Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL

Posted by Stefan Pietsch on Jan 30

# Trovent Security Advisory 2203-01 #
#####################################

Micro Focus GroupWise transmits session ID in URL
#################################################

Overview
########

Advisory ID: TRSA-2203-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2203-01
Affected product: Micro Focus GroupWise
Affected version: prior to 18.4.2
Vendor: Micro Focus, https://www.microfocus.com...

[SYSS-2022-047] Razer Synapse - Local Privilege Escalation

Posted by Oliver Schwarz via Fulldisclosure on Jan 26

Advisory ID: SYSS-2022-047
Product: Razer Synapse
Manufacturer: Razer Inc.
Affected Version(s): Versions before 3.7.0830.081906
Tested Version(s): 3.7.0731.072516
Vulnerability Type: Improper Certificate Validation (CWE-295)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-08-02
Solution Date: 2022-09-06
Public Disclosure:...

APPLE-SA-2023-01-24-1 tvOS 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-2023-01-24-1 tvOS 16.3

tvOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213601.

AppleMobileFileIntegrity
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing...

[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin

Posted by RedTeam Pentesting GmbH on Jan 26

RedTeam Pentesting identified a vulnerability which allows attackers to
craft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.

Details
=======

Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other...

t2'23: Call For Papers 2023 (Helsinki, Finland)

Posted by Tomi Tuominen via Fulldisclosure on Jan 23

Call For Papers 2023

Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation
Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for
rain or slush. In case of great spring weather, though, no money back.

CFP and registration both open. Read further if still unsure.

Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so...

Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm

Posted by Marco Ivaldi on Jan 23

Hello again,

Just a quick update. Mitre has assigned the following additional CVE IDs:

* CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors
* CVE-2023-24040 - Printer name injection and heap memory disclosure

We have updated the advisory accordingly:
https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt

Regards,
Marco

APPLE-SA-2023-01-23-7 watchOS 9.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-7 watchOS 9.3

watchOS 9.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213599.

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Regula of SecuRing (wojciechregula.blog)

ImageIO...

APPLE-SA-2023-01-23-8 Safari 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-8 Safari 16.3

Safari 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213600.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao...

APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3

iOS 15.7.3 and iPadOS 15.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213598.

Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to leak sensitive kernel state
Description:...

APPLE-SA-2023-01-23-3 iOS 12.5.7

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-3 iOS 12.5.7

iOS 12.5.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213597.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been...

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

macOS Ventura 13.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213605.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)...

APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3

iOS 16.3 and iPadOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213606.

AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access user-sensitive data...

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

macOS Monterey 12.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213604.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing...

APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3

macOS Big Sur 11.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213603.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)...

HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm

Posted by Marco Ivaldi on Jan 19

Dear Full Disclosure,

Find attached a security advisory that details multiple
vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif
libXm, and X.Org libXpm.

* Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
* Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15
* OS: Oracle Solaris 10 (CPU January 2021)
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date:...

SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-2 >
=======================================================================
title: Multiple post-authentication vulnerabilities including RCE
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 16.2.2 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45924, CVE-2022-45922, CVE-2022-45925,...

SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-0 >
=======================================================================
title: Pre-authenticated Remote Code Execution in cs.exe
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 20.4 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45923
impact: Critical
homepage:...

SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-1 >
=======================================================================
title: Pre-authenticated Remote Code Execution via Java frontend
and QDS endpoint
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 20.4 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45927...

wolfSSL before 5.5.0: Denial-of-service with session resumption

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38152 to this issue.

Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022

## SUMMARY
==========

When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on
its session, the server crashes with a...

wolfSSL before 5.5.0: Denial-of-service with session resumption

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38152 to this issue.

Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

When a TLS 1.3 client...

wolfSSL 5.3.0: Denial-of-service

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL 5.3.0: Denial-of-service
==================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38153 to this issue.

Severity: 5.9 MEDIUM
Affected version: 5.3.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

In wolfSSL 5.3.0 man-in-the-middle attackers or a malicious server can crash TLS
1.2...

wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS
====================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-42905 to this issue.

Severity: 9.1 CRITICAL
Affected version: before 5.5.2
End of embargo: Ended October 28, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

If wolfSSL...

Citrix Linux client logs session credentials

Posted by Russell Howe on Jan 16

The Citrix Linux client emits its session credentials when starting a
Citrix session. These credentials end up being recorded in the client's
system log.

Citrix do not consider this to be a security vulnerability.

Writeup here:
https://github.com/rhowe/disclosures/tree/main/citrix-linux-client-cred-leak

Write

[KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Jan 09

----------------------------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP
Object Injection Vulnerability
----------------------------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.1 and prior versions.

[-] Vulnerability Description:

The...

[KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Jan 09

-----------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection
Vulnerability
-----------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/sheet/grid.php script,
specifically into...

[KIS-2023-02] Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability

Posted by Egidio Romano on Jan 09

--------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection
Vulnerability
--------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/structures/structlib.php
script,...

[KIS-2023-01] Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery Vulnerabilities

Posted by Egidio Romano on Jan 09

------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery
Vulnerabilities
------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 25.0 and prior versions.

[-] Vulnerabilities Description:

1) The /tiki-importer.php script does not implement any protection
against...

Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877

Posted by Numan TÜRLE on Jan 06

[+] Centos Web Panel 7 Unauthenticated Remote Code Execution
[+] Centos Web Panel 7 - < 0.9.8.1147
[+] Affected Component ip:2031/login/index.php?login=$(whoami)
[+] Discoverer: Numan Türle @ Gais Cyber Security
[+] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194
[+] CVE: CVE-2022-44877

Description
--------------
Bash commands can be run because double quotes are used to log incorrect...

[tool] ModSecurity backdoor

Posted by Jozef Sudolsky on Jan 02

Announcing a backdoor tool running inside of ModSecurity WAF and
allowing remote command execution with privileges of the web server.

https://github.com/azurit/modsecurity-backdoor

SugarCRM 0-day Auth Bypass + RCE Exploit

Posted by sw33t.0day via Fulldisclosure on Dec 30

#!/usr/bin/env python
#
# SugarCRM 0-day Auth Bypass + RCE Exploit
#
# Dorks:
# https://www.google.com/search?q=site:sugarondemand.com&filter=0
# https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php
# https://www.shodan.io/search?query=http.title:"SugarCRM&quot;
# https://search.censys.io/search?resource=hosts&q=services.http.response.html_title:"SugarCRM&quot;
#...

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213531.

AppleAVD
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact:...

APPLE-SA-2022-12-13-3 iOS 16.1.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-3 iOS 16.1.2

iOS 16.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213516.

WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited against versions of iOS released
before iOS 15.1.
Description: A type...

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.

Accounts
Available for: macOS Ventura
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AMD
Available for: macOS Ventura
Impact: An app may...

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

macOS Monterey 12.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213533.

Bluetooth
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)

BOM...

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

macOS Big Sur 11.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213534.

BOM
Available for: macOS Big Sur
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2022-42821: Jonathan Bar Or of Microsoft

DriverKit
Available for: macOS Big Sur
Impact: An app may be able to...

APPLE-SA-2022-12-13-8 watchOS 9.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-8 watchOS 9.2

watchOS 9.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213536.

Accounts
Available for: Apple Watch Series 4 and later
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD
Available for: Apple Watch Series 4 and...

APPLE-SA-2022-12-13-9 Safari 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-9 Safari 16.2

Safari 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213537.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie...

APPLE-SA-2022-12-13-7 tvOS 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-7 tvOS 16.2

tvOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213535.

Accounts
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),
and Apple TV HD
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD...

SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

Hi,

earlier this year in February 2022, we published a technical security advisory -
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ - on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.

Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server...

SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution - CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:...

APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

iOS 16.2 and iPadOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213530.

Accounts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A user may be able to view sensitive user information
Description:...

Ransom.Win64.AtomSilo / Crypto Logic Flaw

Posted by malvuln on Dec 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Ransom.Win64.AtomSilo
Vulnerability: Crypto Logic Flaw
Family: AtomSilo
Type: PE64
MD5: 5559e9f5e1645f8554ea020a29a5a3ee
Vuln ID: MVID-2022-0666
Disclosure: 12/14/2022
Description: AtomSilo...

Backdoor.Win32.InCommander.17.b / Hardcoded Cleartext Credentials

Posted by malvuln on Dec 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dd76d8a5874bf8bf05279e35c68449ca.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Backdoor.Win32.InCommander.17.b
Vulnerability: Hardcoded Cleartext Credentials
Family: InCommander
Type: PE32
MD5: dd76d8a5874bf8bf05279e35c68449ca
Vuln ID: MVID-2022-0665
Dropped files:...

Adversary3 updated / Malware vulnerability intel tool for third-party attackers

Posted by malvuln on Dec 20

The Adversary3 project has been updated, added a new vulnerability
category "Logic Flaw" and dozens of new malware vulnerabilities.

https://github.com/malvuln/Adversary3

[CFP] BSides San Francisco – April 2023

Posted by BSidesSF CFP via Fulldisclosure on Dec 20

BSidesSF is soliciting presentations, workshops, and villages for the 2023
annual BSidesSF conference.

Presentations: https://bsidessf.org/cfp
Workshops: https://bsidessf.org/cfp/workshops
Villages: https://bsidessf.org/cfp/villages

** Topics **

All topic areas related to reliability, application security, web security,
network security, privacy, cryptography, and information security are of
interest and in scope.

Let us help you get the word...

SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 13

SEC Consult Vulnerability Lab Security Advisory < 20221213-0 >
=======================================================================
title: Privilege Escalation Vulnerabilities (UNIX Insecure File
Handling)
product: SAP® Host Agent (saposcol)
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3159736
CVE...

Re: CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh

Posted by Thomas Weber on Dec 13

CyberDanube Security Research 20221009-0
-------------------------------------------------------------------------------

               title| Authenticated Command Injection
             product| Intelbras WiFiber 120AC inMesh
  vulnerable version| 1.1-220216
       fixed version| 1-1-220826
          CVE number| CVE-2022-40005
              impact| High
           ...

Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0) / Insecure Proprietary Password Encryption

Posted by malvuln on Dec 13

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0)
Vulnerability: Insecure Proprietary Password Encryption
Family: CyberGate
Type: PE32
MD5: 618f28253d1268132a9f10819a6947f2
Vuln ID:...

Vulnerabilities Disclosure - Shoplazza Stored XSS

Posted by Andrey Stoykov on Dec 13

# Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting
# Exploit Author: Andrey Stoykov
# Software Link: https://github.com/Shoplazza/LifeStyle
# Version: 1.1
# Tested on: Ubuntu 20.04

Stored XSS #1:

To reproduce do the following:

1. Login as normal user account
2. Browse "Blog Posts" -> "Manage Blogs" -> "Add Blog Post"
3. Select "Title" and enter payload...

Microsoft PlayReady security research

Posted by Security Explorations on Dec 10

Hello,

Microsoft PlayReady is one of the key technologies used by PayTV
industry and OTT platforms for Digital Rights Management and content
security in general. According to Microsoft, PlayReady Server SDK has
several hundred service provider licensees.

Security Explorations conducted security analysis of Microsoft Play
Ready content protection technology in the environment of CANAL+ SAT
TV provider. As a result, complete access to movie...

CyberDanube Security Research 20221130-0 | Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN

Posted by Thomas Weber on Dec 08

CyberDanube Security Research 20221130-0
-------------------------------------------------------------------------------
               title| Multiple Vulnerabilities
             product| Delta Electronics DX-2100-L1-CN
  vulnerable version| V1.5.0.10
       fixed version| V1.5.0.12
          CVE number| -
              impact| High
            homepage|...

CyberDanube Security Research 20221130-1 | Authenticated Command Injection in Delta Electronics DVW-W02W2-E2

Posted by Thomas Weber on Dec 08

CyberDanube Security Research 20221130-1
-------------------------------------------------------------------------------
               title| Authenticated Command Injection
             product| Delta Electronics DVW-W02W2-E2
  vulnerable version| V2.42
       fixed version| V2.5.2
          CVE number| -
              impact| High
            homepage|...

SEC Consult SA-20221206-0 :: Multiple critical vulnerabilities in ILIAS eLearning platform

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08

SEC Consult Vulnerability Lab Security Advisory < 20221206-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: ILIAS eLearning platform
vulnerable version: <= 7.15
fixed version: 7.16
CVE number: CVE-2022-45915, CVE-2022-45916, CVE-2022-45917,
CVE-2022-45918
impact: critical...

Backdoor.Win32.Delf.gj / Information Disclosure

Posted by malvuln on Dec 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8872c2ec49ff3382240762a029631684.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Backdoor.Win32.Delf.gj
Vulnerability: Information Disclosure
Description: The malware listens on TCP port 80. Third-party adversaries
who can reach an infected system can pass...

SEC Consult SA-20221201-0 :: Replay attacks & Displaying arbitrary contents in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08

SEC Consult Vulnerability Lab Security Advisory < 20221201-0 >
=======================================================================
title: Replay attacks & Displaying arbitrary contents
product: Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol
(electronic shelf labels)
vulnerable version: All
fixed version: -
CVE number: CVE-2022-45914
impact:...

SEC Consult SA-20221130-0 :: Multiple critical vulnerabilities in Planet Enterprises Ltd - Planet eStream

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08

SEC Consult Vulnerability Lab Security Advisory < 20221130-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Planet Enterprises Ltd - Planet eStream
vulnerable version: <6.72.10.07
fixed version: 6.72.10.07
CVE number: CVE-2022-45896, CVE-2022-45893, CVE-2022-45891,
CVE-2022-45889,...

Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)

Posted by Qualys Security Advisory via Fulldisclosure on Dec 08

Qualys Security Advisory

Race condition in snap-confine's must_mkdir_and_open_with_perms()
(CVE-2022-3328)

========================================================================
Contents
========================================================================

Summary
Background
Exploitation
Acknowledgments
Timeline

I can't help but feel a missed opportunity to integrate lyrics from
one of the best songs ever: [SNAP! - The...

[CVE-2022-21225] Intel Data Center Manager Console <= 4.1 “getRoomRackData" Authenticated (Guest+) SQL Injection

Posted by Julien Ahrens (RCE Security) on Dec 08

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Intel Data Center Manager
Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html
Type: SQL Injection [CWE-89]
Date found: 2022-01-21
Date published: 2022-12-01
CVSSv3 Score: 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVE: CVE-2022-21225

2....

Intel Data Center Manager <= 5.1 Local Privileges Escalation

Posted by Julien Ahrens (RCE Security) on Dec 08

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Intel Data Center Manager
Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html
Type: Incorrect Use of Privileged APIs [CWE-648]
Date found: 2022-07-16
Date published: 2022-12-07
CVSSv3 Score: 7.4 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE:...

Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability

Posted by Egidio Romano on Dec 03

------------------------------------------------------------------
Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
------------------------------------------------------------------

[-] Software Link:

https://www.drupal.org/project/h5p

[-] Affected Versions:

Version 2.0.0-alpha2 and prior versions.
Version 7.x-1.50 and prior versions.

[-] Vulnerability Description:

The vulnerability is located within the...