[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability

Posted by Egidio Romano on Apr 10

--------------------------------------------------------------------
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
--------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

All versions from 4.4.0 to 4.7.15.

[-] Vulnerability Description:

The vulnerability is located in the
/applications/nexus/modules/front/store/store.php script....

Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)

Posted by malvuln on Apr 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Razy.abc
Vulnerability: Insecure Permissions (In memory IPC)
Family: Razy
Type: PE32
MD5: 0eb4a9089d3f7cf431d6547db3b9484d
SHA256: 3d82fee314e7febb8307ccf8a7396b6dd53c7d979a74aa56f3c4a6d0702fd098
Vuln ID: MVID-2024-0678...

Multiple Issues in concretecmsv9.2.7

Posted by Andrey Stoykov on Apr 10

# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7
# Date: 4/2024
# Exploit Author: Andrey Stoykov
# Version: 9.2.7
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Verbose Error Message - Stack Trace:

1. Directly browse to edit profile page
2. Error should come up with verbose stack trace

Verbose Error Message - SQL Error:

1. Page Settings > Design > Save Changes
2. Intercept HTTP POST request and place single...

OXAS-ADV-2024-0001: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Apr 10

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0001.html.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH...

CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0

Posted by Clément Cruchet on Apr 10

CVE ID: CVE-2023-27195

Description:
An access control issue in Trimble TM4Web v22.2.0 allows
unauthenticated attackers to access a specific crafted URL path to
retrieve the last registration access code and use this access code to
register a valid account. If the access code was used to create an
Administrator account, attackers are also able to register new
Administrator accounts with full rights and privileges.

Vulnerability Type: Broken...

Ubuntu Security Notice USN-6721-2

Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6719-2

Ubuntu Security Notice 6719-2 - USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.

Fuxnet: Disabling Russia's Industrial Sensor And Monitoring Infrastructure

This report seems to detail an operation to disable Russia's industrial sensor and monitoring infrastructure at www.moscollector.ru.

Red Hat Security Advisory 2024-1747-03

Red Hat Security Advisory 2024-1747-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1750-03

Red Hat Security Advisory 2024-1750-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-1746-03

Red Hat Security Advisory 2024-1746-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1719-03

Red Hat Security Advisory 2024-1719-03 - An update for rear is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-1722-03

Red Hat Security Advisory 2024-1722-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

Kernel Live Patch Security Notice LSN-0102-1

It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

Ubuntu Security Notice USN-6701-4

Ubuntu Security Notice 6701-4 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6726-1

Ubuntu Security Notice 6726-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6724-1

Ubuntu Security Notice 6724-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-6722-1

Ubuntu Security Notice 6722-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.

Ubuntu Security Notice USN-6725-1

Ubuntu Security Notice 6725-1 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2024-1706-03

Red Hat Security Advisory 2024-1706-03 - An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include denial of service and memory leak vulnerabilities.

Red Hat Security Advisory 2024-1700-03

Red Hat Security Advisory 2024-1700-03 - An update is now available for Red Hat OpenShift GitOps v1.10.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and denial of service vulnerabilities.

Ubuntu Security Notice USN-6723-1

Ubuntu Security Notice 6723-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

Red Hat Security Advisory 2024-1697-03

Red Hat Security Advisory 2024-1697-03 - An update is now available for Red Hat OpenShift GitOps v1.11.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and denial of service vulnerabilities.

[webapps] Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload

Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload

[webapps] Daily Expense Manager 1.0 - 'term' SQLi

Daily Expense Manager 1.0 - 'term' SQLi

[webapps] Human Resource Management System v1.0 - Multiple SQLi

Human Resource Management System v1.0 - Multiple SQLi

[webapps] Best Student Result Management System v1.0 - Multiple SQLi

Best Student Result Management System v1.0 - Multiple SQLi

[remote] Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

[webapps] Open Source Medicine Ordering System v1.0 - SQLi

Open Source Medicine Ordering System v1.0 - SQLi

[local] AnyDesk 7.0.15 - Unquoted Service Path

AnyDesk 7.0.15 - Unquoted Service Path

Red Hat Security Advisory 2024-1692-03

Red Hat Security Advisory 2024-1692-03 - An update for less is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-1691-03

Red Hat Security Advisory 2024-1691-03 - An update for varnish is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1687-03

Red Hat Security Advisory 2024-1687-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, denial of service, privilege escalation, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1688-03

Red Hat Security Advisory 2024-1688-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, denial of service, privilege escalation, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1689-03

Red Hat Security Advisory 2024-1689-03 - An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1690-03

Red Hat Security Advisory 2024-1690-03 - An update for varnish is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1679-03

Red Hat Security Advisory 2024-1679-03 - Red Hat OpenShift Container Platform release 4.12.55 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1681-03

Red Hat Security Advisory 2024-1681-03 - Red Hat OpenShift Container Platform release 4.14.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1683-03

Red Hat Security Advisory 2024-1683-03 - Red Hat OpenShift Container Platform release 4.13.39 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1668-03

Red Hat Security Advisory 2024-1668-03 - Red Hat OpenShift Container Platform release 4.15.8 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-6721-1

Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Debian Security Advisory 5655-1

Debian Linux Security Advisory 5655-1 - It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename.

Red Hat Security Advisory 2024-1677-03

Red Hat Security Advisory 2024-1677-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include memory exhaustion and spoofing vulnerabilities.

Red Hat Security Advisory 2024-1678-03

Red Hat Security Advisory 2024-1678-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1686-03

Red Hat Security Advisory 2024-1686-03 - A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include an information leakage vulnerability.

CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30922

Description:
A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in
Award Document Rendering through the component `print/render/award.inc`. This vulnerability allows remote attackers to
execute arbitrary code and disclose sensitive information without requiring authentication.

Vulnerability Type: SQL Injection

Vendor of Product: DerbyNet -...

CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30923

Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the
`print/render/racer.inc` component. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting improper sanitization of the `where` clause in Racer Document Rendering.

Vulnerability Type: SQL Injection

Vendor of Product: DerbyNet - Available on...

CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30924

Description:
A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically within the
`checkin.php` component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling
of the `order` URL parameter. The flaw lies in the way the `order` parameter is embedded directly into a JavaScript
variable assignment without adequate sanitization or encoding,...

CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30925

Description:
A Cross-Site Scripting (XSS) vulnerability exists in DerbyNet version 9.0, specifically within the `photo-thumbs.php`
component. This issue enables a remote attacker to execute arbitrary code through the improper handling of the
`racerid` and `back` parameters. The vulnerability arises because the application dynamically generates URLs for
navigation without adequately sanitizing these parameters, thus...

CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30926

Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, affecting the
`./inc/kiosks.inc` component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the
`address_for_current_kiosk()` function. The issue stems from the improper sanitization of user-supplied input via the
URL parameters `id` and `address`, which are directly utilized without...

CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30927

Description:
A Cross-Site Scripting (XSS) vulnerability is present in DerbyNet version 9.0, specifically within the
`racer-results.php` component. This issue allows remote attackers to execute arbitrary code through the improper
handling of the `racerid` parameter. The vulnerability is notably present within the HTML `<title>` tag, where the
`racerid` parameter value is dynamically inserted directly into the page...

CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30928

Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the
`ajax/query.slide.next.inc` file. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting the unvalidated `classids` parameter used in constructing SQL queries. This
parameter is not properly sanitized before being included in the SQL statement,...

CVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30929

Description:
A Cross-Site Scripting (XSS) vulnerability has been found in DerbyNet version 9.0, affecting the `playlist.php`
component. This issue allows remote attackers to execute arbitrary code by exploiting the `back` parameter. The
application does not properly sanitize the `back` parameter before it is rendered on the page, thereby allowing the
injection and execution of arbitrary JavaScript code.

Vulnerability...

[CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024

Posted by Andrew Zayine on Apr 05

Dear Colleagues,

IEEE CSR Workshop on Cyber Forensics and Advanced Threat Investigations in
Emerging Technologies organizing committee is inviting you to submit your
research papers. The workshop will be held in Hybrid mode. The in-person
mode will held at Hilton London Tower Bridge, London from 2 to 4 September
2024

Topics include (but not limited to):
-Forensics and threat investigations in P2P, cloud/edge, SDN/NFV, VPN, and
social networks...

Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE

Posted by malvuln on Apr 05

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0e6e40aad3e8d46e3c0c26ccc6ab94b3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.ju (PSYRAT)
Vulnerability: Authentication Bypass RCE
Family: PSYRAT
Type: PE32
MD5: 0e6e40aad3e8d46e3c0c26ccc6ab94b3
Vuln ID: MVID-2024-0677
Disclosure: 04/01/2024

Description: The PsyRAT 0.01 malware listens on...

CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30921

Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically affecting the
photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without
requiring authentication.

Vulnerability Type: Cross-Site Scripting (XSS)

Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected...

SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning

Posted by Lennert Preuth via Fulldisclosure on Apr 05

Title
=====

SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in
Visual Planning

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2023-49234

Link
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-006/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-006.txt

Affected products/vendor
========================

All versions prior to Visual Planning 8...

SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning

Posted by Lennert Preuth via Fulldisclosure on Apr 05

Title
=====

SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset
Functionality in Visual Planning

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2023-49232

Link
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-004/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-004.txt

Affected products/vendor
========================

All versions prior to Visual...

CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30920

Description:
A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet v9.0, specifically within the
`render-document.php` component. This vulnerability allows a remote attacker to execute arbitrary code via crafted
URLs. The root cause of the vulnerability is the application's failure to properly sanitize user input in document
rendering paths, which permits the injection of malicious scripts....

SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API

Posted by Lennert Preuth via Fulldisclosure on Apr 05

Title
=====

SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2023-49231

Link
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-003/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-003.txt

Affected products/vendor
========================

All versions prior to Visual Planning 8 (Build 240207) by...