Re: Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Jeffrey Walton on Aug 19

https://bugzilla.redhat.com/show_bug.cgi?id=1873876

Jeff

Re: Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Michael Lazin on Aug 19

I would test it using sha256 instead of md5 before you jump to conclusions
but dnf doesn't use https by default and you need to jump through hoops to
get it working. I would say if you are a fedora user open a feature
request for https for dnf with the fedora team if you can repeat this with
sha256.

Peace,

Michael

Re: Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Adrean Boyadzhiev on Aug 19

Probably a completely different root cause, but I have noticed similar
behavior with a Debian-based distribution during `# apt upgrade` and
when there are many packages for update and the internet connection is
not so good. I haven't investigated, but my assumptions were either Race
Conditions within verification logic or some logic related to the timestamp.

To my knowledge `md5` should be ok for calculating hash sums, many
prefer it...

Re: Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Matthew Fernandez on Aug 19

If the VM had no access to the internet even a retry would fail, no?

If an attempted update based on a delta-rpm fails, dnf falls back to
downloading a full rpm and using this instead.

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit
Advisory ID: KL-001-2023-003
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-003.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product:...

KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump
Advisory ID: KL-001-2023-002
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-002.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product: ThousandEyes...

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig
Advisory ID: KL-001-2023-001
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-001.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product: ThousandEyes...

Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Georgi Guninski on Aug 15

In short, I found anomaly in Fedora 37 and would like to
know if it is vulnerability.

As root type in terminal:
dnf update

If there is kernel update, watch stdout and stderr for:

##On Mon Aug 14 05:33:29 AM UTC 2023
(2/6): kernel-6.4.10-100.fc37.x86_64.rpm 1.2 MB/s | 140 kB 00:00
/var/cache/dnf/updates-fd4d3d0d1c34d49a/packages/kernel-modules-extra-6.4.9-100.fc37_6.4.10-100.fc37.x86_64.drpm:
md5 mismatch of result

##$ md5sum...

Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955

Posted by Moritz Abrell via Fulldisclosure on Aug 15

Advisory ID: SYSS-2022-055
Product: AudioCodes VoIP Phones
Manufacturer: AudioCodes Ltd.
Affected Version(s): Firmware Versions >= 3.4.4.1000
Tested Version(s): Firmware Version 3.4.4.1000
Vulnerability Type: Missing Immutable Root of Trust in Hardware (CWE-1326)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-11-14
Solution...

Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957

Posted by Moritz Abrell via Fulldisclosure on Aug 15

Advisory ID: SYSS-2022-052
Product: AudioCodes VoIP Phones
Manufacturer: AudioCodes Ltd.
Affected Version(s): Firmware Versions >= 3.4.8.M4
Tested Version(s): Firmware Version 3.4.4.1000
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-11-11
Solution Date:...

Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956

Posted by Moritz Abrell via Fulldisclosure on Aug 15

Advisory ID: SYSS-2022-054
Product: AudioCodes VoIP Phones
Manufacturer: AudioCodes Ltd.
Affected Version(s): Firmware Versions >= 3.4.8.M4
Tested Version(s): Firmware Version 3.4.4.1000
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-11-11
Solution Date:...

Qualys mis-uses ssh, fails to scan and protect, facilitates internal attack

Posted by Paul Szabo via Fulldisclosure on Aug 11

=== Introduction ===================================================

My institution uses Qualys

www.qualys.com

to scan for vulnerabilities, including on some Debian Linux machines
that I manage. The scanner does some network scans, and also logs in
to each machine to do "authenticated scans".

=== Discovery ======================================================

When I recently updated my machines from Debian11 to Debian12, the...

St. Poelten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client / TC Router / Cloud Client

Posted by Weber Thomas via Fulldisclosure on Aug 11

St. Pölten UAS
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| Phoenix Contact TC Cloud Client 1002-4G*,
| TC Router 3002T-4G, Cloud Client 1101T-TX/TX
vulnerable version| <2.07.2, <2.07.2, <2.06.10
fixed version| 2.07.2, 2.07.2, 2.06.10
CVE number| CVE-2023-3526, CVE-2023-3569
impact|...

St. Poelten UAS | Multiple XSS in Advantech EKI 15XX Series

Posted by Weber Thomas via Fulldisclosure on Aug 11

St. Pölten UAS
-------------------------------------------------------------------------------
title| Multiple XSS in Advantech
product| Advantech EKI-1524-CE series, EKI-1522 series,
| EKI-1521 series
vulnerable version| <=1.21 (CVE-2023-4202), <=1.24 (CVE-2023-4203)
fixed version| 1.26
CVE number| CVE-2023-4202, CVE-2023-4203
impact| Medium...

GNOME Files silently extracts setuid files from ZIP archives

Posted by Georgi Guninski on Aug 07

Affected: GNOME Files 43.4 (nautilus) on fedora 37

Description:

If an user A opens in GNOME files zip archive containing
`setuid` file F, then F will be silently extracted to
a subdirectory of CWD.

If F is accessible by hostile local user B and B executes F,
then F will be executed as from user A.

tar(1) and unzip(1) are not vulnerable to this attack.

Session for creating the ZIP.
After that just open f.zip in GNOME files.
<pre>...

Kolibri GET request buffer Overflow [Stack Egghunter]

Posted by Mahmoud Noureldin on Aug 03

#!/usr/bin/python3
# Exploit Title: Kolibri GET request buffer Overflow [Stack Egghunter]
# Date: 2 Augst 2023
# Exploit Author: Mahmoud NourEldin @Engacker
# Vendor App:
https://www.exploit-db.com/apps/4d4e15b98e105facf94e4fd6a1f9eb78-Kolibri-2.0-win.zip
# Version: Kolibri 2.0
# Tested on: Windows 10
# Description:
# For the first time making the egghunter jumping to the begging of the
stack

import socket, time, sys, os

if len(sys.argv) != 3:...

[SYSS-2023-011]: Canon PIXMA TR4550 and other inkjet printer models - Insufficient or Incomplete Data Removal, within Hardware Component (CWE-1301)

Posted by Matthias Deeg via Fulldisclosure on Aug 03

Advisory ID: SYSS-2023-011
Product: PIXMA TR4550
Manufacturer: Canon
Affected Version(s): 1.020 / 1.080
also affects many other Canon inkjet printer
models[4]
Tested Version(s): 1.020 / 1.080
Vulnerability Type: Insufficient or Incomplete Data Removal
within Hardware Component (CWE-1301)...

OXAS-ADV-2023-0003: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Aug 02

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference: OXUIB-2282
Type:...

RansomLord v1 / Anti-Ransomware Exploit Tool

Posted by malvuln on Aug 02

RansomLord is a proof-of-concept tool that automates the creation of PE
files, used to compromise Ransomware pre-encryption.

Lang: C

SHA256: b0dfa2377d7100949de276660118bbf21fa4e56a4a196db15f5fb344a5da33ee

Video PoC:
https://www.youtube.com/watch?v=_Ho0bpeJWqI

Download: https://github.com/malvuln/RansomLord

RansomLord generated PE files are saved to disk in the x32 or x64
directorys where the program is run from.

Goal is to exploit code...

Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)

Posted by Mahmoud Noureldin on Aug 02

This is an old app but in an easy way which not the same which in public.

Exploit Title: Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)

# Date: [30/07/2023]
# Exploit Author: [0xBOF90]
# Vendor Homepage: [link]
# Version: [app version] (3.1)
# Tested on: [Windows 10]

import socket
import sys

try:
server = b"192.168.56.102"
#\x00\x0a\x0d\x25
port = 80
size = 253
# msfvenom -p windows/shell_reverse_tcp...

Stored XSS - Perch

Posted by Andrey Stoykov on Aug 01

# Exploit Title:
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 3.2
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com

XSS #1:

File: roles.edit.post.php

Line #57:

[...]
<div class="field-wrap <?php echo $Form->error('roleTitle', false);?>">
<?php echo $Form->label('roleTitle', 'Title'); ?>
<div class="form-entry">...

Pentest Paper - Introduction to Web Pentest

Posted by Andrey Stoykov on Aug 01

Just putting this for the new starters.

It is in two languages, Bulgarian and English.

https://drive.google.com/file/d/1mzYeratoSV82Oxaj_dYvu4fg7vSBuhE1/view
https://drive.google.com/file/d/1b8obLloMnmQGI1gqAablzuTyKOFBRZjb/view

Has basic configuration for Burpsuite Proxy, including basic exploitation
of XSS, SQLi, CSRF and Open redirect.

Has brief theory explanation prior to showing how to exploit each flaw.

Kind Regards,
Andrey Stoykov

Unauthorized MFA Code Delivery in EmpowerID

Posted by Patel, Nirav on Aug 01

Severity: High

Description:

An identified security flaw is present in EmpowerID versions V7.205.0.0 and prior versions, causing the system to
mistakenly send Multi-Factor Authentication (MFA) codes to unintended email addresses. To exploit this vulnerability,
an attacker would need to have access to valid and breached login details, including a username and password.

This vulnerability's root cause lies in insufficient verification of...

CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated)

Posted by Rick Verdoes via Fulldisclosure on Aug 01

=========================
Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)
Product: Gaia Portal
Vendor: Checkpoint
Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198
Tested Version: R81.10 (take 335)
Advisory Publication: July 27, 2023
Latest Update: July 72, 2023
Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]
CVE...

Trovent Security Advisory 2303-01 / CVE-2023-36255 / Authenticated remote code execution in Eramba

Posted by Stefan Pietsch on Aug 01

# Trovent Security Advisory 2303-01 #
#####################################

Authenticated remote code execution in Eramba
#############################################

Overview
########

Advisory ID: TRSA-2303-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2303-01
Affected product: Eramba
Affected version: 3.19.1 (Enterprise and Community edition)
Vendor: Eramba Limited,...

ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability

Posted by info () vulnerability-lab com on Aug 01

Document Title:
===============
ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2327

Release Date:
=============
2023-07-26

Vulnerability Laboratory ID (VL-ID):
====================================
2327

Common Vulnerability Scoring System:
====================================
4.6

Vulnerability Class:
====================...

APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8

macOS Monterey 12.6.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213844.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Assets
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file system...

APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9

macOS Big Sur 11.7.9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213845.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Assets
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file system...

APPLE-SA-2023-07-24-7 tvOS 16.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-7 tvOS 16.6

tvOS 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213846.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to execute arbitrary code with kernel...

APPLE-SA-2023-07-24-8 watchOS 9.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-8 watchOS 9.6

watchOS 9.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213848.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel...

APPLE-SA-2023-07-24-4 macOS Ventura 13.5

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-4 macOS Ventura 13.5

macOS Ventura 13.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213843.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel...

Availability Booking Calendar PHP - Stored XSS and Unrestricted File Upload

Posted by Andrey Stoykov on Jul 25

# Exploit Title: Availability Booking Calendar PHP - Multiple Issues
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Tested on: Ubuntu 20.04
# Blog: http://msecureltd.blogspot.com

XSS #1:

Steps to Reproduce:

1. Browse to Bookings
2. Select All Bookings
3. Edit booking and select Promo Code
4. Enter payload TEST"><script>alert(`XSS`)</script>

// HTTP POST request

POST...

APPLE-SA-2023-07-24-1 Safari 16.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-1 Safari 16.6

Safari 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213847.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to bypass Same Origin Policy
Description: The...

APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8

iOS 15.7.8 and iPadOS 15.7.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213842.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad
Pro...

APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6

iOS 16.6 and iPadOS 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213841.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad
Pro (3rd...

APPLE-SA-2023-07-24-1 Safari 16.6

Posted by Deven Kishore via Fulldisclosure on Jul 24

APPLE-SA-2023-07-24-1 Safari 16.6

Safari 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213847.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to bypass Same Origin Policy
Description: The...

[SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334)

Posted by Matthias Deeg via Fulldisclosure on Jul 21

Advisory ID: SYSS-2023-006
Product: Omnis Studio
Manufacturer: Omnis Software Ltd.
Affected Version(s): 10.22.00
Tested Version(s): 10.22.00
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2023-03-30
Solution Date: -
Public Disclosure: 2023-07-20
CVE Reference:...

[SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)

Posted by Matthias Deeg via Fulldisclosure on Jul 21

Advisory ID: SYSS-2023-005
Product: Omnis Studio
Manufacturer: Omnis Software Ltd.
Affected Version(s): 10.22.00
Tested Version(s): 10.22.00
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2023-03-30
Solution Date: -
Public Disclosure: 2023-07-20
CVE Reference:...

Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2278

Release Date:
=============
2023-07-04

Vulnerability Laboratory ID (VL-ID):
====================================
2278

Common Vulnerability Scoring System:
====================================
5.4

Vulnerability Class:
====================
Script Code...

Boom CMS v8.0.7 - Cross Site Scripting Vulnerability

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Boom CMS v8.0.7 - Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2274

Release Date:
=============
2023-07-03

Vulnerability Laboratory ID (VL-ID):
====================================
2274

Common Vulnerability Scoring System:
====================================
5.3

Vulnerability Class:
====================
Cross Site Scripting -...

Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2276

Release Date:
=============
2023-07-05

Vulnerability Laboratory ID (VL-ID):
====================================
2276

Common Vulnerability Scoring System:
====================================
5

Vulnerability Class:
====================
Cross Site...

Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2317

Release Date:
=============
2023-07-04

Vulnerability Laboratory ID (VL-ID):
====================================
2317

Common Vulnerability Scoring System:
====================================
5.1

Vulnerability Class:
====================
Multiple...

PaulPrinting CMS - (Search Delivery) Cross Site Scripting Vulnerability

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
PaulPrinting CMS - (Search Delivery) Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2286

Release Date:
=============
2023-07-17

Vulnerability Laboratory ID (VL-ID):
====================================
2286

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================...

Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2321

Release Date:
=============
2023-07-03

Vulnerability Laboratory ID (VL-ID):
====================================
2321

Common Vulnerability Scoring System:
====================================
5.5

Vulnerability Class:
====================
Cross Site...

Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2323

Release Date:
=============
2023-07-17

Vulnerability Laboratory ID (VL-ID):
====================================
2323

Common Vulnerability Scoring System:
====================================
7.2

Vulnerability Class:
====================...

PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2285

Release Date:
=============
2023-07-19

Vulnerability Laboratory ID (VL-ID):
====================================
2285

Common Vulnerability Scoring System:
====================================
5.8

Vulnerability Class:
====================
Cross Site...

CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent

Posted by Qualys Security Advisory via Fulldisclosure on Jul 19

Qualys Security Advisory

CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent

========================================================================
Contents
========================================================================

Summary
Background
Experiments
Results
Discussion
Acknowledgments
Timeline

========================================================================
Summary...

Re: Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability

Posted by Jeffrey Walton on Jul 19

There's also https://en.wikipedia.org/wiki/Session_hijacking#Prevention

One thing Jim Manico of OWASP recommends is to (re)prompt the user for
their password on occasion, like when performing a high value
operation. That will effectively re-authenticate a user before a high
value operation. Attackers with a cookie but without the user's
password should fail the re-authentication challenge.

Jeff

[RT-SA-2023-001] Session Token Enumeration in RWS WorldServer

Posted by RedTeam Pentesting GmbH on Jul 19

Advisory: Session Token Enumeration in RWS WorldServer

Session tokens in RWS WorldServer have a low entropy and can be
enumerated, leading to unauthorised access to user sessions.

Details
=======

Product: WorldServer
Affected Versions: 11.7.3 and earlier versions
Fixed Version: 11.8.0
Vulnerability Type: Session Token Enumeration
Security Risk: high
Vendor URL: https://www.rws.com/localization/products/additional-solutions/
Vendor Status:...

WBCE - Stored XSS

Posted by Andrey Stoykov on Jul 16

# Exploit Title: WBCE - Stored XSS
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 1.6.1
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com

Steps to Exploit:

1. Login to application
2. Browse to following URI "http://host/wbce/admin/pages/intro.php&quot;
3. Paste XSS payload "TEST"><img src=x onerror=alert(1)>"
4. Then browse to settings "Settings->General Settings->Enable...

Re: Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability

Posted by Jens Timmerman on Jul 16

Hi,

I've been working with a lot of products I believe that are vulnerable
to a very similar exploit, and I was wondering how one should fix
this/protect against this attack?

I looked at
https://owasp.org/www-community/attacks/Session_hijacking_attack
<https://owasp.org/www-community/attacks/Session_hijacking_attack> but
the page linking to the related controls doesn't seem to exist.

Unquoted Path - XAMPP 8.2.4

Posted by Andrey Stoykov on Jul 11

# Exploit Title: XAMPP 8.2.4 - Unquoted Path
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 8.2.4
# Software Link:
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com/

Steps to Exploit:

1. Search for unquoted paths
2. Generate meterpreter shell
3. Copy shell to XAMPP directory replacing...

APPLE-SA-2023-07-10-1 Safari 16.5.2

Posted by Apple Product Security via Fulldisclosure on Jul 11

APPLE-SA-2023-07-10-1 Safari 16.5.2

Safari 16.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213826.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may lead to arbitrary code execution....

APPLE-SA-2023-07-10-2 Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1

Posted by Apple Product Security via Fulldisclosure on Jul 11

APPLE-SA-2023-07-10-2 Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1

Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213823.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

This document describes the content of...

APPLE-SA-2023-07-10-3 Rapid Security Responses for macOS Ventura 13.4.1

Posted by Apple Product Security via Fulldisclosure on Jul 11

APPLE-SA-2023-07-10-3 Rapid Security Responses for macOS Ventura 13.4.1

Rapid Security Responses for macOS Ventura 13.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213825.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

This document describes the content of Rapid Security...

Re: [tool] tc - anonymous and cyphered chat over Tor circuits in PGP

Posted by bo0od via Fulldisclosure on Jul 11

I didnt see worst than this app to use for anonymity like this one:

- PGP is old bad stuff:

https://www.kicksecure.com/wiki/OpenPGP#Issues_with_PGP

- RSA/DSA old as well and has tons of security issues like side channel
and timing attacks..etc (the researches about them everywhere)

use Post-Quantum cryptography or at least ECC.

- C code is again old and insecure (memory issues..etc), should be
replaced with Rust

so yeah nice idea but...

Asterisk Release 16.30.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 11

The Asterisk Development Team would like to announce security release
Asterisk 16.30.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/16.30.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm

Change Log for Release 16.30.1...

Asterisk Release 18.18.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 11

The Asterisk Development Team would like to announce security release
Asterisk 18.18.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.18.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm

Change Log for Release 18.18.1...

Re: Ransom.Haron / Code Execution

Posted by malvuln on Jul 11

*** Correction: should have been CRYPTSP.dll ***

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Haron
Vulnerability: Code Execution
Description: Haron looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,...

Asterisk Release 19.8.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 11

The Asterisk Development Team would like to announce security release
Asterisk 19.8.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/19.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm

Change Log for Release 19.8.1...