Exploit-DB Updates

[remote] Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Exploit-DB Updates

[local] Dell Security Management Server <1.9.0 - Local Privilege Escalation

Dell Security Management Server

Exploit-DB Updates

[remote] Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure

Siklu MultiHaul TG series

Exploit-DB Updates

[webapps] Workout Journal App 1.0 - Stored XSS

Workout Journal App 1.0 - Stored XSS

Exploit-DB Updates

[dos] RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

Exploit-DB Updates

[remote] WinRAR version 6.22 - Remote Code Execution via ZIP archive

WinRAR version 6.22 - Remote Code Execution via ZIP archive

Exploit-DB Updates

[webapps] Purei CMS 1.0 - SQL Injection

Purei CMS 1.0 - SQL Injection

Exploit-DB Updates

[webapps] Broken Access Control - on NodeBB v3.6.7

Broken Access Control - on NodeBB v3.6.7

Exploit-DB Updates

[webapps] liveSite Version 2019.1 - Remote Code Execution

liveSite Version 2019.1 - Remote Code Execution

Full Disclosure

Application is Vulnerable to Session Fixation

Posted by YOGESH BHANDAGE on Mar 27

*Vulnerability Name - *Application is Vulnerable to Session Fixation

*Vulnerable URL: *www.fusionpbx.com

*Overview of the Vulnerability*
Session fixation is a security vulnerability that occurs when an attacker
sets or fixes a user's session identifier, manipulating the authentication
process. Typically exploited in web applications, this vulnerability allows
the attacker to force a user's session ID to a known value, granting...

Full Disclosure

Escape sequence injection in util-linux wall (CVE-2024-28085)

Posted by Skyler Ferrante (RIT Student) via Fulldisclosure on Mar 27

Wall-Escape (CVE-2024-28085)

Skyler Ferrante: Escape sequence injection in util-linux wall

=================================================================
Summary
=================================================================

The util-linux wall command does not filter escape sequences from
command line arguments. The vulnerable code was introduced in
commit cdd3cc7fa4 (2013). Every version since has been
vulnerable.

This allows...

Full Disclosure

APPLE-SA-03-25-2024-6 visionOS 1.1.1

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-6 visionOS 1.1.1

visionOS 1.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214093.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: Apple Vision Pro
Impact: Processing an image may lead to arbitrary code execution
Description: An...

Full Disclosure

APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7

iOS 16.7.7 and iPadOS 16.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214098.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro...

Full Disclosure

APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1

iOS 17.4.1 and iPadOS 17.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214097.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad...

Full Disclosure

Win32.STOP.Ransomware (smokeloader) / Remote Code Execution (MITM)

Posted by malvuln on Mar 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/3b9e9e130d52fe95c8be82aa4b8feb74.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.STOP.Ransomware (smokeloader)
Vulnerability: Remote Code Execution (MITM)
Family: Stop
Type: PE32
MD5 3b9e9e130d52fe95c8be82aa4b8feb74
Vuln ID: MVID-2024-0676
Disclosure: 03/22/2024
Description:
There are two roads to...

Full Disclosure

APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6

macOS Ventura 13.6.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214095.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: macOS Ventura
Impact: Processing an image may lead to arbitrary code execution...

Full Disclosure

APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1

macOS Sonoma 14.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214096.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: macOS Sonoma
Impact: Processing an image may lead to arbitrary code execution...

Full Disclosure

APPLE-SA-03-25-2024-1 Safari 17.4.1

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-1 Safari 17.4.1

Safari 17.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214094.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebRTC
Available for: macOS Monterey and macOS Ventura
Impact: Processing an image may lead to arbitrary code execution...

Full Disclosure

[IWCC 2024] CfP: 13th International Workshop on Cyber Crime - Vienna, Austria, July 30 - Aug 02, 2024

Posted by Artur Janicki via Fulldisclosure on Mar 27

[APOLOGIES FOR CROSS-POSTING]

CALL FOR PAPERS
13th International Workshop on Cyber Crime (IWCC 2024 -
https://www.ares-conference.eu/iwcc/)
to be held in conjunction with the 19th International Conference on
Availability, Reliability and Security (ARES 2024 -
http://www.ares-conference.eu)

July 30 - August 02, 2024, Vienna, Austria

IMPORTANT DATES
Submission Deadline May 12, 2024
Author Notification May 29, 2024
Proceedings Version...

Full Disclosure

Circontrol EV Charger vulnerabilities (CVE-2020-8006, CVE-2020-8007)

Posted by Dariusz G on Mar 27

Circontrol EV Charger vulnerabilities.

1. CVE-2020-8006 Pre-Auth Stack Based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10)

The server in Circontrol Raption through 5.11.2 has a pre-authentication
stack-based buffer overflow that can be exploited to gain run-time control
of the device as root.

When the server parses the HTTP headers and finds the Basic-Authentication
tag it will call a base64 decode function. This function...

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6718-1

Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1522-03

Red Hat Security Advisory 2024-1522-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1530-03

Red Hat Security Advisory 2024-1530-03 - An update for expat is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1532-03

Red Hat Security Advisory 2024-1532-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1533-03

Red Hat Security Advisory 2024-1533-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1518-03

Red Hat Security Advisory 2024-1518-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.2.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1512-03

Red Hat Security Advisory 2024-1512-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1513-03

Red Hat Security Advisory 2024-1513-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1514-03

Red Hat Security Advisory 2024-1514-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1515-03

Red Hat Security Advisory 2024-1515-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1516-03

Red Hat Security Advisory 2024-1516-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.1.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1456-03

Red Hat Security Advisory 2024-1456-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1458-03

Red Hat Security Advisory 2024-1458-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1461-03

Red Hat Security Advisory 2024-1461-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1454-03

Red Hat Security Advisory 2024-1454-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6588-2

Ubuntu Security Notice 6588-2 - USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6717-1

Ubuntu Security Notice 6717-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1510-03

Red Hat Security Advisory 2024-1510-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and privilege escalation vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6714-1

Ubuntu Security Notice 6714-1 - It was discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6716-1

Ubuntu Security Notice 6716-1 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1509-03

Red Hat Security Advisory 2024-1509-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1502-03

Red Hat Security Advisory 2024-1502-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1499-03

Red Hat Security Advisory 2024-1499-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1500-03

Red Hat Security Advisory 2024-1500-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1501-03

Red Hat Security Advisory 2024-1501-03 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1496-03

Red Hat Security Advisory 2024-1496-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1497-03

Red Hat Security Advisory 2024-1497-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6707-3

Ubuntu Security Notice 6707-3 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1490-03

Red Hat Security Advisory 2024-1490-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1491-03

Red Hat Security Advisory 2024-1491-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1488-03

Red Hat Security Advisory 2024-1488-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1489-03

Red Hat Security Advisory 2024-1489-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6701-3

Ubuntu Security Notice 6701-3 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1487-03

Red Hat Security Advisory 2024-1487-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6704-3

Ubuntu Security Notice 6704-3 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1480-03

Red Hat Security Advisory 2024-1480-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1486-03

Red Hat Security Advisory 2024-1486-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6711-1

Ubuntu Security Notice 6711-1 - Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline.

Exploit-DB Updates

[webapps] Wallos < 1.11.2 - File Upload RCE

Wallos

Exploit-DB Updates

[webapps] Craft CMS 4.4.14 - Unauthenticated Remote Code Execution

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution