$0.99 Kindle Books Security Vulnerabilities

Improper Authorization in janeczku/calibre-web

Description With default settings, low-level users will not have permission to edit the sort order of books in private shelf of another user. However, due to incorrect checking, the application does not work as intended. # Proof of Concept - Step 1: Login with admin account and go to...

Red Cross begs attackers to “Do the right thing” after family reunion service compromised

Restoring Family Links is a program most commonly associated with The Red Cross. It’s been around since 1870, and aims to reunite lost family members, repatriate individuals, prevent folks from disappearing, and much more. You may have seen them in the news during times of disaster, war, and other....

Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web

Description There is a reflected XSS vulnerability on the site calibre-web. # Proof of Concept ``` 1. go to the calibre e-book management 2. create a new book give the title name 3. and give the title sort name 4. save and go to the website 5.go to Author 6.press one of the books 7. then right...

CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that.....

WordPress Core 5.8.2 SQL Injection

...

WordPress Core 5.8.2 - 'WP_Query' SQL Injection

...

WordPress Core 5.8.2 - (WP_Query) SQL Injection Vulnerability

...

Sophisticated phishing scheme spent years robbing authors of their unpublished work

Three years ago on Quora, someone asked what writers do to keep their manuscripts from being stolen. One of the top answers reads as follows: You’re joking, right? It’s hard enough to get people to read your novel once it’s out on Amazon, much less reading it before it’s finished…unless you’re...

Book page text, count, and author/title length is not limited in PocketMine-MP

Impact Players can fill book pages with as many characters as they like; the server does not check this. In addition, the maximum of 50 pages is also not enforced, meaning that players can create "book bombs". This causes a variety of problems: - Oversized NBT on the wire costing excess bandwidth.....

Book page text, count, and author/title length is not limited in PocketMine-MP

Impact Players can fill book pages with as many characters as they like; the server does not check this. In addition, the maximum of 50 pages is also not enforced, meaning that players can create "book bombs". This causes a variety of problems: - Oversized NBT on the wire costing excess bandwidth.....

Metasploit 2021 Annual Wrap-Up

As 2022 kicks off, we now have another year in the books. Like years past, 2021 brought some surprises and had its share of celebrity vulnerabilities and recurring trends. Let’s highlight some statistics! Quick stats 651 merged pull requests from 113 users 184 new modules 102 exploits, 45 post,...

vulnerability

Handle 0v3rf10w Vulnerability details In technical terms, Timeswap is an automated protocol based on the use of liquidity pools and implemented on the Ethereum blockchain. Users create liquidity pools with the participation of smart contracts. One pool is one marketplace providing exchange in a...

Improper Access Control in bookstackapp/bookstack

Description parentChapter permissions are not enforced during sort. Users with only book-update permissions on their own page can move their pages into restricted chapters via modifying the parentChapter id in the sortmap. Users do not need to have access to restricted books / chapter in order to.....

When a deepfake “empire” continues to grow

I’ve been quite vocal on the impact of deepfakes, in terms of where the most harm takes place. Back in 2019, we looked at malign interference campaigns. I took the line that, other than revenge porn, this was where deepfakes were likely to have the most influence. Although people keep talking...

Server-Side Request Forgery (SSRF) in janeczku/calibre-web

Title Blind SSRF via URL fetch Summary calibre-web allows external URL fetching in order to upload a book cover. However, instead of external URL it is possible to point to localhost, which will be reached resulting in blind SSRF. # Steps to reproduce 1. 1. As an admin give permissions to upload...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jPatcher A Java Agent based mitigation for Log4j2 JNDI...

Fedora: Security Advisory for mingw-speex (FEDORA-2021-91f16837bf)

The remote host is missing an update for...

Fedora: Security Advisory for mingw-speex (FEDORA-2021-73c086ef46)

The remote host is missing an update for...

Fedora: Security Advisory for remmina (FEDORA-2021-ac23d9e47f)

The remote host is missing an update for...

Fedora: Security Advisory for remmina (FEDORA-2021-5d227916bc)

The remote host is missing an update for...

[SECURITY] Fedora 35 Update: mingw-speex-1.2.0-9.fc35

Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates in the 2-45 kbps range. Possible applications include Voice over IP (VoIP), Internet audio streaming, audio books, and archiving of speech data (e.g. voice...

[SECURITY] Fedora 34 Update: mingw-speex-1.2.0-9.fc34

Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates in the 2-45 kbps range. Possible applications include Voice over IP (VoIP), Internet audio streaming, audio books, and archiving of speech data (e.g. voice...

[SECURITY] Fedora 33 Update: remmina-1.4.21-1.fc33

Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user...

[SECURITY] Fedora 34 Update: remmina-1.4.21-1.fc34

Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user...

[Security Nation] Chris John Riley on Minimum Viable Secure Product (MVSP)

In the final installment of Season 4 of Security Nation, Jen and Tod sit down with Chris John Riley, senior security engineer at Google and co-host of the First Impressions podcast (the one about cybersecurity, not Jane Austen). They chat about Minimum Viable Secure Product (MVSP), a set of...

Fedora: Security Advisory for remmina (FEDORA-2021-2c25f03d0b)

The remote host is missing an update for...

[SECURITY] Fedora 35 Update: remmina-1.4.21-1.fc35

Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user...

Book Sale: Click Here to Kill Everybody and Data and Goliath

For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath, both in paperback, for just $6 each plus shipping. I have 500 copies of each book available. When they're gone, the sale is over and the price will revert to normal. Order here and here. Please be.....

How to assess and improve the security culture of your business

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with _Cygenta Co-founder and Co-Chief.....

How to assess and improve the security culture of your business

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with _Cygenta Co-founder and Co-Chief.....

perl bug fix and enhancement update

An update is available for perl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

perl bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...

Robinhood Trading App Suffers Data Breach Exposing 7 Million Users' Information

Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor. The commission-free stock trading and investing platform said the incident...

Updated libcaca packages fix security vulnerability

A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. (CVE-2021-30498) A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other...

in bookstackapp/bookstack

Description During reading recent BookStack source code (31665410) I discovered no uploaded file type and size check. Authenticated user with attachment create role can upload any type file. One of possibilities is to upload phishing page and get administrators credentials. Proof of Concept ```...

NewStart CGSL MAIN 6.02 : perl Multiple Vulnerabilities (NS-SA-2021-0134)

The remote NewStart CGSL host, running version MAIN 6.02, has perl packages installed that are affected by multiple vulnerabilities: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow....

NewStart CGSL MAIN 6.02 : perl Vulnerability (NS-SA-2021-0127)

The remote NewStart CGSL host, running version MAIN 6.02, has perl packages installed that are affected by a vulnerability: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVE-2020-12723) Note that Nessus...

How social media mistakes can impact cybersecurity

We talked to members of our Malware Removal Support team and asked them what kind of problems they get asked to solve for our customers. To understand why they get to handle these questions, it is also necessary to know that the Malwarebytes software is unable to resolve the problems users are...

libmobi Buffer Overflow Vulnerability (CNVD-2022-18219)

Libmobi is a C library used to process Mobipocket/Kindle (MOBI) e-book format documents. It is used to handle Mobipocket/Kindle (MOBI) e-book format documents. libmobi suffers from a buffer overflow vulnerability, which stems from libmobi's vulnerability to out-of-range pointer offsets, and can be....

Libmobi Out-of-Bounds Read Vulnerability

Libmobi is a C library for handling Mobipocket/Kindle (MOBI) e-book format documents. It is used to handle Mobipocket/Kindle (MOBI) e-book format documents. Libmobi suffers from an out-of-bounds read vulnerability, which stems from the fact that programs are vulnerable to using out-of-range...

Ubuntu: Security Advisory (USN-5119-1)

The remote host is missing an update for...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : libcaca vulnerabilities (USN-5119-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5119-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory...

libcaca vulnerabilities

Releases Ubuntu 21.10 Ubuntu 21.04 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages libcaca - text mode graphics utilities Details It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a crash....

Textbook Rental Scam

Here's a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned...

Libmobi Buffer Overflow Vulnerability

Libmobi is a C library for handling Mobipocket/Kindle (MOBI) e-book format documents. It is used to process Mobipocket/Kindle (MOBI) e-book format documents. libmobi is vulnerable to a buffer overflow vulnerability that could be exploited to read memory information beyond the size of the...

Guide: How to Hack API in 60 minutes or API Threats Simulation with Open-Source Tools

What is API? API is the abbreviation for Application Programming Interface, which is a product middle person that permits two applications to converse with one another. Useful link: Api security tutorial for beginners and professionals What Is API Testing: Benefits, Types, How To Start ‍OpenAPI...

Libmobi Out-of-Bounds Writing Vulnerability

Libmobi is a C library. It is used to process Mobipocket/Kindle (MOBI) e-book format documents. Libmobi is vulnerable to an out-of-bounds write vulnerability, which can be exploited by attackers to remotely execute...

CVE-2021-41974

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without...

CVE-2021-41974

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without...

Design/Logic Flaw

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without...