[webapps] Online Nurse Hiring System 1.0 - Time-Based SQL Injection

APPLE-SA-02-02-2024-1 visionOS 1.0.2

visionOS 1.0.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214070.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: Apple Vision Pro
Impact: Processing maliciously crafted web content may lead to
arbitrary code...

Full Disclosure

Out-of-bounds read & write in the glibc's qsort()

— February 4^th 2024 at 08:12

Posted by Qualys Security Advisory via Fulldisclosure on Feb 04

Qualys Security Advisory

For the algorithm lovers: Nontransitive comparison functions lead to
out-of-bounds read & write in glibc's qsort()

========================================================================
Contents
========================================================================

Summary
Background
Experiments
Analysis
Patch
Discussion
Acknowledgments
Timeline

CUT MY LIST IN TWO PIECES
THAT'S HOW YOU START...

Full Disclosure

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

— February 4^th 2024 at 08:12

Posted by Qualys Security Advisory via Fulldisclosure on Feb 04

Qualys Security Advisory

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

========================================================================
Contents
========================================================================

Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline

========================================================================
Summary...

Full Disclosure

Research about usage & possible issues of the NVD

— February 4^th 2024 at 08:11

Posted by Andreas Hammer on Feb 04

Hello there!

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the usage and possible issues of the NVD (National
Vulnerability Database). If you are using the NVD regularly, we would
greatly appreciate your participation which contributes to the
improvement of vulnerability management. You can read more about the
survey here:

https://www.cs1.tf.fau.de/2024/01/29/survey-on-usage-of-nvd/

The...

Full Disclosure

TROJAN.WIN32 BANKSHOT / Remote Stack Buffer Overflow (SEH)

— February 4^th 2024 at 08:11

Posted by malvuln on Feb 04

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32 BankShot
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 1978 and creates a local
Windows service running with SYSTEM integrity. Third-party adversaries who
can reach the...

Full Disclosure

[KIS-2024-01] XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability

— February 4^th 2024 at 08:11

Posted by Egidio Romano on Feb 04

------------------------------------------------------------
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability
------------------------------------------------------------

[-] Software Link:

https://xenforo.com

[-] Affected Versions:

Version 2.2.13 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the
/src/XF/Service/Style/ArchiveImport.php script. Specifically, into the...

Full Disclosure

NULL pointer dereference in the function handle_viminfo_register() of vim

— February 4^th 2024 at 08:09

Posted by Christian Brabandt on Feb 04

Meng Ruijie wrote:

Meng,

This particular problem was fixed in Vim v9.0.1740
https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853

I have no idea, why this issue is worth a CVE, because if an attacker
can modify your .viminfo file to make Vim crash, he already has the
possibilities to do much more harm directly. So I don't think this is
particular useful CVE. I'd also like to dispute this.

Thanks,
Christian

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

— February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

— February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

— February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

— February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

Exploit-DB Updates

[dos] Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

— February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

— February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Exploit-DB Updates

[webapps] Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

— February 2^nd 2024 at 00:00

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Exploit-DB Updates

[webapps] TP-Link TL-WR740N - UnAuthenticated Directory Transversal

— February 2^nd 2024 at 00:00

TP-Link TL-WR740N - UnAuthenticated Directory Transversal

Exploit-DB Updates

[remote] WebCatalog 48.4 - Arbitrary Protocol Execution

— February 2^nd 2024 at 00:00

WebCatalog 48.4 - Arbitrary Protocol Execution

Exploit-DB Updates

[webapps] mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

— February 2^nd 2024 at 00:00

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

Exploit-DB Updates

[remote] PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

— February 2^nd 2024 at 00:00

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

Exploit-DB Updates

[webapps] TP-LINK TL-WR740N - Multiple HTML Injection

— February 2^nd 2024 at 00:00

TP-LINK TL-WR740N - Multiple HTML Injection

Exploit-DB Updates

[webapps] Academy LMS 6.2 - SQL Injection

— January 31^st 2024 at 00:00

Academy LMS 6.2 - SQL Injection

Exploit-DB Updates

[webapps] Academy LMS 6.2 - Reflected XSS

— January 31^st 2024 at 00:00

Academy LMS 6.2 - Reflected XSS

Exploit-DB Updates

[webapps] 101 News 1.0 - Multiple-SQLi

— January 31^st 2024 at 00:00

101 News 1.0 - Multiple-SQLi

Exploit-DB Updates

[webapps] Grocy <=4.0.2 - CSRF

— January 31^st 2024 at 00:00

Grocy

Exploit-DB Updates

[webapps] GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

— January 31^st 2024 at 00:00

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

Exploit-DB Updates

[remote] Proxmox VE - TOTP Brute Force

— January 31^st 2024 at 00:00

Proxmox VE - TOTP Brute Force

Exploit-DB Updates

[remote] RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

— January 31^st 2024 at 00:00

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

Exploit-DB Updates

[remote] Ricoh Printer - Directory and File Exposure

— January 29^th 2024 at 00:00

Ricoh Printer - Directory and File Exposure

Exploit-DB Updates

[remote] Equipment Rental Script-1.0 - SQLi

— January 29^th 2024 at 00:00

Equipment Rental Script-1.0 - SQLi

Exploit-DB Updates

[remote] Blood Bank & Donor Management System using v2.2 - Stored XSS

— January 29^th 2024 at 00:00

Blood Bank & Donor Management System using v2.2 - Stored XSS

Exploit-DB Updates

[webapps] Bank Locker Management System - SQL Injection

— January 29^th 2024 at 00:00

Bank Locker Management System - SQL Injection

Exploit-DB Updates

[local] Typora v1.7.4 - OS Command Injection

— January 29^th 2024 at 00:00

Typora v1.7.4 - OS Command Injection

Exploit-DB Updates

[local] 7 Sticky Notes v1.9 - OS Command Injection

— January 29^th 2024 at 00:00

7 Sticky Notes v1.9 - OS Command Injection

Exploit-DB Updates

[webapps] Fundraising Script 1.0 - SQLi

— January 29^th 2024 at 00:00

Fundraising Script 1.0 - SQLi

Exploit-DB Updates

[webapps] PHP Shopping Cart 4.2 - Multiple-SQLi

— January 29^th 2024 at 00:00

PHP Shopping Cart 4.2 - Multiple-SQLi

Full Disclosure

Re: Buffer Overflow in graphviz via via a crafted config6a file

— January 27^th 2024 at 22:03

Posted by Matthew Fernandez on Jan 27

More specifically, this issue is an out-of-bounds read.

AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed
in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially
reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the
issue), but there has been no release yet since then. The next release
will be 10.0.0. So affected versions would be [2.36, 10.0.0).

To exploit this issue, you need to modify a...

Full Disclosure

CVEs based on commit messages

— January 27^th 2024 at 22:03

Posted by Mark Esler on Jan 27

Dear Meng Rujie,

In regards to your recent FD posts, are you requesting CVEs based on the
presence of strings in commit messages such as "null pointer dereference"?

Are you reaching out to each upstream project before assigning a CVE? Do
you believe that every null pointer bug is a vulnerability? What impact
are you hoping to achieve?

Please reconsider how you are requesting CVEs.

CVE assignment based on commit message allows...

Full Disclosure

Re: null pointer deference in nano via read_the_list()

— January 27^th 2024 at 22:03

Posted by Mark Esler on Jan 27

Hi Meng,

In your recent mass posts to FD, are you reporting vulnerabilities or
bug reports which have words like "segfault" in the title? What benefit
do you see this having? Have you spoken to each upstream project before
requesting a CVE be assigned?

Thank you,
Mark Esler

Full Disclosure

Re: NULL pointer dereference in freedesktop Mesa via check_xshm()

— January 27^th 2024 at 22:01

Posted by Dan Cross on Jan 27

I find it very difficult to believe that every NULL pointer error in
existence is a security vulnerability.

- Dan C.

Full Disclosure

Re: Null pointer dereference in Xedit

— January 27^th 2024 at 22:01

Posted by Alan Coopersmith on Jan 27

I will be asking that this CVE be withdrawn on behalf of the X.Org security team.

While it is a low-priority bug, we did not see any security exposure
when this bug was first brought to our attention because there is no
way for an attacker to change the contents of the lisp.lsp file or to
cause a *.lsp file to be loaded for another user.

The bug report states "replace /usr/local/lib/X11/xedit/lisp/lisp.lsp with
the attached version,"...

Full Disclosure

Buffer overflow in Sane

— January 26^th 2024 at 15:11