Advisory 2023-3950-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Debian Security Advisory 5441-1

Debian Linux Security Advisory 5441-1 - Two vulnerabilities were found in maradns, an open source domain name system (DNS) implementation, that may lead to denial of service and unintended domain name resolution.

Ubuntu Security Notice USN-6191-1

Ubuntu Security Notice 6191-1 - USN-6081-1, USN-6084-1, USN-6092-1 and USN-6095-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message.

Red Hat Security Advisory 2023-3936-01

Red Hat Security Advisory 2023-3936-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3932-01

Red Hat Security Advisory 2023-3932-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

WordPress Ultimate Member 2.6.6 Privilege Escalation

WordPress Ultimate Member plugin versions 2.6.6 and below suffer from a privilege escalation vulnerability.

Debian Security Advisory 5440-1

Debian Linux Security Advisory 5440-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Red Hat Security Advisory 2023-3948-01

Red Hat Security Advisory 2023-3948-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3946-01

Red Hat Security Advisory 2023-3946-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3923-01

Red Hat Security Advisory 2023-3923-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-3935-01

Red Hat Security Advisory 2023-3935-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3945-01

Red Hat Security Advisory 2023-3945-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3949-01

Red Hat Security Advisory 2023-3949-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.