Full Disclosure
OXAS-ADV-2022-0002: OX App Suite Security Advisory
February 14^th 2023 at 21:41

OXAS-ADV-2022-0002: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Feb 14

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

A CSAF representation of this advisory has been published at
https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference:...

🏷️ My labels
- ❌
February 14^th 2023 at 21:41

Full Disclosure
[CVE-2023-0291] Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
February 14^th 2023 at 21:40

[CVE-2023-0291] Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion

Posted by Julien Ahrens (RCE Security) on Feb 14

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Quiz And Survey Master
Vendor URL: https://wordpress.org/plugins/quiz-master-next/
Type: Missing Authentication for Critical Function [CWE-306]
Date found: 2023-01-13
Date published: 2023-02-08
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2023-0291

2. CREDITS
==========...

🏷️ My labels
- ❌
February 14^th 2023 at 21:40

Full Disclosure
[CVE-2023-0292] Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion
February 14^th 2023 at 21:40

[CVE-2023-0292] Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

Posted by Julien Ahrens (RCE Security) on Feb 14

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Quiz And Survey Master
Vendor URL: https://wordpress.org/plugins/quiz-master-next/
Type: Cross-Site Request Forgery (CSRF) [CWE-352]
Date found: 2023-01-13
Date published: 2023-02-08
CVSSv3 Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2023-0292

2. CREDITS
==========
This...

🏷️ My labels
- ❌
February 14^th 2023 at 21:40

Full Disclosure
[CVE-Request] Multiple vulnerabilities in BMC Control-M before 9.0.20.214
February 14^th 2023 at 21:39

[CVE-Request] Multiple vulnerabilities in BMC Control-M before 9.0.20.214

Posted by Benjamin Mar-Conrad on Feb 14

🏷️ My labels
- ❌
February 14^th 2023 at 21:39

Full Disclosure
Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL
January 31^st 2023 at 07:03

Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL

Posted by Stefan Pietsch on Jan 30

# Trovent Security Advisory 2203-01 #
#####################################

Micro Focus GroupWise transmits session ID in URL
#################################################

Overview
########

Advisory ID: TRSA-2203-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2203-01
Affected product: Micro Focus GroupWise
Affected version: prior to 18.4.2
Vendor: Micro Focus, https://www.microfocus.com...

🏷️ My labels
- ❌
January 31^st 2023 at 07:03

Full Disclosure
APPLE-SA-2023-01-24-1 tvOS 16.3
January 27^th 2023 at 03:53

APPLE-SA-2023-01-24-1 tvOS 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-2023-01-24-1 tvOS 16.3

tvOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213601.

AppleMobileFileIntegrity
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing...

🏷️ My labels
- ❌
January 27^th 2023 at 03:53

Full Disclosure
[SYSS-2022-047] Razer Synapse - Local Privilege Escalation
January 27^th 2023 at 03:53

[SYSS-2022-047] Razer Synapse - Local Privilege Escalation

Posted by Oliver Schwarz via Fulldisclosure on Jan 26

Advisory ID: SYSS-2022-047
Product: Razer Synapse
Manufacturer: Razer Inc.
Affected Version(s): Versions before 3.7.0830.081906
Tested Version(s): 3.7.0731.072516
Vulnerability Type: Improper Certificate Validation (CWE-295)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-08-02
Solution Date: 2022-09-06
Public Disclosure:...

🏷️ My labels
- ❌
January 27^th 2023 at 03:53

Full Disclosure
[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin
January 26^th 2023 at 15:25

[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin

Posted by RedTeam Pentesting GmbH on Jan 26

RedTeam Pentesting identified a vulnerability which allows attackers to
craft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.

Details
=======

Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other...

🏷️ My labels
- ❌
January 26^th 2023 at 15:25

Full Disclosure
t2'23: Call For Papers 2023 (Helsinki, Finland)
January 24^th 2023 at 06:14

t2'23: Call For Papers 2023 (Helsinki, Finland)

Posted by Tomi Tuominen via Fulldisclosure on Jan 23

Call For Papers 2023

Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation
Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for
rain or slush. In case of great spring weather, though, no money back.

CFP and registration both open. Read further if still unsure.

Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so...

🏷️ My labels
- ❌
January 24^th 2023 at 06:14

Full Disclosure
Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
January 24^th 2023 at 06:13

Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm

Posted by Marco Ivaldi on Jan 23

Hello again,

Just a quick update. Mitre has assigned the following additional CVE IDs:

* CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors
* CVE-2023-24040 - Printer name injection and heap memory disclosure

We have updated the advisory accordingly:
https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt

Regards,
Marco

🏷️ My labels
- ❌
January 24^th 2023 at 06:13

APPLE-SA-2023-01-23-8 Safari 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-8 Safari 16.3

Safari 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213600.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao...

🏷️ My labels
- ❌
January 24^th 2023 at 06:13

APPLE-SA-2023-01-23-7 watchOS 9.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-7 watchOS 9.3

watchOS 9.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213599.

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Regula of SecuRing (wojciechregula.blog)

ImageIO...

🏷️ My labels
- ❌
January 24^th 2023 at 06:13

Full Disclosure
APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3
January 24^th 2023 at 06:12

APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3

macOS Big Sur 11.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213603.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)...

🏷️ My labels
- ❌
January 24^th 2023 at 06:12

Full Disclosure
APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3
January 24^th 2023 at 06:12

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

macOS Monterey 12.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213604.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing...

🏷️ My labels
- ❌
January 24^th 2023 at 06:12

Full Disclosure
APPLE-SA-2023-01-23-4 macOS Ventura 13.2
January 24^th 2023 at 06:12

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

macOS Ventura 13.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213605.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)...

🏷️ My labels
- ❌
January 24^th 2023 at 06:12

APPLE-SA-2023-01-23-3 iOS 12.5.7

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-3 iOS 12.5.7

iOS 12.5.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213597.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been...

🏷️ My labels
- ❌
January 24^th 2023 at 06:12

Full Disclosure
APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3
January 24^th 2023 at 06:12

APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3

iOS 15.7.3 and iPadOS 15.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213598.

Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to leak sensitive kernel state
Description:...

🏷️ My labels
- ❌
January 24^th 2023 at 06:12

Full Disclosure
APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3
January 24^th 2023 at 06:12

APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3

iOS 16.3 and iPadOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213606.

AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access user-sensitive data...

🏷️ My labels
- ❌
January 24^th 2023 at 06:12

Full Disclosure
SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM
January 20^th 2023 at 02:49

SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-2 >
=======================================================================
title: Multiple post-authentication vulnerabilities including RCE
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 16.2.2 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45924, CVE-2022-45922, CVE-2022-45925,...

🏷️ My labels
- ❌
January 20^th 2023 at 02:49

SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-1 >
=======================================================================
title: Pre-authenticated Remote Code Execution via Java frontend
and QDS endpoint
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 20.4 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45927...

🏷️ My labels
- ❌
January 20^th 2023 at 02:49

Full Disclosure
SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM)
January 20^th 2023 at 02:49

SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-0 >
=======================================================================
title: Pre-authenticated Remote Code Execution in cs.exe
product: OpenText™ Content Server component of OpenText™ Extended ECM
vulnerable version: 20.4 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45923
impact: Critical
homepage:...

🏷️ My labels
- ❌
January 20^th 2023 at 02:49

Full Disclosure
HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
January 20^th 2023 at 02:49

HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm

Posted by Marco Ivaldi on Jan 19

Dear Full Disclosure,

Find attached a security advisory that details multiple
vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif
libXm, and X.Org libXpm.

* Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
* Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15
* OS: Oracle Solaris 10 (CPU January 2021)
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date:...

🏷️ My labels
- ❌
January 20^th 2023 at 02:49

Full Disclosure
wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS
January 20^th 2023 at 02:48

wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS
====================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-42905 to this issue.

Severity: 9.1 CRITICAL
Affected version: before 5.5.2
End of embargo: Ended October 28, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

If wolfSSL...

🏷️ My labels
- ❌
January 20^th 2023 at 02:48

Full Disclosure
wolfSSL before 5.5.0: Denial-of-service with session resumption
January 20^th 2023 at 02:48

wolfSSL before 5.5.0: Denial-of-service with session resumption

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38152 to this issue.

Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

When a TLS 1.3 client...

🏷️ My labels
- ❌
January 20^th 2023 at 02:48

wolfSSL 5.3.0: Denial-of-service

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL 5.3.0: Denial-of-service
==================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38153 to this issue.

Severity: 5.9 MEDIUM
Affected version: 5.3.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

In wolfSSL 5.3.0 man-in-the-middle attackers or a malicious server can crash TLS
1.2...

🏷️ My labels
- ❌
January 20^th 2023 at 02:48

Full Disclosure
wolfSSL before 5.5.0: Denial-of-service with session resumption
January 20^th 2023 at 02:48

wolfSSL before 5.5.0: Denial-of-service with session resumption

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38152 to this issue.

Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022

## SUMMARY
==========

When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on
its session, the server crashes with a...

🏷️ My labels
- ❌
January 20^th 2023 at 02:48

Full Disclosure
Citrix Linux client logs session credentials
January 17^th 2023 at 02:28

Citrix Linux client logs session credentials

Posted by Russell Howe on Jan 16

The Citrix Linux client emits its session credentials when starting a
Citrix session. These credentials end up being recorded in the client's
system log.

Citrix do not consider this to be a security vulnerability.

Writeup here:
https://github.com/rhowe/disclosures/tree/main/citrix-linux-client-cred-leak

Write

🏷️ My labels
- ❌
January 17^th 2023 at 02:28

Full Disclosure
[KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability
January 9^th 2023 at 20:11

[KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Jan 09

----------------------------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP
Object Injection Vulnerability
----------------------------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.1 and prior versions.

[-] Vulnerability Description:

The...

🏷️ My labels
- ❌
January 9^th 2023 at 20:11

Full Disclosure
[KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability
January 9^th 2023 at 20:10

[KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Jan 09

-----------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection
Vulnerability
-----------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/sheet/grid.php script,
specifically into...

🏷️ My labels
- ❌
January 9^th 2023 at 20:10

Full Disclosure
[KIS-2023-02] Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability
January 9^th 2023 at 20:09

[KIS-2023-02] Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability

Posted by Egidio Romano on Jan 09

--------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection
Vulnerability
--------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/structures/structlib.php
script,...

🏷️ My labels
- ❌
January 9^th 2023 at 20:09

Full Disclosure
[KIS-2023-01] Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery Vulnerabilities
January 9^th 2023 at 20:08

[KIS-2023-01] Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery Vulnerabilities

Posted by Egidio Romano on Jan 09

------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery
Vulnerabilities
------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 25.0 and prior versions.

[-] Vulnerabilities Description:

1) The /tiki-importer.php script does not implement any protection
against...

🏷️ My labels
- ❌
January 9^th 2023 at 20:08

Full Disclosure
Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
January 6^th 2023 at 15:21

Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877

Posted by Numan TÜRLE on Jan 06

[+] Centos Web Panel 7 Unauthenticated Remote Code Execution
[+] Centos Web Panel 7 - < 0.9.8.1147
[+] Affected Component ip:2031/login/index.php?login=$(whoami)
[+] Discoverer: Numan Türle @ Gais Cyber Security
[+] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194
[+] CVE: CVE-2022-44877

Description
--------------
Bash commands can be run because double quotes are used to log incorrect...

🏷️ My labels
- ❌
January 6^th 2023 at 15:21

Full Disclosure
[tool] ModSecurity backdoor
January 3^rd 2023 at 03:42

[tool] ModSecurity backdoor

Posted by Jozef Sudolsky on Jan 02

Announcing a backdoor tool running inside of ModSecurity WAF and
allowing remote command execution with privileges of the web server.

https://github.com/azurit/modsecurity-backdoor

🏷️ My labels
- ❌
January 3^rd 2023 at 03:42

Full Disclosure
SugarCRM 0-day Auth Bypass + RCE Exploit
December 31^st 2022 at 06:30

SugarCRM 0-day Auth Bypass + RCE Exploit

Posted by sw33t.0day via Fulldisclosure on Dec 30

#!/usr/bin/env python
#
# SugarCRM 0-day Auth Bypass + RCE Exploit
#
# Dorks:
# https://www.google.com/search?q=site:sugarondemand.com&filter=0
# https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php
# https://www.shodan.io/search?query=http.title:"SugarCRM"
# https://search.censys.io/search?resource=hosts&q=services.http.response.html_title:"SugarCRM"
#...

🏷️ My labels
- ❌
December 31^st 2022 at 06:30

Full Disclosure
SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)
December 21^st 2022 at 03:42

SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution - CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:...

🏷️ My labels
- ❌
December 21^st 2022 at 03:42

Full Disclosure
SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit
December 21^st 2022 at 03:42

SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

Hi,

earlier this year in February 2022, we published a technical security advisory -
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ - on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.

Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server...

🏷️ My labels
- ❌
December 21^st 2022 at 03:42

Full Disclosure
APPLE-SA-2022-12-13-9 Safari 16.2
December 21^st 2022 at 03:42

APPLE-SA-2022-12-13-9 Safari 16.2