Full Disclosure
Defense in depth -- the Microsoft way (part 84): (no) fun with %COMSPEC%
March 24^th 2023 at 13:17

Defense in depth -- the Microsoft way (part 84): (no) fun with %COMSPEC%

Posted by Stefan Kanthak on Mar 24

Hi @ll,

the documentation of the builtin START command
<https://technet.microsoft.com/en-us/library/cc770297.aspx>
of Windows NT's command processor CMD.EXE states:

| When you run a command that contains the string "CMD" as the first
| token without an extension or path qualifier, "CMD" is replaced
| with the value of the COMSPEC variable.
| This prevents users from picking up cmd from the current directory....

March 24^th 2023 at 13:17

Full Disclosure
Invitation to the World Cryptologic Competition 2023
March 22^nd 2023 at 05:32

Invitation to the World Cryptologic Competition 2023

Posted by Competition Administrator on Mar 21

The WCC 2023 is a fully-online and open competition using GitHub.
The language of the competition is English.

The WCC 2023 has a total duration of 295 days, from Sunday January 1st 2023
to Monday October 23rd 2023.
Teams and Judges must complete registration before Wednesday June 1st.

The WCC 2023 has three entry categories:
Category A: Block Ciphers with a 512-bit block, 512-bit key, and 192-bit
nonce
Category B: Digest Functions with a...

March 22^nd 2023 at 05:32

Full Disclosure
Re: Microsoft PlayReady security research
March 22^nd 2023 at 05:30

Re: Microsoft PlayReady security research

Posted by Adam Gowdiak on Mar 21

Hello,

I feel obliged to provide additional comments to this paragraph as I
start to believe that CANAL+ might not deserve sole blame here...

While Microsoft claims there is absolutely no bug at its end, I
personally start to perceive the company as the one that should be
also blamed to some extent.

Below, I am providing you with the reasons that has lead me to such a
conclusion.

For many months, no response from CANAL+ was taken at my end as...

March 22^nd 2023 at 05:30

Full Disclosure
Insecure python cgi documentation and tutorials are vulnerable to XSS.
March 22^nd 2023 at 05:30

Insecure python cgi documentation and tutorials are vulnerable to XSS.

Posted by Georgi Guninski on Mar 21

Is there low hanging fruit for the following observation?

The documentation of the python cgi module is vulnerable to XSS
(cross site scripting)

https://docs.python.org/3/library/cgi.html

```
form = cgi.FieldStorage()
print("<p>name:", form["name"].value)
print("<p>addr:", form["addr"].value)
```

First result on google for "tutorial python cgi"
is...

March 22^nd 2023 at 05:30

Re: Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is)

Posted by Arik Seils on Mar 21

Hi there,

One can use the Metasploit Framework Module post/windows/local/bypassua _fodhelper to achieve this.

Greetings from Germany,

A.Seils

17.03.2023 06:26:56 Stefan Kanthak <stefan.kanthak () nexgo de>:

March 22^nd 2023 at 05:29

Full Disclosure
Re: Microsoft PlayReady security research
March 21^st 2023 at 10:11

Re: Microsoft PlayReady security research

Posted by Security Explorations on Mar 21

Hello,

I feel obliged to provide additional comments to this paragraph as I
start to believe that CANAL+ might not deserve sole blame here...

While Microsoft claims there is absolutely no bug at its end, I
personally start to perceive the company as the one that should be
also blamed to some extent.

Below, I am providing you with the reasons that has lead me to such a
conclusion.

For many months, no response from CANAL+ was taken at my end as...

March 21^st 2023 at 10:11

Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is)

Posted by Stefan Kanthak on Mar 16

Hi @ll,

with Windows 2000, Microsoft virtualised the [HKEY_CLASSES_ROOT] registry
branch: what was just an alias for [HKEY_LOCAL_MACHINE\SOFTWARE\Classes]
before became the overlay of [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] and
[HKEY_CURRENT_USER\Software\Classes] with the latter having precedence:
<https://msdn.microsoft.com/en-us/library/ms724498.aspx>

Note: while [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] is writable only by...

March 17^th 2023 at 05:23

Full Disclosure
[CFP] Security BSides Ljubljana 0x7E7 | June 16, 2023
March 17^th 2023 at 05:22

[CFP] Security BSides Ljubljana 0x7E7 | June 16, 2023

Posted by Andraz Sraka on Mar 16

MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM
MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...

March 17^th 2023 at 05:22

Full Disclosure
Full Disclosure - Fastly
March 12^th 2023 at 03:13

Full Disclosure - Fastly

Posted by Andrey Stoykov on Mar 11

Correspondence from Fastly declined to comment regarding new discovered
vulnerabilities within their website.

Poor practices regarding password changes.

1. Reset user password
2. Access link sent
3. Temporary password sent plaintext

// HTTP POST request

POST /user/mwebsec%40gmail.com/password/request_reset HTTP/2
Host: api.fastly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0)
Gecko/20100101 Firefox/108.0
[...]

[...]...

March 12^th 2023 at 03:13

Full Disclosure - Shopify Application

Posted by Andrey Stoykov on Mar 11

Correspondence from Shopify declined to comment regarding new discovered
vulnerabilities within their website.

Although 'frontend' vulnerabilities are considered out of scope,
person/tester foundhimself a beefy bugbounty from the same page that has
been listed below, including similar functionality that has not been tested
yet.

Two emails and several reports, the 'hacker-1' staff reject the bid for
findings.

Online Store...

March 12^th 2023 at 03:13

Full Disclosure
[CVE-2023-25355/25356] No fix available - vulnerabilities in CoreDial sipXcom sipXopenfire
March 7^th 2023 at 02:47

[CVE-2023-25355/25356] No fix available - vulnerabilities in CoreDial sipXcom sipXopenfire

Posted by Systems Research Group via Fulldisclosure on Mar 06

March 7^th 2023 at 02:47

Full Disclosure
SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway
March 7^th 2023 at 02:46

SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 06

SEC Consult Vulnerability Lab Security Advisory < 20230306-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Arris DG3450 Cable Gateway
vulnerable version: AR01.02.056.18_041520_711.NCS.10
fixed version: -
CVE number: CVE-2023-27571, CVE-2023-27572
impact: medium
homepage: https://www.commscope.com...

March 7^th 2023 at 02:46

Full Disclosure
OpenBSD overflow
March 7^th 2023 at 02:45

OpenBSD overflow

Posted by Erg Noor on Mar 06

Hi,

Fun OpenBSD bug.

ip_dooptions() will allow IPOPT_SSRR with optlen = 2.

save_rte() will set isr_nhops to very large value, which will cause
overflow in next ip_srcroute() call.

More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/

-erg

March 7^th 2023 at 02:45

Full Disclosure
SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN
March 3^rd 2023 at 06:18

SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02

SEC Consult Vulnerability Lab Security Advisory < 20230228-0 >
=======================================================================
title: OS Command Injection
product: Barracuda CloudGen WAN
vulnerable version: < v8.* hotfix 1089
fixed version: v8.* with hotfix webui-sdwan-1089-8.3.1-174141891 or above
version 9.0.0 or above
CVE number: CVE-2023-26213...

March 3^rd 2023 at 06:18

Full Disclosure
SRP on Windows 11
March 3^rd 2023 at 06:18

SRP on Windows 11

Posted by Andy Ful on Mar 02

The correction to:
Full Disclosure: Defense in depth -- the Microsoft way (part 82):
INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2
(seclists.org) <https://seclists.org/fulldisclosure/2023/Feb/13>

The Kanthak correction to restore SRP functionality on Windows 11 ver.
22H2, works only when Smart App Control is OFF. If it is in Evaluate or ON
mode, then the invalid registry values are automatically restored after
restarting...

March 3^rd 2023 at 06:18

Full Disclosure
NetBSD overflow
March 3^rd 2023 at 06:17

NetBSD overflow

Posted by Erg Noor on Mar 02

Hi,

Trivial overflow in hfslib_reada_node_offset, while loop has no range
checks.

|size_t hfslib_reada_node_offsets(void* in_bytes, uint16_t*
out_offset_array) { void* ptr; if (in_bytes == NULL || out_offset_array
== NULL) return 0; ptr = in_bytes; out_offset_array--; do {
out_offset_array++; *out_offset_array = be16tohp(&ptr); } while
(*out_offset_array != (uint16_t)14); return ((uint8_t*)ptr -
(uint8_t*)in_bytes); }|

Repro is here...

March 3^rd 2023 at 06:17

Full Disclosure
[NetworkSEC NWSSA] CVE-2023-26602: ASUS ASMB8 iKVM RCE and SSH Root Access
February 28^th 2023 at 07:41

[NetworkSEC NWSSA] CVE-2023-26602: ASUS ASMB8 iKVM RCE and SSH Root Access

Posted by Peter Ohm on Feb 27

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access
# Date: 2023-02-16
# Exploit Author: d1g () segfault net for NetworkSEC [NWSSA-002-2023]
# Vendor Homepage: https://servers.asus.com/search?q=ASMB8
# Version/Model: ASMB8 iKVM Firmware <= 1.14.51 (probably others)
# Tested on: Linux AMI2CFDA1C7570E 2.6.28.10-ami...

February 28^th 2023 at 07:41

Full Disclosure
[NetworkSEC NWSSA] CVE-2023-26609: ABUS Security Camera LFI, RCE and SSH Root
February 28^th 2023 at 07:41

[NetworkSEC NWSSA] CVE-2023-26609: ABUS Security Camera LFI, RCE and SSH Root

Posted by Peter Ohm on Feb 27

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Exploit Title: ABUS Security Camera LFI, RCE and SSH Root Access
# Date: 2023-02-16
# Exploit Author: d1g () segfault net for NetworkSEC [NWSSA-001-2023]
# Vendor Homepage: https://www.abus.com
# Version/Model: TVIP 20000-21150 (probably many others)
# Tested on: GM ARM Linux 2.6, Server: Boa/0.94.14rc21
# CVE:...

February 28^th 2023 at 07:41

Full Disclosure
Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666
February 28^th 2023 at 03:13

Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666

Posted by hyp3rlinx on Feb 27

[-] Microsoft Windows Contact file / Remote Code Execution (Resurrected
2022) / CVE-2022-44666

[+] John Page (aka hyp3rlinx)
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

Back in 2018 I discovered three related Windows remote code execution
vulnerabilities affecting both VCF and Contact files. They were purchased
by Trend Micro Zero Day Initiative (@thezdi) from me and received candidate
identifiers ZDI-CAN-6920 and ZDI-CAN-7591. Microsoft...

February 28^th 2023 at 03:13

Full Disclosure
Defense in depth -- the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2
February 23^rd 2023 at 06:16

Defense in depth -- the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2

Posted by Stefan Kanthak on Feb 22

Hi @ll,

in Windows 11 22H2. some imbeciles from Redmond added the following
(of course WRONG and INVALID) registry entries and keys which they
dare to ship to their billion world-wide users:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000002
"LastWriteTime"=hex(b):01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp\DLL]

JFTR: the time stamp is 100ns past...

February 23^rd 2023 at 06:16

Full Disclosure
Multiple vulnerabilities in Audiocodes Device Manager Express
February 23^rd 2023 at 06:15

Multiple vulnerabilities in Audiocodes Device Manager Express

Posted by Eric Flokstra on Feb 22

# Product Name: Device Manager Express
# Vendor Homepage: https://www.audiocodes.com
# Software Link:
https://www.audiocodes.com/solutions-products/products/management-products-solutions/device-manager
# Version: <= 7.8.20002.47752
# Tested on: Windows 10 / Server 2019
# Default credentials: admin/admin
# CVE-2022-24627, CVE-2022-24628, CVE-2022-24629, CVE-2022-24630,
CVE-2022-24631, CVE-2022-24632
# Exploit:...

February 23^rd 2023 at 06:15

Full Disclosure
Sumo Logic keep api credentials on endpoints
February 23^rd 2023 at 06:15

Sumo Logic keep api credentials on endpoints

Posted by dammitjosie--- via Fulldisclosure on Feb 22

security bug:

go sumologic.com (big company, many customer)

make free account

log in account, make access key - help.sumologic.com/docs/manage/security/access-keys/
<http://help.sumologic.com/docs/manage/security/access-keys/>

download collector for windows -
help.sumologic.com/docs/send-data/installed-collectors/collector-installation-reference/download-collector-from-static-url/

<...

February 23^rd 2023 at 06:15

Remote Code Execution in Kardex MLOG

Posted by Patrick Hener on Feb 16

Remote Code Execution in Kardex MLOG
=======================================================================
Product: Kardex Mlog MCC
Vendor: Kardex Holding AG
Tested Version: 5.7.12+0-a203c2a213-master
Fixed Version: inline patch - no new version number
Vulnerability Type: Improper Control of Generation of Code ("RFI") - CWE-94
CVSSv2 Severity:...

February 17^th 2023 at 03:35

Full Disclosure
CyberDanube Security Research 20230213-0 | Multiple Vulnerabilities in JetWave Series
February 14^th 2023 at 21:43

CyberDanube Security Research 20230213-0 | Multiple Vulnerabilities in JetWave Series

Posted by Thomas Weber on Feb 14

CyberDanube Security Research 20230213-0
-------------------------------------------------------------------------------
                title| Multiple Vulnerabilities
              product| JetWave4221 HP-E, JetWave 2212G, JetWave
2212X/2212S,
                     | JetWave 2211C, JetWave 2411/2111, JetWave
2411L/2111L,
                     | JetWave 2414/2114, JetWave...

February 14^th 2023 at 21:43

Full Disclosure
SEC Consult SA-20230214-0 :: Multiple XSS Vulnerabilities in B&R Systems Diagnostics Manager
February 14^th 2023 at 21:42

SEC Consult SA-20230214-0 :: Multiple XSS Vulnerabilities in B&R Systems Diagnostics Manager

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 14

SEC Consult Vulnerability Lab Security Advisory < 20230214-0 >
=======================================================================
title: Multiple XSS Vulnerabilities
product: B&R Systems Diagnostics Manager
vulnerable version: >=3.00 and <=C4.93
fixed version: >=D4.93
CVE number: CVE-2022-4286
impact: medium
homepage: https://www.br-automation.com...

February 14^th 2023 at 21:42

Full Disclosure
Defense in depth -- the Microsoft way (part 81): enabling UTF-8 support breaks existing code
February 14^th 2023 at 21:42

Defense in depth -- the Microsoft way (part 81): enabling UTF-8 support breaks existing code

Posted by Stefan Kanthak on Feb 14

Hi @ll,

almost 4 years ago, with Windows 10 1903, after more than a year
beta-testing in insider previews, Microsoft finally released UTF-8
support for the -A interfaces of the Windows API.

0) <https://docs.microsoft.com/en-us/windows/uwp/design/globalizing/use-utf8-code-page#activeCodePage>

| If the ANSI code page is configured for UTF-8, -A APIs typically
| operate in UTF-8. This model has the benefit of supporting
| existing...

February 14^th 2023 at 21:42

Full Disclosure
APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1
February 14^th 2023 at 21:42

APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1

Posted by Apple Product Security via Fulldisclosure on Feb 14

APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1

iOS 16.3.1 and iPadOS 16.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213635.

Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel...

February 14^th 2023 at 21:42

Full Disclosure
APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1
February 14^th 2023 at 21:42

APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1

Posted by Apple Product Security via Fulldisclosure on Feb 14

APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1

macOS Ventura 13.2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213633.

Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of...

February 14^th 2023 at 21:42

APPLE-SA-2023-02-13-3 Safari 16.3.1

Posted by Apple Product Security via Fulldisclosure on Feb 14

APPLE-SA-2023-02-13-3 Safari 16.3.1

Safari 16.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213638.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A type confusion issue was addressed...

February 14^th 2023 at 21:42

Full Disclosure
OXAS-ADV-2022-0002: OX App Suite Security Advisory
February 14^th 2023 at 21:41

OXAS-ADV-2022-0002: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Feb 14

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

A CSAF representation of this advisory has been published at
https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference:...

February 14^th 2023 at 21:41

Full Disclosure
[CVE-2023-0291] Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
February 14^th 2023 at 21:40

[CVE-2023-0291] Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion

Posted by Julien Ahrens (RCE Security) on Feb 14

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Quiz And Survey Master
Vendor URL: https://wordpress.org/plugins/quiz-master-next/
Type: Missing Authentication for Critical Function [CWE-306]
Date found: 2023-01-13
Date published: 2023-02-08
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2023-0291

2. CREDITS
==========...

February 14^th 2023 at 21:40

Full Disclosure
[CVE-2023-0292] Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion
February 14^th 2023 at 21:40

[CVE-2023-0292] Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

Posted by Julien Ahrens (RCE Security) on Feb 14

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Quiz And Survey Master
Vendor URL: https://wordpress.org/plugins/quiz-master-next/
Type: Cross-Site Request Forgery (CSRF) [CWE-352]
Date found: 2023-01-13
Date published: 2023-02-08
CVSSv3 Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2023-0292

2. CREDITS
==========
This...

February 14^th 2023 at 21:40

Full Disclosure
[CVE-Request] Multiple vulnerabilities in BMC Control-M before 9.0.20.214
February 14^th 2023 at 21:39

[CVE-Request] Multiple vulnerabilities in BMC Control-M before 9.0.20.214

Posted by Benjamin Mar-Conrad on Feb 14

February 14^th 2023 at 21:39

Full Disclosure
Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL
January 31^st 2023 at 07:03

Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL

Posted by Stefan Pietsch on Jan 30

# Trovent Security Advisory 2203-01 #
#####################################

Micro Focus GroupWise transmits session ID in URL
#################################################

Overview
########

Advisory ID: TRSA-2203-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2203-01
Affected product: Micro Focus GroupWise
Affected version: prior to 18.4.2
Vendor: Micro Focus, https://www.microfocus.com...

January 31^st 2023 at 07:03

Full Disclosure
[SYSS-2022-047] Razer Synapse - Local Privilege Escalation
January 27^th 2023 at 03:53

[SYSS-2022-047] Razer Synapse - Local Privilege Escalation

Posted by Oliver Schwarz via Fulldisclosure on Jan 26

Advisory ID: SYSS-2022-047
Product: Razer Synapse
Manufacturer: Razer Inc.
Affected Version(s): Versions before 3.7.0830.081906
Tested Version(s): 3.7.0731.072516
Vulnerability Type: Improper Certificate Validation (CWE-295)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-08-02
Solution Date: 2022-09-06
Public Disclosure:...

January 27^th 2023 at 03:53

Full Disclosure
APPLE-SA-2023-01-24-1 tvOS 16.3
January 27^th 2023 at 03:53

APPLE-SA-2023-01-24-1 tvOS 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-2023-01-24-1 tvOS 16.3

tvOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213601.

AppleMobileFileIntegrity
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing...

January 27^th 2023 at 03:53

Full Disclosure
[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin
January 26^th 2023 at 15:25

[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin

Posted by RedTeam Pentesting GmbH on Jan 26

RedTeam Pentesting identified a vulnerability which allows attackers to
craft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.

Details
=======

Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other...

January 26^th 2023 at 15:25

Full Disclosure
t2'23: Call For Papers 2023 (Helsinki, Finland)
January 24^th 2023 at 06:14

t2'23: Call For Papers 2023 (Helsinki, Finland)

Posted by Tomi Tuominen via Fulldisclosure on Jan 23

Call For Papers 2023

Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation
Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for
rain or slush. In case of great spring weather, though, no money back.

CFP and registration both open. Read further if still unsure.

Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so...

January 24^th 2023 at 06:14

Full Disclosure
Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
January 24^th 2023 at 06:13

Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm

Posted by Marco Ivaldi on Jan 23

Hello again,

Just a quick update. Mitre has assigned the following additional CVE IDs:

* CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors
* CVE-2023-24040 - Printer name injection and heap memory disclosure

We have updated the advisory accordingly:
https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt

Regards,
Marco

January 24^th 2023 at 06:13

APPLE-SA-2023-01-23-7 watchOS 9.3