Full Disclosure

SEC Consult SA-20240513-0 :: Tolerating Self-Signed Certificates in SAP® Cloud Connector

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 14

SEC Consult Vulnerability Lab Security Advisory < 20240513-0 >
=======================================================================
title: Tolerating Self-Signed Certificates
product: SAP® Cloud Connector
vulnerable version: 2.15.0 - 2.16.1 (Portable and Installer)
fixed version: 2.16.2 (Portable and Installer)
CVE number: CVE-2024-25642
impact: high
homepage:...

Full Disclosure

TROJANSPY.WIN64.EMOTET.A / Arbitrary Code Execution

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: TrojanSpy.Win64.EMOTET.A
Vulnerability: Arbitrary Code Execution
Description: The malware looks for and executes a x64-bit "CRYPTBASE.dll"
PE file in its current directory. Therefore, we can hijack the DLL and
execute our own...

Full Disclosure

BACKDOOR.WIN32.ASYNCRAT / Arbitrary Code Execution

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.AsyncRat
Vulnerability: Arbitrary Code Execution
Description: The malware looks for and executes a x32-bit "CRYPTSP.dll" PE
file in its current directory. Therefore, we can hijack the DLL and execute
our own...

Full Disclosure

Re: Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

Posted by malvuln on May 14

Updated and fixed a payload typo and added additional info regarding the
stored persistent XSS see attached.

Thanks, Malvuln

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF) - Persistent XSS
Family: SmokeLoader...

Full Disclosure

Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln...

Full Disclosure

Panel.SmokeLoader C2 / Cross Site Scripting (XSS)

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Scripting (XSS)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln ID:...

Full Disclosure

Panel.Amadey.d.c C2 / Cross Site Scripting (XSS)

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel Amadey.d.c
Vulnerability: Cross Site Scripting (XSS)
Family: Amadey
Type: Web Panel
MD5: 50467c891bf7de34d2d65fa93ab8b558 (Login.php)
SHA256: 65623eead2bcba66817861246e842386d712c38c5c5558e50eb49cffa2a1035d
Vuln ID:...

Full Disclosure

Re: RansomLord v3 / Anti-Ransomware Exploit Tool Released

Posted by malvuln on May 14

Updated, fixed typo
SHA256 : 810229C7E62D5EDDD3DA9FFA19D04A31D71F9C36D05B6A614FEF496E88656FF5

Full Disclosure

RansomLord v3 / Anti-Ransomware Exploit Tool Released

Posted by malvuln on May 14

Proof-of-concept tool that automates the creation of PE files, used to
exploit Ransomware pre-encryption. Updated v3:
https://github.com/malvuln/RansomLord/releases/tag/v3
Lang: C SHA256:
83f56d14671b912a9a68da2cd37607cac3e5b31560a6e30380e3c6bd093560f5

Video PoC (old v2):
https://www.youtube.com/watch?v=_Ho0bpeJWqI

RansomLord generated PE files are saved to disk in the x32 or x64
directories where the program is run from. Goal is to exploit...

Full Disclosure

APPLE-SA-05-13-2024-8 tvOS 17.5

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-8 tvOS 17.5

tvOS 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214102.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel...

Full Disclosure

APPLE-SA-05-13-2024-7 watchOS 10.5

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-7 watchOS 10.5

watchOS 10.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214104.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges...

Full Disclosure

Research about consistency of CVSSv4

Posted by Julia Wunder on May 14

Hello there,

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the reliability of CVSSv4 (Common Vulnerability
Scoring System). We conducted a survey on CVSSv3.1 in winter 2020/21 and
found out that the ratings are not always consistent [1]. Now we want to
investigate the latest version CVSSv4. If you are currently assessing
vulnerabilities using CVSS, we would greatly appreciate your...

Full Disclosure

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

macOS Monterey 12.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214105.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Find My
Available for: macOS Monterey
Impact: A malicious application may be able to access Find My data...

Full Disclosure

APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7

macOS Ventura 13.6.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214107.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Foundation
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A...

Full Disclosure

APPLE-SA-05-13-2024-4 macOS Sonoma 14.5

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-4 macOS Sonoma 14.5

macOS Sonoma 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214106.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges...

Full Disclosure

APPLE-SA-05-13-2024-3 iOS 16.7.8 and iPadOS 16.7.8

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-3 iOS 16.7.8 and iPadOS 16.7.8

iOS 16.7.8 and iPadOS 16.7.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214100.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Foundation
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro...

Full Disclosure

Microsoft PlayReady - complete client identity compromise

Posted by Security Explorations on May 09

Hello All,

We have come up with two attack scenarios that make it possible to
extract private ECC keys used by a PlayReady client (Windows SW DRM
scenario) for the communication with a license server and identity
purposes.

More specifically, we successfully demonstrated the extraction of the
following keys:
- private signing key used to digitally sign license requests issued
by PlayReady client,
- private encryption key used to decrypt license...

Full Disclosure

secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

Posted by Simon Bieber via Fulldisclosure on May 06

secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

Affected Products
Drupal Wiki 8.31
Drupal Wiki 8.30 (older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates)
CVE-2024-34481
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS-B: 6.4 (...

Full Disclosure

OXAS-ADV-2024-0002: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on May 06

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0002.html.

Yours sincerely,
Martin Heiland, Open-Xchange...

Full Disclosure

Microsoft PlayReady toolkit - codes release

Posted by Security Explorations on May 06

Hello All,

We released codes for "Microsoft PlayReady toolkit", a tool that has
been developed as part of our research from 2022:

https://security-explorations.com/microsoft-playready.html#details

The toolkit illustrates the following:
- fake client device identity generation,
- acquisition of license and content keys for encrypted content,
- downloading and decryption of content,
- content inspection (MPEG-4 file format),
- Manifest...

Full Disclosure

Live2D Cubism refusing to fix validation issue leading to heap corruption.

Posted by PT via Fulldisclosure on May 03

Live2D Cubism is the dominant "vtuber" software suite for 2D avatars for use in livestreaming and integrating them in
other software.
They publish various SDKs and a frameworks for integrating their libraries with your own program. You're supposed to
use those to deserialize and render/animate the models created with their main software - often untrusted files from
random people on the internet.
While their main java-based...

Full Disclosure

Microsoft PlayReady white-box cryptography weakness

Posted by Security Explorations on May 01

Hello All,

There is yet another attack possible against Protected Media Path
process beyond the one involving two global XOR keys [1]. The new
attack may also result in the extraction of a plaintext content key
value.

The attack has its origin in a white-box crypto [2] implementation.
More specifically, one can devise plaintext content key from white-box
crypto data structures of which goal is to make such a reconstruction
difficult / not...

Full Disclosure

Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers

Posted by Stefan Kanthak on Apr 24

Hi @ll,

this post is a continuation of
<https://seclists.org/fulldisclosure/2023/Oct/17> and
<https://seclists.org/fulldisclosure/2021/Oct/17>

With the release of .NET Framework 4.8 in April 2019, Microsoft updated
the following paragraph of the MSDN article "What's new in .NET Framework"
<https://msdn.microsoft.com/en-us/library/ms171868.aspx>

| Starting with .NET Framework 4.5, the clrcompression.dll assembly...

Full Disclosure

Response to CVE-2023-26756 - Revive Adserver

Posted by Matteo Beccati on Apr 24

CVE-2023-26756 has been recently filed against the Revive Adserver project.

The action was taken without first contacting us, and it did not follow
the security process that is thoroughly documented on our website. The
project team has been given no notice before or after the disclosure.

Our team has been made aware of this report by a community member via a
GitHub issue. All of this resulted in an inability for us to produce an
appropriate...

Full Disclosure

BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)

Posted by malvuln on Apr 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Dumador.c
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware runs an FTP server on TCP port 10000. Third-party
adversaries who can reach the server can send a specially crafted payload
triggering...

Full Disclosure

SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19

SEC Consult Vulnerability Lab Security Advisory < 20240418-0 >
=======================================================================
title: Broken authorization
product: Dreamehome app
vulnerable version: <=2.1.5 (iOS)
fixed version: none, see solution
CVE number: -
impact: medium
homepage: https://www.dreametech.com
found: 2024-01-17...

Full Disclosure

MindManager 23 - full disclosure

Posted by Pawel Karwowski via Fulldisclosure on Apr 19

Resending! Thank you for your efforts.

GitHub - pawlokk/mindmanager-poc: public disclosure<https://github.com/pawlokk/mindmanager-poc>

Affected application: MindManager23_setup.exe

Platform: Windows

Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition)

Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team)

Proposed mitigation:...

Full Disclosure

CVE-2024-31705

Posted by V3locidad on Apr 14

CVE ID: CVE-2024-31705

Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface

Affected Product : GLPI - 10.X.X and last version

Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.

Affected Component : A remote code execution (RCE) vulnerability has been identified in the 'Shell...

Full Disclosure

SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14

SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: -
impact: medium
homepage: https://aws.amazon.com/glue/
found:...

Full Disclosure

[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability

Posted by Egidio Romano on Apr 10

------------------------------------------------------------------------------
Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

Version 4.7.16 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the...

Full Disclosure

[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability

Posted by Egidio Romano on Apr 10

--------------------------------------------------------------------
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
--------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

All versions from 4.4.0 to 4.7.15.

[-] Vulnerability Description:

The vulnerability is located in the
/applications/nexus/modules/front/store/store.php script....

Full Disclosure

Multiple Issues in concretecmsv9.2.7

Posted by Andrey Stoykov on Apr 10

# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7
# Date: 4/2024
# Exploit Author: Andrey Stoykov
# Version: 9.2.7
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Verbose Error Message - Stack Trace:

1. Directly browse to edit profile page
2. Error should come up with verbose stack trace

Verbose Error Message - SQL Error:

1. Page Settings > Design > Save Changes
2. Intercept HTTP POST request and place single...

Full Disclosure

OXAS-ADV-2024-0001: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Apr 10

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0001.html.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH...

Full Disclosure

Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)

Posted by malvuln on Apr 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Razy.abc
Vulnerability: Insecure Permissions (In memory IPC)
Family: Razy
Type: PE32
MD5: 0eb4a9089d3f7cf431d6547db3b9484d
SHA256: 3d82fee314e7febb8307ccf8a7396b6dd53c7d979a74aa56f3c4a6d0702fd098
Vuln ID: MVID-2024-0678...

Full Disclosure

CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0

Posted by Clément Cruchet on Apr 10

CVE ID: CVE-2023-27195

Description:
An access control issue in Trimble TM4Web v22.2.0 allows
unauthenticated attackers to access a specific crafted URL path to
retrieve the last registration access code and use this access code to
register a valid account. If the access code was used to create an
Administrator account, attackers are also able to register new
Administrator accounts with full rights and privileges.

Vulnerability Type: Broken...

Full Disclosure

CVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30929

Description:
A Cross-Site Scripting (XSS) vulnerability has been found in DerbyNet version 9.0, affecting the `playlist.php`
component. This issue allows remote attackers to execute arbitrary code by exploiting the `back` parameter. The
application does not properly sanitize the `back` parameter before it is rendered on the page, thereby allowing the
injection and execution of arbitrary JavaScript code.

Vulnerability...

Full Disclosure

CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30928

Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the
`ajax/query.slide.next.inc` file. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting the unvalidated `classids` parameter used in constructing SQL queries. This
parameter is not properly sanitized before being included in the SQL statement,...

Full Disclosure

CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30927

Description:
A Cross-Site Scripting (XSS) vulnerability is present in DerbyNet version 9.0, specifically within the
`racer-results.php` component. This issue allows remote attackers to execute arbitrary code through the improper
handling of the `racerid` parameter. The vulnerability is notably present within the HTML `<title>` tag, where the
`racerid` parameter value is dynamically inserted directly into the page...

Full Disclosure

CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30926

Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, affecting the
`./inc/kiosks.inc` component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the
`address_for_current_kiosk()` function. The issue stems from the improper sanitization of user-supplied input via the
URL parameters `id` and `address`, which are directly utilized without...

Full Disclosure

CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30925

Description:
A Cross-Site Scripting (XSS) vulnerability exists in DerbyNet version 9.0, specifically within the `photo-thumbs.php`
component. This issue enables a remote attacker to execute arbitrary code through the improper handling of the
`racerid` and `back` parameters. The vulnerability arises because the application dynamically generates URLs for
navigation without adequately sanitizing these parameters, thus...

Full Disclosure

CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30924

Description:
A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically within the
`checkin.php` component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling
of the `order` URL parameter. The flaw lies in the way the `order` parameter is embedded directly into a JavaScript
variable assignment without adequate sanitization or encoding,...

Full Disclosure

CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30923

Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the
`print/render/racer.inc` component. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting improper sanitization of the `where` clause in Racer Document Rendering.

Vulnerability Type: SQL Injection

Vendor of Product: DerbyNet - Available on...

Full Disclosure

CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30922

Description:
A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in
Award Document Rendering through the component `print/render/award.inc`. This vulnerability allows remote attackers to
execute arbitrary code and disclose sensitive information without requiring authentication.

Vulnerability Type: SQL Injection

Vendor of Product: DerbyNet -...

Full Disclosure

[CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024

Posted by Andrew Zayine on Apr 05

Dear Colleagues,

IEEE CSR Workshop on Cyber Forensics and Advanced Threat Investigations in
Emerging Technologies organizing committee is inviting you to submit your
research papers. The workshop will be held in Hybrid mode. The in-person
mode will held at Hilton London Tower Bridge, London from 2 to 4 September
2024

Topics include (but not limited to):
-Forensics and threat investigations in P2P, cloud/edge, SDN/NFV, VPN, and
social networks...

Full Disclosure

Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE

Posted by malvuln on Apr 05

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0e6e40aad3e8d46e3c0c26ccc6ab94b3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.ju (PSYRAT)
Vulnerability: Authentication Bypass RCE
Family: PSYRAT
Type: PE32
MD5: 0e6e40aad3e8d46e3c0c26ccc6ab94b3
Vuln ID: MVID-2024-0677
Disclosure: 04/01/2024

Description: The PsyRAT 0.01 malware listens on...

Full Disclosure

CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30921

Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically affecting the
photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without
requiring authentication.

Vulnerability Type: Cross-Site Scripting (XSS)

Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected...

Full Disclosure

CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30920

Description:
A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet v9.0, specifically within the
`render-document.php` component. This vulnerability allows a remote attacker to execute arbitrary code via crafted
URLs. The root cause of the vulnerability is the application's failure to properly sanitize user input in document
rendering paths, which permits the injection of malicious scripts....

Full Disclosure

SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning

Posted by Lennert Preuth via Fulldisclosure on Apr 05

Title
=====

SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in
Visual Planning

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2023-49234

Link
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-006/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-006.txt

Affected products/vendor
========================

All versions prior to Visual Planning 8...

Full Disclosure

SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning

Posted by Lennert Preuth via Fulldisclosure on Apr 05

Title
=====

SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset
Functionality in Visual Planning

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2023-49232

Link
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-004/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-004.txt

Affected products/vendor
========================

All versions prior to Visual...

Full Disclosure

SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API

Posted by Lennert Preuth via Fulldisclosure on Apr 05

Title
=====

SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2023-49231

Link
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-003/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-003.txt

Affected products/vendor
========================

All versions prior to Visual Planning 8 (Build 240207) by...

Full Disclosure

Microsoft PlayReady deficiencies / content key sniffing on Windows

Posted by Security Explorations on Apr 02

Hello All,

It's been 1.5 years since Microsoft got a notification about PlayReady issues
affecting Canal+ VOD service in Poland [1].

Per information received from Microsoft back then:
1) "to maintain the integrity of the PlayReady ecosystem, the company takes
reports such as (ours) very seriously" (Oct 7, 2022),
2) the STB manufacturer committed to mitigate the incident (Nov 18, 2022).

However, as of late Mar 2024, no change...

Full Disclosure

Intel PowerGadget 3.6 Local Privilege Escalation

Posted by Julian Horoszkiewicz via Fulldisclosure on Mar 28

Vulnerability summary: Local Privilege Escalation from regular user to SYSTEM, via conhost.exe hijacking triggered by
MSI installer in repair mode
Affected Products: Intel PowerGadget
Affected Versions: tested on PowerGadget_3.6.msi (a3834b2559c18e6797ba945d685bf174), file signed on ‎Monday, ‎February
‎1, ‎2021 9:43:20 PM (this seems to be the latest version), earlier versions might be affected as well.
Affected Platforms: Windows...

Full Disclosure

Application is Vulnerable to Session Fixation

Posted by YOGESH BHANDAGE on Mar 27

*Vulnerability Name - *Application is Vulnerable to Session Fixation

*Vulnerable URL: *www.fusionpbx.com

*Overview of the Vulnerability*
Session fixation is a security vulnerability that occurs when an attacker
sets or fixes a user's session identifier, manipulating the authentication
process. Typically exploited in web applications, this vulnerability allows
the attacker to force a user's session ID to a known value, granting...

Full Disclosure

APPLE-SA-03-25-2024-1 Safari 17.4.1

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-1 Safari 17.4.1

Safari 17.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214094.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebRTC
Available for: macOS Monterey and macOS Ventura
Impact: Processing an image may lead to arbitrary code execution...

Full Disclosure

APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1

macOS Sonoma 14.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214096.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: macOS Sonoma
Impact: Processing an image may lead to arbitrary code execution...

Full Disclosure

APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6

macOS Ventura 13.6.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214095.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: macOS Ventura
Impact: Processing an image may lead to arbitrary code execution...

Full Disclosure

APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1

iOS 17.4.1 and iPadOS 17.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214097.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad...

Full Disclosure

APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7

iOS 16.7.7 and iPadOS 16.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214098.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro...

Full Disclosure

APPLE-SA-03-25-2024-6 visionOS 1.1.1

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-6 visionOS 1.1.1

visionOS 1.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214093.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: Apple Vision Pro
Impact: Processing an image may lead to arbitrary code execution
Description: An...

Full Disclosure

Escape sequence injection in util-linux wall (CVE-2024-28085)

Posted by Skyler Ferrante (RIT Student) via Fulldisclosure on Mar 27

Wall-Escape (CVE-2024-28085)

Skyler Ferrante: Escape sequence injection in util-linux wall

=================================================================
Summary
=================================================================

The util-linux wall command does not filter escape sequences from
command line arguments. The vulnerable code was introduced in
commit cdd3cc7fa4 (2013). Every version since has been
vulnerable.

This allows...