Unquoted Path - XAMPP 8.2.4

Posted by Andrey Stoykov on Jul 11

# Exploit Title: XAMPP 8.2.4 - Unquoted Path
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 8.2.4
# Software Link:
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com/

Steps to Exploit:

1. Search for unquoted paths
2. Generate meterpreter shell
3. Copy shell to XAMPP directory replacing...

APPLE-SA-2023-07-10-1 Safari 16.5.2

Posted by Apple Product Security via Fulldisclosure on Jul 11

APPLE-SA-2023-07-10-1 Safari 16.5.2

Safari 16.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213826.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may lead to arbitrary code execution....

APPLE-SA-2023-07-10-2 Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1

Posted by Apple Product Security via Fulldisclosure on Jul 11

APPLE-SA-2023-07-10-2 Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1

Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213823.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

This document describes the content of...

APPLE-SA-2023-07-10-3 Rapid Security Responses for macOS Ventura 13.4.1

Posted by Apple Product Security via Fulldisclosure on Jul 11

APPLE-SA-2023-07-10-3 Rapid Security Responses for macOS Ventura 13.4.1

Rapid Security Responses for macOS Ventura 13.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213825.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

This document describes the content of Rapid Security...

Re: [tool] tc - anonymous and cyphered chat over Tor circuits in PGP

Posted by bo0od via Fulldisclosure on Jul 11

I didnt see worst than this app to use for anonymity like this one:

- PGP is old bad stuff:

https://www.kicksecure.com/wiki/OpenPGP#Issues_with_PGP

- RSA/DSA old as well and has tons of security issues like side channel
and timing attacks..etc (the researches about them everywhere)

use Post-Quantum cryptography or at least ECC.

- C code is again old and insecure (memory issues..etc), should be
replaced with Rust

so yeah nice idea but...

Asterisk Release 16.30.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 11

The Asterisk Development Team would like to announce security release
Asterisk 16.30.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/16.30.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm

Change Log for Release 16.30.1...

Asterisk Release 18.18.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 11

The Asterisk Development Team would like to announce security release
Asterisk 18.18.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.18.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm

Change Log for Release 18.18.1...

Re: Ransom.Haron / Code Execution

Posted by malvuln on Jul 11

*** Correction: should have been CRYPTSP.dll ***

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Haron
Vulnerability: Code Execution
Description: Haron looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,...

Asterisk Release 19.8.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 11

The Asterisk Development Team would like to announce security release
Asterisk 19.8.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/19.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm

Change Log for Release 19.8.1...

Asterisk Release 20.3.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 11

The Asterisk Development Team would like to announce security release
Asterisk 20.3.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.3.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm

Change Log for Release 20.3.1...

Asterisk Release certified-18.9-cert5

Posted by Asterisk Development Team via Fulldisclosure on Jul 11

The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert5.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert5
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm...

Debian Security Advisory 5451-1

Debian Linux Security Advisory 5451-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Red Hat Security Advisory 2023-4023-01

Red Hat Security Advisory 2023-4023-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6215-1

Ubuntu Security Notice 6215-1 - It was discovered that dwarves incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause dwarves to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-4021-01

Red Hat Security Advisory 2023-4021-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6214-1

Ubuntu Security Notice 6214-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. P Umar Farooq discovered that Thunderbird did not properly provide warning when opening Diagcab files. If a user were tricked into opening a malicious Diagcab file, an attacker could execute arbitrary code.

Ubuntu Security Notice USN-6213-1

Ubuntu Security Notice 6213-1 - It was discovered that Ghostscript incorrectly handled pipe devices. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code.

Ubuntu Security Notice USN-6210-1

Ubuntu Security Notice 6210-1 - It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information.

Red Hat Security Advisory 2023-4020-01

Red Hat Security Advisory 2023-4020-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.

Debian Security Advisory 5450-1

Debian Linux Security Advisory 5450-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

Red Hat Security Advisory 2023-4022-01

Red Hat Security Advisory 2023-4022-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4005-02

Red Hat Security Advisory 2023-4005-02 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4003-01

Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4004-01

Red Hat Security Advisory 2023-4004-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-6212-1

Ubuntu Security Notice 6212-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

Red Hat Security Advisory 2023-4008-01

Red Hat Security Advisory 2023-4008-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-6211-1

Ubuntu Security Notice 6211-1 - USN-6130-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message.

Ubuntu Security Notice USN-6209-1

Ubuntu Security Notice 6209-1 - Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to crash Gerbv , or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information, crash Gerbv , or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

Debian Security Advisory 5449-1

Debian Linux Security Advisory 5449-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

[local] AVG Anti Spyware 7.5 - Unquoted Service Path "AVG Anti-Spyware Guard"

AVG Anti Spyware 7.5 - Unquoted Service Path "AVG Anti-Spyware Guard"

[local] MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTSchedulerService"

MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTSchedulerService"

[webapps] Ateme TITAN File 3.9 - SSRF File Enumeration

Ateme TITAN File 3.9 - SSRF File Enumeration

[webapps] Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

[webapps] BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)

BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)

[webapps] Spring Cloud 3.2.2 - Remote Command Execution (RCE)

Spring Cloud 3.2.2 - Remote Command Execution (RCE)

[webapps] Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)

Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)

[local] Game Jackal Server v5 - Unquoted Service Path "GJServiceV5"

Game Jackal Server v5 - Unquoted Service Path "GJServiceV5"

[local] MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTAgentService"

MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTAgentService"

ServiceNow Insecure Access Control / Full Admin Compromise

ServiceNow suffered from having an insecure access control that could lead to full administrative compromise. The associated link has a proof of concept.

Apple Security Advisory 2023-06-21-7

Apple Security Advisory 2023-06-21-7 - watchOS 9.5.2 addresses code execution and integer overflow vulnerabilities.

Apple Security Advisory 2023-06-21-8

Apple Security Advisory 2023-06-21-8 - watchOS 8.8.1 addresses code execution and integer overflow vulnerabilities.

Apple Security Advisory 2023-06-21-4

Apple Security Advisory 2023-06-21-4 - macOS Ventura 13.4.1 addresses code execution and integer overflow vulnerabilities.

Apple Security Advisory 2023-06-21-5

Apple Security Advisory 2023-06-21-5 - macOS Monterey 12.6.7 addresses code execution and integer overflow vulnerabilities.

Apple Security Advisory 2023-06-21-6

Apple Security Advisory 2023-06-21-6 - macOS Big Sur 11.7.8 addresses code execution and integer overflow vulnerabilities.

Apple Security Advisory 2023-06-21-3

Apple Security Advisory 2023-06-21-3 - iOS 15.7.7 and iPadOS 15.7.7 addresses code execution and integer overflow vulnerabilities.

SEC Consult SA-20230628-0 :: Stored XSS & Privilege Escalation in Boomerang Parental Control App

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jul 07

SEC Consult Vulnerability Lab Security Advisory < 20230628-0 >
=======================================================================
title: Stored XSS & Privilege Escalation
product: Boomerang Parental Control App
vulnerable version: <13.83
fixed version: >=13.83 (only issue 1), rest not fixed
CVE number: CVE-2023-36620, CVE-2023-36621
impact: High...

SEC Consult SA-20230705-0 :: Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jul 07

SEC Consult Vulnerability Lab Security Advisory < 20230705-0 >
=======================================================================
title: Path traversal bypass & Denial of service
product: Kyocera TASKalfa 4053ci printer
vulnerable version: TASKalfa 4053ci Version <= 2VG_S000.002.561
fixed version: 2VG_S000.002.574
CVE numbers: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261...

SEC Consult SA-20230703-0 :: Multiple Vulnerabilities including Unauthenticated RCE in Siemens A8000

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jul 07

SEC Consult Vulnerability Lab Security Advisory < 20230703-0 >
=======================================================================
title: Multiple Vulnerabilities including Unauthenticated RCE
product: Siemens A8000 CP-8050 MASTER MODULE (6MF2805-0AA00)
Siemens A8000 CP-8031 MASTER MODULE (6MF2803-1AA00)
vulnerable version: <= V04.92
fixed version: CPCI85 V05
CVE...

SEC Consult Vulnerability Lab Whitepaper: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jul 07

SEC Consult Vulnerability Lab Whitepaper < 20230629-0 >
=======================================================================
Title: Everyone Knows SAP®, Everyone Uses SAP,
Everyone Uses RFC, No One Knows RFC:
From RFC to RCE 16 Years Later
Researcher: Fabian Hagg (Office Vienna)
SEC Consult Vulnerability Lab...

[remote] Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

[remote] Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution

Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution

[webapps] Faculty Evaluation System v1.0 - SQL Injection

Faculty Evaluation System v1.0 - SQL Injection

[webapps] Lost and Found Information System v1.0 - SQL Injection

Lost and Found Information System v1.0 - SQL Injection

[webapps] Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)

Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)

[webapps] Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)

Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)

Debian Security Advisory 5446-1

Debian Linux Security Advisory 5446-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.

Ubuntu Security Notice USN-6200-1

Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.

Ubuntu Security Notice USN-6198-1

Ubuntu Security Notice 6198-1 - It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was installed as setuid or setgid, a local attacker could possibly use this issue to cause a denial of service on a target application.

Ubuntu Security Notice USN-6199-1

Ubuntu Security Notice 6199-1 - It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6197-1

Ubuntu Security Notice 6197-1 - It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service.