[remote] Atcom 2.7.x.x - Authenticated Command Injection

Atcom 2.7.x.x - Authenticated Command Injection

[webapps] Shuttle-Booking-Software v1.0 - Multiple-SQLi

Shuttle-Booking-Software v1.0 - Multiple-SQLi

[webapps] Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

[webapps] GLPI GZIP(Py3) 9.4.5 - RCE

GLPI GZIP(Py3) 9.4.5 - RCE

[webapps] Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

[webapps] Limo Booking Software v1.0 - CORS

Limo Booking Software v1.0 - CORS

[dos] OpenPLC WebServer 3 - Denial of Service

OpenPLC WebServer 3 - Denial of Service

[webapps] Clcknshop 1.0.0 - SQL Injection

Clcknshop 1.0.0 - SQL Injection

[dos] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

[webapps] WEBIGniter v28.7.23 File Upload - Remote Code Execution

WEBIGniter v28.7.23 File Upload - Remote Code Execution

[webapps] Online ID Generator 1.0 - Remote Code Execution (RCE)

Online ID Generator 1.0 - Remote Code Execution (RCE)

[webapps] Webedition CMS v2.9.8.8 - Blind SSRF

Webedition CMS v2.9.8.8 - Blind SSRF

[webapps] Cacti 1.2.24 - Authenticated command injection when using SNMP options

Cacti 1.2.24 - Authenticated command injection when using SNMP options

[webapps] Splunk 9.0.5 - admin account take over

Splunk 9.0.5 - admin account take over

[remote] Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

[webapps] Media Library Assistant Wordpress Plugin - RCE and LFI

Media Library Assistant Wordpress Plugin - RCE and LFI

[local] Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

[remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

[webapps] BoidCMS v2.0.0 - authenticated file upload vulnerability

BoidCMS v2.0.0 - authenticated file upload vulnerability

[remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

[webapps] Coppermine Gallery 1.6.25 - RCE

Coppermine Gallery 1.6.25 - RCE

[webapps] Minio 2022-07-29T19-40-48Z - Path traversal

Minio 2022-07-29T19-40-48Z - Path traversal

Red Hat Security Advisory 2023-5485-01

Red Hat Security Advisory 2023-5485-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2023-5486-01

Red Hat Security Advisory 2023-5486-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

Ubuntu Security Notice USN-6416-2

Ubuntu Security Notice 6416-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.

Apple Security Advisory 2023-10-04-1

Apple Security Advisory 2023-10-04-1 - iOS 17.0.3 and iPadOS 17.0.3 addresses buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2023-5484-01

Red Hat Security Advisory 2023-5484-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2023-5480-01

Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5488-01

Red Hat Security Advisory 2023-5488-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2023-5491-01

Red Hat Security Advisory 2023-5491-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.11.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Debian Security Advisory 5517-1

Debian Linux Security Advisory 5517-1 - Multiple security vulnerabilities were discovered in libx11, the X11 client-side library, which may result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5518-1

Debian Linux Security Advisory 5518-1 - It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service.

Red Hat Security Advisory 2023-5475-01

Red Hat Security Advisory 2023-5475-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5479-01

Red Hat Security Advisory 2023-5479-01 - Red Hat OpenShift Serverless Client kn 1.30.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.30.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. This release includes security and bug fixes, and enhancements. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5476-01

Red Hat Security Advisory 2023-5476-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Debian Security Advisory 5516-1

Debian Linux Security Advisory 5516-1 - Multiple security vulnerabilities were discovered in libxpm, the X11 pixmap library, which may result in denial of service or the execution of arbitrary code.

Red Hat Security Advisory 2023-5453-01

Red Hat Security Advisory 2023-5453-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer overflow, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5461-01

Red Hat Security Advisory 2023-5461-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5455-01

Red Hat Security Advisory 2023-5455-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer overflow, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5458-01

Red Hat Security Advisory 2023-5458-01 - Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.

Red Hat Security Advisory 2023-5472-01

Red Hat Security Advisory 2023-5472-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5464-01

Red Hat Security Advisory 2023-5464-01 - FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

Red Hat Security Advisory 2023-5473-01

Red Hat Security Advisory 2023-5473-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5454-01

Red Hat Security Advisory 2023-5454-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-5474-01

Red Hat Security Advisory 2023-5474-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5465-01

Red Hat Security Advisory 2023-5465-01 - FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

Red Hat Security Advisory 2023-5460-01

Red Hat Security Advisory 2023-5460-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so

Posted by Qualys Security Advisory via Fulldisclosure on Oct 05

Qualys Security Advisory

Looney Tunables: Local Privilege Escalation in the glibc's ld.so
(CVE-2023-4911)

========================================================================
Contents
========================================================================

Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline

========================================================================
Summary...

APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3

Posted by Apple Product Security via Fulldisclosure on Oct 05

APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3

iOS 17.0.3 and iPadOS 17.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213961.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro...

SEC Consult SA-20231005 :: Open Redirect in SAP® BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Oct 05

SEC Consult Vulnerability Lab Security Advisory < 20231005-0 >
=======================================================================
title: Open Redirect in BSP Test Application it00
(Bypass for CVE-2020-6215 Patch)
product: SAP® Application Server ABAP and ABAP®
Platform (SAP_BASIS)
vulnerable version: see section "Vulnerable / tested versions"...

APPLE-SA-09-26-2023-2 macOS Sonoma 14

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-2 macOS Sonoma 14

macOS Sonoma 14 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213940.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Airport
Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac
Pro (2019 and later), Mac mini (2018 and...

APPLE-SA-09-26-2023-1 Safari 17

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-1 Safari 17

Safari 17 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213941.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari
Available for: macOS Monterey and macOS Ventura
Impact: Visiting a website that frames malicious content may lead to UI...

APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7

iOS 16.7 and iPadOS 16.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213927.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

App Store
Available for: iPhone 8 and later, iPad Pro...

APPLE-SA-09-26-2023-5 Additional information for APPLE-SA-2023-09-21-7 macOS Monterey 12.7

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-5 Additional information for APPLE-SA-2023-09-21-7 macOS Monterey 12.7

macOS Monterey 12.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213932.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Monterey
Impact: An app...

APPLE-SA-09-26-2023-4 Additional information for APPLE-SA-2023-09-21-6 macOS Ventura 13.6

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-4 Additional information for APPLE-SA-2023-09-21-6 macOS Ventura 13.6

macOS Ventura 13.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213931.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Ventura
Impact: An app may...

APPLE-SA-09-26-2023-6 Xcode 15

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-6 Xcode 15

Xcode 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213939.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Dev Tools
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to gain elevated privileges
Description: This issue was...

APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17

iOS 17 and iPadOS 17 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213938.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Airport
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch,...

APPLE-SA-09-26-2023-8 watchOS 10

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-8 watchOS 10

watchOS 10 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213937.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

App Store
Available for: Apple Watch Series 4 and later
Impact: A remote attacker may be able to break out of Web Content
sandbox...

SEC Consult SA-20230927-0 :: Multiple Vulnerabilities in SAP® Enable Now Manager

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Oct 02

SEC Consult Vulnerability Lab Security Advisory < 20230927-0 >
=======================================================================
title: Multiple Vulnerabilities
product: SAP® Enable Now Manager
vulnerable version: 10.6.5 (Build 2804) Cloud Edition
fixed version: May 2023 Release
CVE number: N/A (cloud)
impact: high
homepage: https://www.sap.com/about.html...

APPLE-SA-09-26-2023-9 tvOS 17

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-9 tvOS 17

tvOS 17 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213936.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Airport
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read sensitive location information...