Exploit-DB Updates

[webapps] djangorestframework-simplejwt 5.3.1 - Information Disclosure

djangorestframework-simplejwt 5.3.1 - Information Disclosure

Exploit-DB Updates

[webapps] OpenClinic GA 5.247.01 - Path Traversal (Authenticated)

OpenClinic GA 5.247.01 - Path Traversal (Authenticated)

Exploit-DB Updates

[webapps] OpenClinic GA 5.247.01 - Information Disclosure

OpenClinic GA 5.247.01 - Information Disclosure

Exploit-DB Updates

[webapps] Jenkins 2.441 - Local File Inclusion

Jenkins 2.441 - Local File Inclusion

Full Disclosure

CVE-2024-31705

Posted by V3locidad on Apr 14

CVE ID: CVE-2024-31705

Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface

Affected Product : GLPI - 10.X.X and last version

Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.

Affected Component : A remote code execution (RCE) vulnerability has been identified in the 'Shell...

Full Disclosure

SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14

SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: -
impact: medium
homepage: https://aws.amazon.com/glue/
found:...

Exploit-DB Updates

[webapps] Savsoft Quiz v6.0 Enterprise - Stored XSS

Savsoft Quiz v6.0 Enterprise - Stored XSS

Exploit-DB Updates

[webapps] Stock Management System v1.0 - Unauthenticated SQL Injection

Stock Management System v1.0 - Unauthenticated SQL Injection

Exploit-DB Updates

[webapps] Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Exploit-DB Updates

[webapps] BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE

BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6730-1

Ubuntu Security Notice 6730-1 - It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5656-1

Debian Linux Security Advisory 5656-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6729-1

Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6727-2

Ubuntu Security Notice 6727-2 - USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1789-03

Red Hat Security Advisory 2024-1789-03 - An update for bind is now available for Red Hat Enterprise Linux 9.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1795-03

Red Hat Security Advisory 2024-1795-03 - VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1784-03

Red Hat Security Advisory 2024-1784-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1785-03

Red Hat Security Advisory 2024-1785-03 - An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1786-03

Red Hat Security Advisory 2024-1786-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1787-03

Red Hat Security Advisory 2024-1787-03 - An update for squid is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Exploit-DB Updates

[webapps] Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

Exploit-DB Updates

[local] Terratec dmx_6fire USB - Unquoted Service Path

Terratec dmx_6fire USB - Unquoted Service Path

Exploit-DB Updates

[local] PrusaSlicer 2.6.1 - Arbitrary code execution

PrusaSlicer 2.6.1 - Arbitrary code execution

Exploit-DB Updates

[webapps] Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] PopojiCMS Version 2.0.1 - Remote Command Execution

PopojiCMS Version 2.0.1 - Remote Command Execution

Exploit-DB Updates

[webapps] Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Exploit-DB Updates

[webapps] HTMLy Version v2.9.6 - Stored XSS

HTMLy Version v2.9.6 - Stored XSS

Exploit-DB Updates

[remote] MinIO < 2024-01-31T20-20-33Z - Privilege Escalation

MinIO

Exploit-DB Updates

[webapps] WBCE 1.6.0 - Unauthenticated SQL injection

WBCE 1.6.0 - Unauthenticated SQL injection

Exploit-DB Updates

[webapps] WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

Exploit-DB Updates

[webapps] GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6727-1

Ubuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.

Advisory Files ≈ Packet Storm

OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue

OX App Suite version 7.10.6 suffers from cross site scripting and deserialization vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6728-1

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6728-2

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1751-03

Red Hat Security Advisory 2024-1751-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1780-03

Red Hat Security Advisory 2024-1780-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1752-03

Red Hat Security Advisory 2024-1752-03 - An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and denial of service vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1781-03

Red Hat Security Advisory 2024-1781-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.

Full Disclosure

[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability

Posted by Egidio Romano on Apr 10

------------------------------------------------------------------------------
Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

Version 4.7.16 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the...

Full Disclosure

[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability

Posted by Egidio Romano on Apr 10

--------------------------------------------------------------------
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
--------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

All versions from 4.4.0 to 4.7.15.

[-] Vulnerability Description:

The vulnerability is located in the
/applications/nexus/modules/front/store/store.php script....

Full Disclosure

Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)

Posted by malvuln on Apr 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Razy.abc
Vulnerability: Insecure Permissions (In memory IPC)
Family: Razy
Type: PE32
MD5: 0eb4a9089d3f7cf431d6547db3b9484d
SHA256: 3d82fee314e7febb8307ccf8a7396b6dd53c7d979a74aa56f3c4a6d0702fd098
Vuln ID: MVID-2024-0678...

Full Disclosure

Multiple Issues in concretecmsv9.2.7

Posted by Andrey Stoykov on Apr 10

# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7
# Date: 4/2024
# Exploit Author: Andrey Stoykov
# Version: 9.2.7
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Verbose Error Message - Stack Trace:

1. Directly browse to edit profile page
2. Error should come up with verbose stack trace

Verbose Error Message - SQL Error:

1. Page Settings > Design > Save Changes
2. Intercept HTTP POST request and place single...

Full Disclosure

OXAS-ADV-2024-0001: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Apr 10

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0001.html.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH...

Full Disclosure

CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0

Posted by Clément Cruchet on Apr 10

CVE ID: CVE-2023-27195

Description:
An access control issue in Trimble TM4Web v22.2.0 allows
unauthenticated attackers to access a specific crafted URL path to
retrieve the last registration access code and use this access code to
register a valid account. If the access code was used to create an
Administrator account, attackers are also able to register new
Administrator accounts with full rights and privileges.

Vulnerability Type: Broken...

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6721-2

Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6719-2

Ubuntu Security Notice 6719-2 - USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.

Advisory Files ≈ Packet Storm

Fuxnet: Disabling Russia's Industrial Sensor And Monitoring Infrastructure

This report seems to detail an operation to disable Russia's industrial sensor and monitoring infrastructure at www.moscollector.ru.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1747-03

Red Hat Security Advisory 2024-1747-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1750-03

Red Hat Security Advisory 2024-1750-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1746-03

Red Hat Security Advisory 2024-1746-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1719-03

Red Hat Security Advisory 2024-1719-03 - An update for rear is now available for Red Hat Enterprise Linux 8.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1722-03

Red Hat Security Advisory 2024-1722-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

Advisory Files ≈ Packet Storm

Kernel Live Patch Security Notice LSN-0102-1

It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6701-4

Ubuntu Security Notice 6701-4 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6726-1

Ubuntu Security Notice 6726-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6724-1

Ubuntu Security Notice 6724-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6722-1

Ubuntu Security Notice 6722-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6725-1

Ubuntu Security Notice 6725-1 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.