Full Disclosure

MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client

Posted by Qualys Security Advisory via Fulldisclosure on Feb 20

Qualys Security Advisory

CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client

CVE-2025-26466: DoS attack against OpenSSH's client and server

========================================================================
Contents
========================================================================

Summary
Background
Experiments
Results
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
DoS...

Full Disclosure

Self Stored XSS - acp2sev7.2.2

Posted by Andrey Stoykov on Feb 20

# Exploit Title: Self Stored XSS - acp2sev7.2.2
# Date: 02/2025
# Exploit Author: Andrey Stoykov
# Version: 7.2.2
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2025/02/friday-fun-pentest-series-19-self.html

Self Stored XSS #1:

Steps to Reproduce:

1. Visit "http://192.168.58.168/acp2se/mul/muladmin.php" and login with
"admin" / "adminpass"
2. In the field "Put the name of the new...

Full Disclosure

Python's official documentation contains textbook example of insecure code (XSS)

Posted by Georgi Guninski on Feb 20

Python's official documentation contains textbook example of insecure code (XSS)

Date: 2025-02-18
Author: Georgi Guninski

===
form = cgi.FieldStorage()
if "name" not in form or "addr" not in form:
print("<H1>Error</H1>")
print("Please fill in the name and addr fields.")
return
print("<p>name:", form["name"].value)
print("<p>addr:",...

Full Disclosure

Re: Netgear Router Administrative Web Interface Lacks Transport Encryption By Default

Posted by Gynvael Coldwind on Feb 17

Hi,

This isn't really a problem a vendor can solve in firmware (apart from
offering configuration via cloud, which has its own issues).
Even if they would enable TLS/SSL by default, it would just give one a
false sense of security, since:
- the certificates would be invalid (public CAs don't give out certs for IP
addresses),
- they would be easy to clone (due to being self-signed and/or being easy
to extract from a similar device),
-...

Full Disclosure

Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network.

Posted by upper.underflow via Fulldisclosure on Feb 16

Hello,

About an hour ago, a group appearing to be named WyRCV2 posted a note on the nostr social network, which can be found
at the following link: https://primal.net/e/note1vzh0mj9rcxax9cgcdapupyxeehjprd68gd9kk9wrv939m8knulrs4780x7

Save, share, use.

The paste link includes a list of nodes that the attacker has instructed to target, along with a Python code to
leverage the attack. According to their explanation, this vulnerability is...

Full Disclosure

Netgear Router Administrative Web Interface Lacks Transport Encryption By Default

Posted by Ryan Delaney via Fulldisclosure on Feb 16

<!--
# Exploit Title: Netgear Router Administrative Web Interface Lacks
Transport Encryption By Default
# Date: 02-13-2025
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Vendor Homepage: https://www.netgear.com
# Version: Netgear C7800 Router, F/W 6.01.07, possibly others
# Tested on: Netgear C7800 Router, F/W 6.01.07
# CVE: CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running...

Full Disclosure

[CVE-2024-54756] GZDoom <= 4.13.1 Arbitrary Code Execution via Malicious ZScript

Posted by Gabriel Valachi via Fulldisclosure on Feb 15

In GZDoom 4.13.1 and below, there is a vulnerability involving array sizes in ZScript, the game engine's primary
scripting language. It is possible to dynamically allocate an array of 1073741823 dwords, permitting access to the rest
of the heap from the start of the array and causing a second array declared in the same function to overlap with this
huge array. The result is an exploit chain that allows arbitrary code execution through a...

Full Disclosure

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

Posted by David Fifield on Feb 15

Today at about 2025-02-13 19:00 I noticed the "≠" is back, but now the
type 0x12 payload of the ?q query parameter gets formatted into the
string representation of an IP address, rather than being copied almost
verbatim into the page. If the payload length is 4 bytes, it gets
formatted as an IPv4 address; if 16 bytes, as an IPv6 address. I didn't
try a ton of experiments, but it looks like payload lengths other than 4
and 16...

Full Disclosure

SEC Consult SA-20250211-0 :: Multiple vulnerabilities in Wattsense Bridge

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 12

SEC Consult Vulnerability Lab Security Advisory < 20250211-0 >
=======================================================================
title: Multiple vulnerabilities
product: Wattsense - Wattsense Bridge
vulnerable version: Wattsense Bridge
* Hardware Revision: WSG-EU-SC-14-00, 20230801
* Firmware Revision: Wattsense (Wattsense minimal)...

Full Disclosure

APPLE-SA-02-10-2025-2 iPadOS 17.7.5

Posted by Apple Product Security via Fulldisclosure on Feb 10

APPLE-SA-02-10-2025-2 iPadOS 17.7.5

iPadOS 17.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122173.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: A physical...

Full Disclosure

APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1

Posted by Apple Product Security via Fulldisclosure on Feb 10

APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1

iOS 18.3.1 and iPadOS 18.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122174.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation...

Full Disclosure

CVE-2024-55447: Access Control in Paxton Net2 software (update)

Posted by Jeroen Hermans via Fulldisclosure on Feb 10

CloudAware Security Advisory

CVE-2024-55447: Potential PII leak and incorrect access control in
Paxton Net2 software

========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software.
Possible leaking of PII incorrect access control.
Access cards can be cloned without physical access to the original...

Full Disclosure

ChatGPT AI finds "security concern" (XSS) in DeepSeek's code

Posted by Georgi Guninski on Feb 10

Summary: On 2025-02-09 ChatGPT AI found "security concern" (XSS) in
DeepSeek's AI python code.

Background:

Consider the simple coding question (Q):

Write Python CGI which takes as an argument NAME and outputs: "Hello NAME".

First page and results on google for "python CGI" return for me
tutorials, which are flawed and textbook examples of the cross site
scripting (XSS) vulnerability. This is a...

Full Disclosure

KL-001-2025-002: Checkmk NagVis Remote Code Execution

Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04

KL-001-2025-002: Checkmk NagVis Remote Code Execution

Title: Checkmk NagVis Remote Code Execution
Advisory ID: KL-001-2025-002
Publication Date: 2025-02-04
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt

1. Vulnerability Details

     Affected Vendor: Checkmk
     Affected Product: Checkmk/NagVis
     Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40
     Platform: GNU/Linux
     CWE...

Full Disclosure

KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting

Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04

KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting

Title: Checkmk NagVis Reflected Cross-site Scripting
Advisory ID: KL-001-2025-001
Publication Date: 2025-02-04
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt

1. Vulnerability Details

     Affected Vendor: Checkmk
     Affected Product: Checkmk/NagVis
     Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40
     Platform: GNU/Linux...

Full Disclosure

APPLE-SA-01-30-2025-1 GarageBand 10.4.12

Posted by Apple Product Security via Fulldisclosure on Feb 01

APPLE-SA-01-30-2025-1 GarageBand 10.4.12

GarageBand 10.4.12 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121866.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

GarageBand
Available for: macOS Sonoma 14.4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary...

Full Disclosure

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

Posted by David Fifield on Feb 01

I tested a few more times, and it appears the text injection has
disappeared.

These are timestamps when I tested, with offsets relative to the initial
discovery.

+0h 2025-01-28 03:00 initial discovery
+5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works
(https://archive.is/DD9xB)
+14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works
(no archive)
+45h...

Full Disclosure

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3

Posted by hyp3rlinx on Feb 01

Updated SQL Injection CVE-2019-19245 exploit for Python3.

import requests,time,re,sys,argparse

#NAPC Xinet Elegant 6 Asset Library v6.1.655
#Pre-Auth SQL Injection 0day Exploit
#By hyp3rlinx
#ApparitionSec
#UPDATED: Jan 2024 for python3
#TODO: add SSL support
#===============================
#This will dump tables, usernames and passwords in vulnerable versions
#REQUIRE PARAMS:...

Full Disclosure

Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449

Posted by Shaikh Shahnawaz on Jan 29

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
https://quorum.com/about/

[Product]
Quorum onQ OS - 6.0.0.5.2064

Vulnerability Type]
Reflected Cross Site Scripting (XSS)

[Affected Component]
Login page get parameter 'msg' is vulnerable to Reflected Cross site
scripting

[CVE Reference]
CVE-2024-44449

[Security Issue]
Cross Site Scripting vulnerability in Quorum onQ OS...

Full Disclosure

Deepseek writes textbook insecure code in 2025-01-28

Posted by Georgi Guninski on Jan 29

Asking Deepseek on Jan 28 09:33:11 AM UTC 2025:

Write a python CGI which takes as an argument string NAME and outputs
"Hello"+NAME

The Deepseek AI [3] returned:

====
name = form.getvalue('NAME', 'World') # Default to 'World' if NAME is
not provided
# Output the HTML response
print(f"<html><body><h1>Hello, {name}!</h1></body></html>")

*For security reasons,...

Full Disclosure

Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

Posted by David Fifield on Jan 29

The page https://www.google.com/sorry/index is familiar to Tor and VPN
users. It is the one that says "Our systems have detected unusual
traffic from your computer network. Please try your request again
later." You will frequently be redirected to this page when using Tor
Browser, when you do a search on a Google site such as www.youtube.com
or scholar.google.com. The text of the page reports the client IP
address, a timestamp of the...

Full Disclosure

APPLE-SA-01-27-2025-9 Safari 18.3

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-9 Safari 18.3

Safari 18.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122074.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Passwords
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious app may be able to bypass browser extension
authentication...

Full Disclosure

APPLE-SA-01-27-2025-8 tvOS 18.3

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-8 tvOS 18.3

tvOS 18.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122072.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker on the local network may be able to cause unexpected...

Full Disclosure

APPLE-SA-01-27-2025-7 watchOS 11.3

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-7 watchOS 11.3

watchOS 11.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122071.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: Apple Watch Series 6 and later
Impact: An attacker on the local network may be able to cause unexpected
system...

Full Disclosure

APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3

macOS Ventura 13.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122070.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data...

Full Disclosure

APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3

macOS Sonoma 14.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122069.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: macOS Sonoma
Impact: A remote attacker may cause an unexpected application
termination or...

Full Disclosure

APPLE-SA-01-27-2025-4 macOS Sequoia 15.3

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-4 macOS Sequoia 15.3

macOS Sequoia 15.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122068.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: macOS Sequoia
Impact: An attacker on the local network may be able to cause unexpected
system...

Full Disclosure

APPLE-SA-01-27-2025-3 iPadOS 17.7.4

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-3 iPadOS 17.7.4

iPadOS 17.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122067.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: A remote attacker may...

Full Disclosure

APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3

iOS 18.3 and iPadOS 18.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122066.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

Full Disclosure

APPLE-SA-01-27-2025-1 visionOS 2.3

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-1 visionOS 2.3

visionOS 2.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122073.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: Apple Vision Pro
Impact: An attacker on the local network may be able to cause unexpected
system termination or...

Full Disclosure

AutoLib Software Systems OPAC Version.20.10 | Exposure of Sensitive Information | CVE-2024-48310

Posted by Shaikh Shahnawaz on Jan 27

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Autolib-india
http://autolib-india.net/products.php

[Product]
AutoLib Software Systems OPAC Version.20.10

[Affected Component]
main.js file

[CVE Reference]
CVE-2024-48310

[Security Issue]
AutoLib Software Systems OPAC v20.10 was discovered to have multiple API
keys exposed within the source code. Attackers may use these keys to...

Full Disclosure

SEC Consult SA-20250127-0 :: Weak Password Hashing Algorithms in Wind River Software VxWorks RTOS

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 27

SEC Consult Vulnerability Lab Security Advisory < 20250127-0 >
=======================================================================
title: Weak Password Hashing Algorithms
product: Wind River Software VxWorks RTOS
vulnerable version: >= VxWorks 6.9
fixed version: not available
CVE number: no CVE assigned by Wind River
impact: High
homepage:...

Full Disclosure

Host Header Injection - atutorv2.2.4

Posted by Andrey Stoykov on Jan 27

# Exploit Title: Host Header Injection - atutorv2.2.4
# Date: 01/2025
# Exploit Author: Andrey Stoykov
# Version: 2.2.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-18-host.html

Description:

- It was found that the application had a Host Header Injection
vulnerability.

Host Header Injection #1:

Steps to Reproduce:

1. Visit specific page of the application
2. Intercept the HTTP GET/POST...

Full Disclosure

Reflected XSS - atutorv2.2.4

Posted by Andrey Stoykov on Jan 27

# Exploit Title: Reflected XSS - atutorv2.2.4
# Date: 01/2025
# Exploit Author: Andrey Stoykov
# Version: 2.2.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-17-reflected.html

Description:

- It was found that the application was vulnerable to Reflected XSS.

Reflected XSS #1 - "theme_dir":

Steps to Reproduce:

1. Login to the application with admin user
2. Paste the following URL...

Full Disclosure

CVE-2024-48463

Posted by Rodolfo Tavares via Fulldisclosure on Jan 15

=====[ Tempest Security Intelligence - ADV-10/2024
]==========================

Bruno IDE Desktop prior to 1.29.0

Author: Rodolfo Tavares

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents ]==================================================

Overview
Detailed Description
Timeline of Disclosure
Thanks & Acknowledgements
References

=====[ Vulnerability Information...

Full Disclosure

CyberDanube Security Research 20250107-0 | Multiple Vulnerabilities in ABB AC500v3

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Jan 15

CyberDanube Security Research 20250107-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in ABB AC500v3
product| ABB AC500v3
vulnerable version| <=3.7.0.569
fixed version| 3.8.0
CVE number| CVE-2024-12429, CVE-2024-12430
impact| High
homepage| https://global.abb
found| 2024-09-03...

Full Disclosure

Certified Asterisk Security Release certified-20.7-cert4

Posted by Asterisk Development Team via Fulldisclosure on Jan 15

The Asterisk Development Team would like to announce security release
Certified Asterisk 20.7-cert4.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert4
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert4

## Change Log for Release asterisk-certified-20.7-cert4

###...

Full Disclosure

Certified Asterisk Security Release certified-18.9-cert13

Posted by Asterisk Development Team via Fulldisclosure on Jan 15

The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert13.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert13
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-18.9-cert13

## Change Log for Release asterisk-certified-18.9-cert13

###...

Full Disclosure

Asterisk Security Release 22.1.1

Posted by Asterisk Development Team via Fulldisclosure on Jan 15

The Asterisk Development Team would like to announce security release
Asterisk 22.1.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.1.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.1.1

## Change Log for Release asterisk-22.1.1

### Links:

- [Full ChangeLog](...

Full Disclosure

Asterisk Security Release 18.26.1

Posted by Asterisk Development Team via Fulldisclosure on Jan 15

The Asterisk Development Team would like to announce security release
Asterisk 18.26.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.26.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 18.26.1

## Change Log for Release asterisk-18.26.1

### Links:

- [Full ChangeLog](...

Full Disclosure

[asterisk-dev] Asterisk Security Release 21.6.1

Posted by Asterisk Development Team on Jan 15

The Asterisk Development Team would like to announce security release
Asterisk 21.6.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.6.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.6.1

## Change Log for Release asterisk-21.6.1

### Links:

- [Full ChangeLog](...

Full Disclosure

[asterisk-dev] Asterisk Security Release 20.11.1

Posted by Asterisk Development Team on Jan 15

The Asterisk Development Team would like to announce security release
Asterisk 20.11.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.11.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.11.1

## Change Log for Release asterisk-20.11.1

### Links:

- [Full ChangeLog](...

Full Disclosure

Multiple vulnerabilities in CTFd versions <= 3.7.4

Posted by Blazej Adamczyk on Dec 30

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Multiple vulnerabilities in CTFd versions <= 3.7.4
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

1 General information
═════════════════════...

Full Disclosure

IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass

Posted by hyp3rlinx on Dec 30

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]www.ibm.com

[Product]
Navigator for i is a Web console interface where you can perform the
key tasks to administer your IBM i.
IBM Navigator for i supports the vast majority of tasks that were...

Full Disclosure

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF)

Posted by hyp3rlinx on Dec 30

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_Server_Side_Request_Forgery_CVE-2024-51463.txt
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]www.ibm.com

[Product]
Navigator for i is a Web console interface where you can perform the
key tasks to administer your IBM i.
IBM Navigator for i supports the vast majority of tasks that...

Full Disclosure

CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21

CyberDanube Security Research 20241219-0
-------------------------------------------------------------------------------
title| Authenticated Remote Code Execution
product| Ewon Flexy 205
vulnerable version| <= v14.8s0 (#2633)
fixed version| -
CVE number| CVE-2024-9154
impact| High
homepage| https://www.hms-networks.com/
found| 2024-09-03...

Full Disclosure

Stored XSS with Filter Bypass - blogenginev3.3.8

Posted by Andrey Stoykov on Dec 18

# Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8
# Date: 12/2024
# Exploit Author: Andrey Stoykov
# Version: 3.3.8
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html

Stored XSS Filter Bypass #1:

Steps to Reproduce:

1. Login as admin and go to "Content" > "Posts"
2. On the right side of the page choose "Categories"
3. In...

Full Disclosure

[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)

Posted by Matthias Deeg via Fulldisclosure on Dec 18

Advisory ID: SYSS-2024-085
Product: CA Client Automation (CA DSM)
Manufacturer: Broadcom
Affected Version(s): 14.5.0.15
Tested Version(s): 14.5.0.15
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2024-10-18
Solution Date: 2024-12-17
Public Disclosure:...

Full Disclosure

[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities

Posted by Egidio Romano on Dec 16

---------------------------------------------------------------------------
GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
---------------------------------------------------------------------------

[-] Software Links:

https://gfi.ai/products-and-solutions/network-security-solutions/keriocontrol
http://download.kerio.com

[-] Affected Versions:

All versions from 9.2.5 to 9.4.5.

[-] Vulnerabilities Description:...

Full Disclosure

RansomLordNG - anti-ransomware exploit tool

Posted by malvuln on Dec 16

This next generation version dumps process memory of the targeted
Malware prior to termination The process memory dump file MalDump.dmp
varies in size and can be 50 MB plus RansomLord now intercepts and
terminates ransomware from 54 different threat groups Adding GPCode,
DarkRace, Snocry, Hydra and Sage to the ever growing victim list.

Lang: C
SHA256: fcb259471a4a7afa938e3aa119bdff25620ae83f128c8c7d39266f410a7ec9aa

RansomLordNG leverages code...

Full Disclosure

APPLE-SA-12-11-2024-9 Safari 18.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-9 Safari 18.2

Safari 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121846.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Safari
Available for: macOS Ventura and macOS Sonoma
Impact: On a device with Private Relay enabled, adding a website to the
Safari...

Full Disclosure

APPLE-SA-12-11-2024-8 visionOS 2.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-8 visionOS 2.2

visionOS 2.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121845.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Crash Reporter
Available for: Apple Vision Pro
Impact: An app may be able to access sensitive user data
Description: A permissions...

Full Disclosure

APPLE-SA-12-11-2024-7 tvOS 18.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-7 tvOS 18.2

tvOS 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121844.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A malicious app may be able to access private...

Full Disclosure

APPLE-SA-12-11-2024-6 watchOS 11.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-6 watchOS 11.2

watchOS 11.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121843.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple Watch Series 6 and later
Impact: A malicious app may be able to access private...

Full Disclosure

APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2

macOS Ventura 13.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121842.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data...

Full Disclosure

APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2

macOS Sonoma 14.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121840.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description:...

Full Disclosure

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

macOS Sequoia 15.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121839.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description:...

Full Disclosure

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

iPadOS 17.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121838.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: Processing a...

Full Disclosure

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2

iOS 18.2 and iPadOS 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121837.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd...

Full Disclosure

SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20241211-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: Numerix License Server Administration System Login
vulnerable version: 1.1_596
fixed version: -
CVE number: CVE-2024-50585
impact: medium
homepage: https://connect.numerix.com/nlslogin.jsp...