FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayFull Disclosure

[NetworkSEC NWSSA] CVE-2023-26609: ABUS Security Camera LFI, RCE and SSH Root

Posted by Peter Ohm on Feb 27

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Exploit Title: ABUS Security Camera LFI, RCE and SSH Root Access
# Date: 2023-02-16
# Exploit Author: d1g () segfault net for NetworkSEC [NWSSA-001-2023]
# Vendor Homepage: https://www.abus.com
# Version/Model: TVIP 20000-21150 (probably many others)
# Tested on: GM ARM Linux 2.6, Server: Boa/0.94.14rc21
# CVE:...

[NetworkSEC NWSSA] CVE-2023-26602: ASUS ASMB8 iKVM RCE and SSH Root Access

Posted by Peter Ohm on Feb 27

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access
# Date: 2023-02-16
# Exploit Author: d1g () segfault net for NetworkSEC [NWSSA-002-2023]
# Vendor Homepage: https://servers.asus.com/search?q=ASMB8
# Version/Model: ASMB8 iKVM Firmware <= 1.14.51 (probably others)
# Tested on: Linux AMI2CFDA1C7570E 2.6.28.10-ami...

Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666

Posted by hyp3rlinx on Feb 27

[-] Microsoft Windows Contact file / Remote Code Execution (Resurrected
2022) / CVE-2022-44666

[+] John Page (aka hyp3rlinx)
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

Back in 2018 I discovered three related Windows remote code execution
vulnerabilities affecting both VCF and Contact files. They were purchased
by Trend Micro Zero Day Initiative (@thezdi) from me and received candidate
identifiers ZDI-CAN-6920 and ZDI-CAN-7591. Microsoft...

Defense in depth -- the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2

Posted by Stefan Kanthak on Feb 22

Hi @ll,

in Windows 11 22H2. some imbeciles from Redmond added the following
(of course WRONG and INVALID) registry entries and keys which they
dare to ship to their billion world-wide users:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000002
"LastWriteTime"=hex(b):01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp\DLL]

JFTR: the time stamp is 100ns past...

Multiple vulnerabilities in Audiocodes Device Manager Express

Posted by Eric Flokstra on Feb 22

# Product Name: Device Manager Express
# Vendor Homepage: https://www.audiocodes.com
# Software Link:
https://www.audiocodes.com/solutions-products/products/management-products-solutions/device-manager
# Version: <= 7.8.20002.47752
# Tested on: Windows 10 / Server 2019
# Default credentials: admin/admin
# CVE-2022-24627, CVE-2022-24628, CVE-2022-24629, CVE-2022-24630,
CVE-2022-24631, CVE-2022-24632
# Exploit:...

Sumo Logic keep api credentials on endpoints

Posted by dammitjosie--- via Fulldisclosure on Feb 22

security bug:

go sumologic.com (big company, many customer)

make free account

log in account, make access key - help.sumologic.com/docs/manage/security/access-keys/
<http://help.sumologic.com/docs/manage/security/access-keys/>

download collector for windows -
help.sumologic.com/docs/send-data/installed-collectors/collector-installation-reference/download-collector-from-static-url/

<...

Remote Code Execution in Kardex MLOG

Posted by Patrick Hener on Feb 16

Remote Code Execution in Kardex MLOG
=======================================================================
Product: Kardex Mlog MCC
Vendor: Kardex Holding AG
Tested Version: 5.7.12+0-a203c2a213-master
Fixed Version: inline patch - no new version number
Vulnerability Type: Improper Control of Generation of Code ("RFI") - CWE-94
CVSSv2 Severity:...

CyberDanube Security Research 20230213-0 | Multiple Vulnerabilities in JetWave Series

Posted by Thomas Weber on Feb 14

CyberDanube Security Research 20230213-0
-------------------------------------------------------------------------------
Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β  title| Multiple Vulnerabilities
Β Β Β Β Β Β Β Β Β Β Β Β Β  product| JetWave4221 HP-E, JetWave 2212G, JetWave
2212X/2212S,
Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β  | JetWave 2211C, JetWave 2411/2111, JetWave
2411L/2111L,
Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β  | JetWave 2414/2114, JetWave...

Defense in depth -- the Microsoft way (part 81): enabling UTF-8 support breaks existing code

Posted by Stefan Kanthak on Feb 14

Hi @ll,

almost 4 years ago, with Windows 10 1903, after more than a year
beta-testing in insider previews, Microsoft finally released UTF-8
support for the -A interfaces of the Windows API.

0) <https://docs.microsoft.com/en-us/windows/uwp/design/globalizing/use-utf8-code-page#activeCodePage>

| If the ANSI code page is configured for UTF-8, -A APIs typically
| operate in UTF-8. This model has the benefit of supporting
| existing...

SEC Consult SA-20230214-0 :: Multiple XSS Vulnerabilities in B&R Systems Diagnostics Manager

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 14

SEC Consult Vulnerability Lab Security Advisory < 20230214-0 >
=======================================================================
title: Multiple XSS Vulnerabilities
product: B&R Systems Diagnostics Manager
vulnerable version: >=3.00 and <=C4.93
fixed version: >=D4.93
CVE number: CVE-2022-4286
impact: medium
homepage: https://www.br-automation.com...

APPLE-SA-2023-02-13-3 Safari 16.3.1

Posted by Apple Product Security via Fulldisclosure on Feb 14

APPLE-SA-2023-02-13-3 Safari 16.3.1

Safari 16.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213638.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A type confusion issue was addressed...

APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1

Posted by Apple Product Security via Fulldisclosure on Feb 14

APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1

macOS Ventura 13.2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213633.

Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of...

APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1

Posted by Apple Product Security via Fulldisclosure on Feb 14

APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1

iOS 16.3.1 and iPadOS 16.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213635.

Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel...

OXAS-ADV-2022-0002: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Feb 14

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

A CSAF representation of this advisory has been published at
https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference:...

[CVE-2023-0291] Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion

Posted by Julien Ahrens (RCE Security) on Feb 14

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Quiz And Survey Master
Vendor URL: https://wordpress.org/plugins/quiz-master-next/
Type: Missing Authentication for Critical Function [CWE-306]
Date found: 2023-01-13
Date published: 2023-02-08
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2023-0291

2. CREDITS
==========...

[CVE-2023-0292] Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

Posted by Julien Ahrens (RCE Security) on Feb 14

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Quiz And Survey Master
Vendor URL: https://wordpress.org/plugins/quiz-master-next/
Type: Cross-Site Request Forgery (CSRF) [CWE-352]
Date found: 2023-01-13
Date published: 2023-02-08
CVSSv3 Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2023-0292

2. CREDITS
==========
This...

[CVE-Request] Multiple vulnerabilities in BMC Control-M before 9.0.20.214

Posted by Benjamin Mar-Conrad on Feb 14


Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL

Posted by Stefan Pietsch on Jan 30

# Trovent Security Advisory 2203-01 #
#####################################

Micro Focus GroupWise transmits session ID in URL
#################################################

Overview
########

Advisory ID: TRSA-2203-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2203-01
Affected product: Micro Focus GroupWise
Affected version: prior to 18.4.2
Vendor: Micro Focus, https://www.microfocus.com...

APPLE-SA-2023-01-24-1 tvOS 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-2023-01-24-1 tvOS 16.3

tvOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213601.

AppleMobileFileIntegrity
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech ReguΕ‚a (@_r3ggi) of SecuRing...

[SYSS-2022-047] Razer Synapse - Local Privilege Escalation

Posted by Oliver Schwarz via Fulldisclosure on Jan 26

Advisory ID: SYSS-2022-047
Product: Razer Synapse
Manufacturer: Razer Inc.
Affected Version(s): Versions before 3.7.0830.081906
Tested Version(s): 3.7.0731.072516
Vulnerability Type: Improper Certificate Validation (CWE-295)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-08-02
Solution Date: 2022-09-06
Public Disclosure:...

[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin

Posted by RedTeam Pentesting GmbH on Jan 26

RedTeam Pentesting identified a vulnerability which allows attackers to
craft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.

Details
=======

Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other...

t2'23: Call For Papers 2023 (Helsinki, Finland)

Posted by Tomi Tuominen via Fulldisclosure on Jan 23

Call For Papers 2023

Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation
Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for
rain or slush. In case of great spring weather, though, no money back.

CFP and registration both open. Read further if still unsure.

Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so...

Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm

Posted by Marco Ivaldi on Jan 23

Hello again,

Just a quick update. Mitre has assigned the following additional CVE IDs:

* CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors
* CVE-2023-24040 - Printer name injection and heap memory disclosure

We have updated the advisory accordingly:
https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt

Regards,
Marco

APPLE-SA-2023-01-23-8 Safari 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-8 Safari 16.3

Safari 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213600.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao...

APPLE-SA-2023-01-23-7 watchOS 9.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-7 watchOS 9.3

watchOS 9.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213599.

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Regula of SecuRing (wojciechregula.blog)

ImageIO...

APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3

macOS Big Sur 11.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213603.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech ReguΕ‚a (@_r3ggi) of SecuRing
(wojciechregula.blog)...

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

macOS Monterey 12.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213604.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech ReguΕ‚a (@_r3ggi) of SecuRing...

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

macOS Ventura 13.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213605.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech ReguΕ‚a (@_r3ggi) of SecuRing
(wojciechregula.blog)...

APPLE-SA-2023-01-23-3 iOS 12.5.7

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-3 iOS 12.5.7

iOS 12.5.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213597.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been...

APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3

iOS 15.7.3 and iPadOS 15.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213598.

Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to leak sensitive kernel state
Description:...

APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3

Posted by Apple Product Security via Fulldisclosure on Jan 23

APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3

iOS 16.3 and iPadOS 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213606.

AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access user-sensitive data...

SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-2 >
=======================================================================
title: Multiple post-authentication vulnerabilities including RCE
product: OpenTextβ„’ Content Server component of OpenTextβ„’ Extended ECM
vulnerable version: 16.2.2 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45924, CVE-2022-45922, CVE-2022-45925,...

SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-1 >
=======================================================================
title: Pre-authenticated Remote Code Execution via Java frontend
and QDS endpoint
product: OpenTextβ„’ Content Server component of OpenTextβ„’ Extended ECM
vulnerable version: 20.4 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45927...

SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jan 19

SEC Consult Vulnerability Lab Security Advisory < 20230117-0 >
=======================================================================
title: Pre-authenticated Remote Code Execution in cs.exe
product: OpenTextβ„’ Content Server component of OpenTextβ„’ Extended ECM
vulnerable version: 20.4 - 22.3
fixed version: 22.4
CVE number: CVE-2022-45923
impact: Critical
homepage:...

HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm

Posted by Marco Ivaldi on Jan 19

Dear Full Disclosure,

Find attached a security advisory that details multiple
vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif
libXm, and X.Org libXpm.

* Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
* Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm < 3.5.15
* OS: Oracle Solaris 10 (CPU January 2021)
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date:...

wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS
====================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-42905 to this issue.

Severity: 9.1 CRITICAL
Affected version: before 5.5.2
End of embargo: Ended October 28, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

If wolfSSL...

wolfSSL before 5.5.0: Denial-of-service with session resumption

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38152 to this issue.

Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

When a TLS 1.3 client...

wolfSSL 5.3.0: Denial-of-service

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL 5.3.0: Denial-of-service
==================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38153 to this issue.

Severity: 5.9 MEDIUM
Affected version: 5.3.0
End of embargo: Ended August 30, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

## SUMMARY
==========

In wolfSSL 5.3.0 man-in-the-middle attackers or a malicious server can crash TLS
1.2...

wolfSSL before 5.5.0: Denial-of-service with session resumption

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38152 to this issue.

Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022

## SUMMARY
==========

When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on
its session, the server crashes with a...

Citrix Linux client logs session credentials

Posted by Russell Howe on Jan 16

The Citrix Linux client emits its session credentials when starting a
Citrix session. These credentials end up being recorded in the client's
system log.

Citrix do not consider this to be a security vulnerability.

Writeup here:
https://github.com/rhowe/disclosures/tree/main/citrix-linux-client-cred-leak

Write

[KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Jan 09

----------------------------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP
Object Injection Vulnerability
----------------------------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.1 and prior versions.

[-] Vulnerability Description:

The...

[KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Jan 09

-----------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection
Vulnerability
-----------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/sheet/grid.php script,
specifically into...

[KIS-2023-02] Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability

Posted by Egidio Romano on Jan 09

--------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection
Vulnerability
--------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/structures/structlib.php
script,...

[KIS-2023-01] Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery Vulnerabilities

Posted by Egidio Romano on Jan 09

------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery
Vulnerabilities
------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 25.0 and prior versions.

[-] Vulnerabilities Description:

1) The /tiki-importer.php script does not implement any protection
against...

Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877

Posted by Numan TÜRLE on Jan 06

[+] Centos Web Panel 7 Unauthenticated Remote Code Execution
[+] Centos Web Panel 7 - < 0.9.8.1147
[+] Affected Component ip:2031/login/index.php?login=$(whoami)
[+] Discoverer: Numan TΓΌrle @ Gais Cyber Security
[+] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194
[+] CVE: CVE-2022-44877

Description
--------------
Bash commands can be run because double quotes are used to log incorrect...

[tool] ModSecurity backdoor

Posted by Jozef Sudolsky on Jan 02

Announcing a backdoor tool running inside of ModSecurity WAF and
allowing remote command execution with privileges of the web server.

https://github.com/azurit/modsecurity-backdoor

SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution - CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:...

SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting usersΒ & metasploit exploit

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

Hi,

earlier this year in February 2022, we published a technical security advisory -
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ - on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.

Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server...

APPLE-SA-2022-12-13-9 Safari 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-9 Safari 16.2

Safari 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213537.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie...

APPLE-SA-2022-12-13-8 watchOS 9.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-8 watchOS 9.2

watchOS 9.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213536.

Accounts
Available for: Apple Watch Series 4 and later
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD
Available for: Apple Watch Series 4 and...

APPLE-SA-2022-12-13-7 tvOS 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-7 tvOS 16.2

tvOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213535.

Accounts
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),
and Apple TV HD
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD...

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

macOS Big Sur 11.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213534.

BOM
Available for: macOS Big Sur
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2022-42821: Jonathan Bar Or of Microsoft

DriverKit
Available for: macOS Big Sur
Impact: An app may be able to...

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

macOS Monterey 12.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213533.

Bluetooth
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)

BOM...

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.

Accounts
Available for: macOS Ventura
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AMD
Available for: macOS Ventura
Impact: An app may...

APPLE-SA-2022-12-13-3 iOS 16.1.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-3 iOS 16.1.2

iOS 16.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213516.

WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited against versions of iOS released
before iOS 15.1.
Description: A type...

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213531.

AppleAVD
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact:...

APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

iOS 16.2 and iPadOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213530.

Accounts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A user may be able to view sensitive user information
Description:...

Adversary3 updated / Malware vulnerability intel tool for third-party attackers

Posted by malvuln on Dec 20

The Adversary3 project has been updated, added a new vulnerability
category "Logic Flaw" and dozens of new malware vulnerabilities.

https://github.com/malvuln/Adversary3

Ransom.Win64.AtomSilo / Crypto Logic Flaw

Posted by malvuln on Dec 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Ransom.Win64.AtomSilo
Vulnerability: Crypto Logic Flaw
Family: AtomSilo
Type: PE64
MD5: 5559e9f5e1645f8554ea020a29a5a3ee
Vuln ID: MVID-2022-0666
Disclosure: 12/14/2022
Description: AtomSilo...
❌