[local] KiTTY 0.76.1.13 - Command Injection

KiTTY 0.76.1.13 - Command Injection

[remote] SolarView Compact 6.00 - Command Injection

SolarView Compact 6.00 - Command Injection

MetaFox Remote Shell Upload Exploit

Posted by j0ck1ng@tempr.email on Mar 13

#!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google Dork: "Social network for niche
communities"# Exploit Author: The Joker# Vendor Homepage: https://www.phpfox.com# Version: <= 5.1.8import jsonimport
requestsimport sysif len(sys.argv) != 4:   sys.exit("Usage: %s " % sys.argv[0])   
requests.packages.urllib3.disable_warnings()endpoint = sys.argv[1] + "/api/v1/user/login"response =...

APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

macOS Ventura 13.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214085.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Ventura
Impact: An app may be able to elevate privileges
Description: A...

APPLE-SA-03-07-2024-7 visionOS 1.1

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-7 visionOS 1.1

visionOS 1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214087.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple Vision Pro
Impact: An app may be able to spoof system notifications and UI
Description: This...

APPLE-SA-03-12-2024-1 GarageBand 10.4.11

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-12-2024-1 GarageBand 10.4.11

GarageBand 10.4.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214090.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

GarageBand
Available for: macOS Ventura and macOS Sonoma
Impact: Processing a maliciously crafted file may lead to...

HNS-2024-05 - HN Security Advisory - Multiple vulnerabilities in RT-Thread RTOS

Posted by Marco Ivaldi on Mar 13

Hi,

Please find attached a security advisory that describes multiple
vulnerabilities we discovered in RT-Thread RTOS.

* Title: Multiple vulnerabilities in RT-Thread RTOS
* OS: RT-Thread <= 5.0.2
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2024-03-05
* CVE IDs and advisory URLs:
* CVE-2024-24334 - https://github.com/RT-Thread/rt-thread/issues/8282
* CVE-2024-24335 -...

SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 13

SEC Consult Vulnerability Lab Security Advisory < 20240307-0 >
=======================================================================
title: Local Privilege Escalation via writable files
product: Checkmk Agent
vulnerable version: 2.0.0, 2.1.0, 2.2.0
fixed version: 2.1.0p40, 2.2.0p23, 2.3.0b1, 2.4.0b1
CVE number: CVE-2024-0670
impact: high
homepage: https://checkmk.com...

APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

iOS 16.7.6 and iPadOS 16.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214082.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Kernel
Available for: iPhone 8, iPhone 8 Plus, iPhone X,...

APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

macOS Monterey 12.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214083.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Monterey
Impact: An app may be able to elevate privileges
Description: A...

APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

iOS 17.4 and iPadOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214081.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Accessibility
Available for: iPhone XS and later, iPad Pro...

APPLE-SA-03-07-2024-5 watchOS 10.4

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-5 watchOS 10.4

watchOS 10.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214088.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple Watch Series 4 and later
Impact: A malicious app may be able to observe user data in log...

APPLE-SA-03-07-2024-1 Safari 17.4

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-1 Safari 17.4

Safari 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214089.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari Private Browsing
Available for: macOS Monterey and macOS Ventura
Impact: Private Browsing tabs may be accessed without...

APPLE-SA-03-07-2024-6 tvOS 17.4

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-6 tvOS 17.4

tvOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214086.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A malicious app may be able to observe user data in log...

APPLE-SA-03-07-2024-2 macOS Sonoma 14.4

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-2 macOS Sonoma 14.4

macOS Sonoma 14.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214084.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: macOS Sonoma
Impact: A malicious app may be able to observe user data in log entries...

Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution

Posted by malvuln on Mar 13

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Beastdoor.oq
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1332, makes outbound
connections to SMTP port 25 and executes a PE file named svchost.exe
dropped in...

StimulusReflex CVE-2024-28121

Posted by lixts via Fulldisclosure on Mar 13

StimulusReflex CVE-2024-28121

Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10.

## Vulnerable code excerpt

stimulus_reflex/lib/stimulus_reflex/reflex.rb
```
# Invoke the reflex action specified by `name` and run all callbacks
def process(name, *args)
run_callbacks(:process) { public_send(name, *args) }
end
```

stimulus_reflex/app/channels/stimulus_reflex/channel.rb...

Ubuntu Security Notice USN-6693-1

Ubuntu Security Notice 6693-1 - It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service.

Ubuntu Security Notice USN-6663-2

Ubuntu Security Notice 6663-2 - USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 16.04 LTS. As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks.

Ubuntu Security Notice USN-6692-1

Ubuntu Security Notice 6692-1 - It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6691-1

Ubuntu Security Notice 6691-1 - It was discovered that OVN incorrectly enabled OVS Bidirectional Forwarding Detection on logical ports. A remote attacker could possibly use this issue to disrupt traffic.

Red Hat Security Advisory 2024-1304-03

Red Hat Security Advisory 2024-1304-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-1305-03

Red Hat Security Advisory 2024-1305-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-1303-03

Red Hat Security Advisory 2024-1303-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-1278-03

Red Hat Security Advisory 2024-1278-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include out of bounds write and use-after-free vulnerabilities.

[remote] VMware Cloud Director 10.5 - Bypass identity verification

VMware Cloud Director 10.5 - Bypass identity verification

[webapps] OSGi v3.8-3.18 Console - RCE

OSGi v3.8-3.18 Console - RCE

[webapps] SnipeIT 6.2.1 - Stored Cross Site Scripting

SnipeIT 6.2.1 - Stored Cross Site Scripting

[webapps] Client Details System 1.0 - SQL Injection

Client Details System 1.0 - SQL Injection

[webapps] OSGi v3.7.2 (and below) Console - RCE

OSGi v3.7.2 (and below) Console - RCE

[webapps] Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE

Cisco Firepower Management Center

Ubuntu Security Notice USN-6656-2

Ubuntu Security Notice 6656-2 - USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

Ubuntu Security Notice USN-6689-1

Ubuntu Security Notice 6689-1 - It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6681-2

Ubuntu Security Notice 6681-2 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6688-1

Ubuntu Security Notice 6688-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-6690-1

Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.

Ubuntu Security Notice USN-6658-2

Ubuntu Security Notice 6658-2 - USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2024-1268-03

Red Hat Security Advisory 2024-1268-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1269-03

Red Hat Security Advisory 2024-1269-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1270-03

Red Hat Security Advisory 2024-1270-03 - An update for docker is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Security Advisory 2024-1250-03

Red Hat Security Advisory 2024-1250-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include memory exhaustion, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1251-03

Red Hat Security Advisory 2024-1251-03 - An update for kpatch-patch-5_14_0-362_13_1, kpatch-patch-5_14_0-362_18_1, and kpatch-patch-5_14_0-362_8_1 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-1253-03

Red Hat Security Advisory 2024-1253-03 - An update for kpatch-patch-5_14_0-70_64_1, kpatch-patch-5_14_0-70_70_1, kpatch-patch-5_14_0-70_75_1, kpatch-patch-5_14_0-70_80_1, and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1248-03

Red Hat Security Advisory 2024-1248-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1244-03

Red Hat Security Advisory 2024-1244-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1249-03

Red Hat Security Advisory 2024-1249-03 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1241-03

Red Hat Security Advisory 2024-1241-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-1240-03

Red Hat Security Advisory 2024-1240-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

[webapps] Human Resource Management System 1.0 - 'employeeid' SQL Injection

Human Resource Management System 1.0 - 'employeeid' SQL Injection

Debian Security Advisory 5638-1

Debian Linux Security Advisory 5638-1 - It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks.

Ubuntu Security Notice USN-6687-1

Ubuntu Security Notice 6687-1 - It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use this issue to obtain encrypted passwords.

[webapps] Sitecore - Remote Code Execution v8.2

Sitecore - Remote Code Execution v8.2

[webapps] WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover

WordPress Plugin Duplicator

[local] Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass

Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass

[webapps] Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore

[webapps] Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read

Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read

[webapps] DataCube3 v1.0 - Unrestricted file upload 'RCE'

DataCube3 v1.0 - Unrestricted file upload 'RCE'

[webapps] Ladder v0.0.21 - Server-side request forgery (SSRF)

Ladder v0.0.21 - Server-side request forgery (SSRF)

[webapps] Akaunting < 3.1.3 - RCE

Akaunting

[webapps] Numbas < v7.3 - Remote Code Execution

Numbas