Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2321

Release Date:
=============
2023-07-03

Vulnerability Laboratory ID (VL-ID):
====================================
2321

Common Vulnerability Scoring System:
====================================
5.5

Vulnerability Class:
====================
Cross Site...

Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2323

Release Date:
=============
2023-07-17

Vulnerability Laboratory ID (VL-ID):
====================================
2323

Common Vulnerability Scoring System:
====================================
7.2

Vulnerability Class:
====================...

PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2285

Release Date:
=============
2023-07-19

Vulnerability Laboratory ID (VL-ID):
====================================
2285

Common Vulnerability Scoring System:
====================================
5.8

Vulnerability Class:
====================
Cross Site...

CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent

Posted by Qualys Security Advisory via Fulldisclosure on Jul 19

Qualys Security Advisory

CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent

========================================================================
Contents
========================================================================

Summary
Background
Experiments
Results
Discussion
Acknowledgments
Timeline

========================================================================
Summary...

Re: Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability

Posted by Jeffrey Walton on Jul 19

There's also https://en.wikipedia.org/wiki/Session_hijacking#Prevention

One thing Jim Manico of OWASP recommends is to (re)prompt the user for
their password on occasion, like when performing a high value
operation. That will effectively re-authenticate a user before a high
value operation. Attackers with a cookie but without the user's
password should fail the re-authentication challenge.

Jeff

Ubuntu Security Notice USN-6237-1

Ubuntu Security Notice 6237-1 - Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service.

Red Hat Security Advisory 2023-4053-01

Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice USN-6236-1

Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

Red Hat Security Advisory 2023-4204-01

Red Hat Security Advisory 2023-4204-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.

Red Hat Security Advisory 2023-4201-01

Red Hat Security Advisory 2023-4201-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4202-01

Red Hat Security Advisory 2023-4202-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4200-01

Red Hat Security Advisory 2023-4200-01 - A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 including security updates is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-6233-1

Ubuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-4203-01

Red Hat Security Advisory 2023-4203-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-6183-2

Ubuntu Security Notice 6183-2 - USN-6183-1 fixed vulnerabilities in Bind. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service.

Ubuntu Security Notice USN-6078-2

Ubuntu Security Notice 6078-2 - USN-6078-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 16.04 LTS. Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

[webapps] phpfm v1.7.9 - Authentication type juggling

phpfm v1.7.9 - Authentication type juggling

[webapps] Vaidya-Mitra 1.0 - Multiple SQLi

Vaidya-Mitra 1.0 - Multiple SQLi

[webapps] Statamic 4.7.0 - File-Inclusion

Statamic 4.7.0 - File-Inclusion

[webapps] Blackcat Cms v1.4 - Remote Code Execution (RCE)

Blackcat Cms v1.4 - Remote Code Execution (RCE)

[webapps] PimpMyLog v1.7.14 - Improper access control

PimpMyLog v1.7.14 - Improper access control

[webapps] Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)

Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)

[webapps] CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI)

CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI)

[webapps] Blackcat Cms v1.4 - Stored XSS

Blackcat Cms v1.4 - Stored XSS

[webapps] CmsMadeSimple v2.2.17 - Remote Code Execution (RCE)

CmsMadeSimple v2.2.17 - Remote Code Execution (RCE)

[webapps] TP-Link TL-WR740N - Authenticated Directory Transversal

TP-Link TL-WR740N - Authenticated Directory Transversal

[webapps] ABB FlowX v4.00 - Exposure of Sensitive Information

ABB FlowX v4.00 - Exposure of Sensitive Information

[webapps] Online Piggery Management System v1.0 - unauthenticated file upload vulnerability

Online Piggery Management System v1.0 - unauthenticated file upload vulnerability

[webapps] Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration)

Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration)

[remote] Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution

[webapps] CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS)

CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS)

[local] Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure

Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure

[RT-SA-2023-001] Session Token Enumeration in RWS WorldServer

Posted by RedTeam Pentesting GmbH on Jul 19

Advisory: Session Token Enumeration in RWS WorldServer

Session tokens in RWS WorldServer have a low entropy and can be
enumerated, leading to unauthorised access to user sessions.

Details
=======

Product: WorldServer
Affected Versions: 11.7.3 and earlier versions
Fixed Version: 11.8.0
Vulnerability Type: Session Token Enumeration
Security Risk: high
Vendor URL: https://www.rws.com/localization/products/additional-solutions/
Vendor Status:...

Ubuntu Security Notice USN-6235-1

Ubuntu Security Notice 6235-1 - It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-6234-1

Ubuntu Security Notice 6234-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

Debian Security Advisory 5455-1

Debian Linux Security Advisory 5455-1 - A memory allocation issue was found in iperf3, the Internet Protocol bandwidth measuring tool, that may cause denial of service when encountering certain invalid length value in TCP packet.

Red Hat Security Advisory 2023-4146-01

Red Hat Security Advisory 2023-4146-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4145-01

Red Hat Security Advisory 2023-4145-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4154-01

Red Hat Security Advisory 2023-4154-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4152-01

Red Hat Security Advisory 2023-4152-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4151-01

Red Hat Security Advisory 2023-4151-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-4139-01

Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4153-01

Red Hat Security Advisory 2023-4153-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4150-01

Red Hat Security Advisory 2023-4150-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-4126-01

Red Hat Security Advisory 2023-4126-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4130-01

Red Hat Security Advisory 2023-4130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4138-01

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4125-01

Red Hat Security Advisory 2023-4125-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4137-01

Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4025-01

Red Hat Security Advisory 2023-4025-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4124-01

Red Hat Security Advisory 2023-4124-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Red Hat Security Advisory 2023-4128-01

Red Hat Security Advisory 2023-4128-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-4101-01

Red Hat Security Advisory 2023-4101-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4113-01

Red Hat Security Advisory 2023-4113-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Red Hat Security Advisory 2023-4100-01

Red Hat Security Advisory 2023-4100-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4112-01

Red Hat Security Advisory 2023-4112-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

Red Hat Security Advisory 2023-4099-01

Red Hat Security Advisory 2023-4099-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4114-01

Red Hat Security Advisory 2023-4114-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Debian Security Advisory 5454-1

Debian Linux Security Advisory 5454-1 - Riccardo Bonafede discovered that the Kanboard project management software was susceptible to SQL injection.

Ubuntu Security Notice USN-6184-2

Ubuntu Security Notice 6184-2 - USN-6184-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or to possibly obtain sensitive information.