[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability

Posted by Egidio Romano on Apr 10

--------------------------------------------------------------------
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
--------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

All versions from 4.4.0 to 4.7.15.

[-] Vulnerability Description:

The vulnerability is located in the
/applications/nexus/modules/front/store/store.php script....

[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability

Posted by Egidio Romano on Apr 10

------------------------------------------------------------------------------
Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

Version 4.7.16 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the...

Red Hat Security Advisory 2024-1781-03

Red Hat Security Advisory 2024-1781-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-1752-03

Red Hat Security Advisory 2024-1752-03 - An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1780-03

Red Hat Security Advisory 2024-1780-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-1751-03

Red Hat Security Advisory 2024-1751-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.

Ubuntu Security Notice USN-6728-2

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6728-1

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue

OX App Suite version 7.10.6 suffers from cross site scripting and deserialization vulnerabilities.

Ubuntu Security Notice USN-6727-1

Ubuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.

[webapps] GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

[webapps] WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

[webapps] WBCE 1.6.0 - Unauthenticated SQL injection

WBCE 1.6.0 - Unauthenticated SQL injection

[remote] MinIO < 2024-01-31T20-20-33Z - Privilege Escalation

MinIO

[webapps] HTMLy Version v2.9.6 - Stored XSS

HTMLy Version v2.9.6 - Stored XSS

[webapps] Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

[webapps] Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

[webapps] PopojiCMS Version 2.0.1 - Remote Command Execution

PopojiCMS Version 2.0.1 - Remote Command Execution

[webapps] Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

[local] PrusaSlicer 2.6.1 - Arbitrary code execution

PrusaSlicer 2.6.1 - Arbitrary code execution

[local] Terratec dmx_6fire USB - Unquoted Service Path

Terratec dmx_6fire USB - Unquoted Service Path

[webapps] Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

Red Hat Security Advisory 2024-1787-03

Red Hat Security Advisory 2024-1787-03 - An update for squid is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Red Hat Security Advisory 2024-1786-03

Red Hat Security Advisory 2024-1786-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1785-03

Red Hat Security Advisory 2024-1785-03 - An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7.

Red Hat Security Advisory 2024-1784-03

Red Hat Security Advisory 2024-1784-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-1795-03

Red Hat Security Advisory 2024-1795-03 - VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images.

Red Hat Security Advisory 2024-1789-03

Red Hat Security Advisory 2024-1789-03 - An update for bind is now available for Red Hat Enterprise Linux 9.

Ubuntu Security Notice USN-6727-2

Ubuntu Security Notice 6727-2 - USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

Ubuntu Security Notice USN-6729-1

Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

Debian Security Advisory 5656-1

Debian Linux Security Advisory 5656-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6730-1

Ubuntu Security Notice 6730-1 - It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code.

[webapps] BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE

BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE

[webapps] Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

[webapps] Stock Management System v1.0 - Unauthenticated SQL Injection

Stock Management System v1.0 - Unauthenticated SQL Injection

[webapps] Savsoft Quiz v6.0 Enterprise - Stored XSS

Savsoft Quiz v6.0 Enterprise - Stored XSS

SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14

SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: -
impact: medium
homepage: https://aws.amazon.com/glue/
found:...

CVE-2024-31705

Posted by V3locidad on Apr 14

CVE ID: CVE-2024-31705

Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface

Affected Product : GLPI - 10.X.X and last version

Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.

Affected Component : A remote code execution (RCE) vulnerability has been identified in the 'Shell...

[webapps] Jenkins 2.441 - Local File Inclusion

Jenkins 2.441 - Local File Inclusion

[webapps] OpenClinic GA 5.247.01 - Information Disclosure

OpenClinic GA 5.247.01 - Information Disclosure

[webapps] OpenClinic GA 5.247.01 - Path Traversal (Authenticated)

OpenClinic GA 5.247.01 - Path Traversal (Authenticated)

[webapps] djangorestframework-simplejwt 5.3.1 - Information Disclosure

djangorestframework-simplejwt 5.3.1 - Information Disclosure

Red Hat Security Advisory 2024-1801-03

Red Hat Security Advisory 2024-1801-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1800-03

Red Hat Security Advisory 2024-1800-03 - Updates for bind and bind-dyndb-ldap are now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1782-03

Red Hat Security Advisory 2024-1782-03 - An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-1802-03

Red Hat Security Advisory 2024-1802-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-1803-03

Red Hat Security Advisory 2024-1803-03 - Updates for bind and bind-dyndb-ldap are now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-1804-03

Red Hat Security Advisory 2024-1804-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-1812-03

Red Hat Security Advisory 2024-1812-03 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Issues addressed include denial of service and memory leak vulnerabilities.

Debian Security Advisory 5657-1

Debian Linux Security Advisory 5657-1 - Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service.

Debian Security Advisory 5658-1txt

Debian Linux Security Advisory 5658-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6731-1

Ubuntu Security Notice 6731-1 - It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. This issue only affected Ubuntu 16.04 LTS. It was discovered that yard before 0.9.20 is affected by a path traversal vulnerability, allowing HTTP requests to access arbitrary files under certain conditions. This issue only affected Ubuntu 18.04 LTS.

Debian Security Advisory 5659-1

Debian Linux Security Advisory 5659-1 - Bartek Nowotarski discovered that Apache Traffic Server, a reverse and forward proxy server, was susceptible to denial of service via HTTP2 continuation frames.

Ubuntu Security Notice USN-6732-1

Ubuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2024-1831-03

Red Hat Security Advisory 2024-1831-03 - An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6735-1

Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.

Ubuntu Security Notice USN-6733-1

Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

Ubuntu Security Notice USN-6734-1

Ubuntu Security Notice 6734-1 - Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled detaching certain host interfaces. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6736-1

Ubuntu Security Notice 6736-1 - It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code.

Debian Security Advisory 5660-1

Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.