$0.99 Kindle Books Security Vulnerabilities

Making better cybersecurity training: Q&A with Malwarebytes expert Kelsey Prichard

If you hadn’t noticed by now, we are in the first week of National Cybersecurity Awareness Month, which, according to the Cybersecurity Infrastructure and Security Agency in the United States, means that we should all consider how people, organizations, and businesses can “be cyber smart” this...

in bookstackapp/bookstack

Description Bookstack does not use secure Cache-Control headers. # Proof of Concept 1: Login to application 2: View a shelf 3: Logout 4: Press the back button of the opened tab to still see that you can view the information about books previous page of your shelf. Impact This issue is capable of...

CVE-2021-41974 Tad Book3 - Improper Authorization

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without...

Neiman Marcus data breach affects millions

Millions of Neiman Marcus customers have had their personal and financial information exposed in a data breach. In a press release the company confirmed unauthorized access to customer online accounts. According to the press release 4.6 million customers of Neiman Marcus Group stores, specifically....

Vault.balanceOfThis values all tokens equally

Handle cmichel Vulnerability details The Vault.balanceOfThis function values all tokens equally. They are normalized to 18 decimals and then simply added up: for (uint8 i; i < _tokens.length; i++) { address _token = _tokens[i]; // adds up different tokens here, treating them as exactly...

EFB Tampering. Approach and Landing Performance Part 1

Approach and Landing Performance Part 1: Introduction and Landing Distance Calculations Click here for part 2 TL;DR Approach and landing performance applications perform calculations to provide critical performance data to pilots (e.g. speed / flap settings on approach) Modifying any one of these.....

Designing Contact-Tracing Apps

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the...

CVE-2021-30355

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to...

CVE-2021-30355

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to...

Design/Logic Flaw

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to...

CVE-2021-30354

Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF...

CVE-2021-30354

Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF...

Integer overflow

Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF...

CVE-2021-30355

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to...

CVE-2021-30354

Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF...

Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

✍️ Description There is svg tag filtration problem in "book page" egit leading to stored XSS. SVG images can be used on book pages, but there is not server side attribute filtration implemented for it. # 🕵️‍♂️ Proof of Concept There is filter for href attribute, but inside SVG xlink:href used....

Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

✍️ Description There is html tag filtration problem in "book page" egit leading to stored XSS. By design "bad" tags and attributes stripped on client side when editing page(obvious bypass by editing request intercepted via burp) and on server side addition filter applied, however this filter can...

CVE-2021-40330

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1...

MEAT - This Toolkit Aims To Help Forensicators Perform Different Kinds Of Acquisitions On iOS Devices

M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices (and Android in the future). Requirements to run from source Windows or Linux Python 3.7.4 or...

What is Eavesdropping Attack❓ Definition, Types and Prevention

Eavesdropping can be defined as the demonstration of quietly catching a discussion among arbitrary outsiders; (albeit discourteous), what mischief might it actually do? All things considered, very little in case somebody is simply honestly paying attention to a discussion that intrigues them....

Dorkify - Perform Google Dork Search

Perform Google Dork search with Dorkify Google Dorking Google dorking is a hacker technique that uses Google Search to find security holes in the configuration and computer code that websites use. Google Dorking involves using advanced operators in the Google search engine to locate specific...

Improper Assets Management☝️ — What you need to know

Improper Assets Management☝️ — What you need to know Introduction API9:2019 Improper Assets Management What is Improper Assets Management? We should always wonder for every API if all the current endpoint should even be available and if we maybe can’t do with only allowing the API to communicate...

vam.ac.uk Cross Site Scripting vulnerability OBB-2123048

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| vam.ac.uk ---|--- Open Bug Bounty...

CVE-2021-24548

The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings...

CVE-2021-24548

The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings...

Cross site scripting

The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings...

CVE-2021-24548 Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)

The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings...

Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

✍️ Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. # 🕵️‍♂️ Proof of Concept Updating page with malicious.....

perl bug fix and enhancement update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Bug Fix(es) and Enhancement(s): [perl-net-ping] wrong return value on failing DNS name lookup...

perl bug fix and enhancement update

An update is available for perl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Perl is a high-level programming language that is commonly used for system...

Amazon Kindle Vulnerable to Malicious EBooks

A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed...

New Amazon Kindle Bug Could've Let Attackers Hijack Your eBook Reader

Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book. "By sending Kindle users a...

Amazon will pay you $10 for your palm prints. Should you be worried?

Retail giant Amazon recently offered to pay $10 USD for your palm prints. Would you offer them your hand? Many seem to home in and seethe over the price being too little for something as priceless and unique as their palm print, not realizing that when it does come to registering biometric data in....

Phishing Campaign Dangles SharePoint File-Shares

Attackers are using spoofed sender addresses and Microsoft SharePoint lures in a new phishing campaign that is “sneakier than usual” and can slip through the usual security protections in its aim to fool people into giving up their credentials, Microsoft researchers discovered. Microsoft Security.....

I Am Parting With My Crypto Library

The time has come for me to find a new home for my (paper) cryptography library. It's about 150 linear feet of books, conference proceedings, journals, and monographs -- mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a...

Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers

An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on...

Machine Learning Testing for Data Scientists

In one software development project after another, it has been proven that testing saves time. Does this hold true for machine learning projects? Should data scientists write tests? Will it make their work better and/or faster? We believe the answer is YES! In this post we describe a full...

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

✍️ Description An attacker can make a user change his profile settings by CSRF vulnerability through PoC file. There is no CSRF token. 🕵️‍♂️ Proof of Concept For example, changing the email address from "[email protected]" to "[email protected]" (test1's profile). Make the user open a link with this...

[Security Nation] Brian Honan on creating Ireland's first CERT

In this episode of Security Nation, we’re joined by Brian Honan of BH Consulting. Jen and Tod chat with Brian about his experience as a founder of Ireland's first CERT, the continuing scourge of ransomware, and cyber warranties. They also go beyond all of the recent salacious breach headlines,...

RHEL 8 : perl (RHSA-2021:2792)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2792 advisory. perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543) perl: corruption of intermediate language...

(RHSA-2021:2792) Moderate: perl security and bug fix update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543) perl: corruption of intermediate language state of compiled...

WordPress Mimetic Books 0.2.13 Plugin - (Default Publisher ID field) XSS Vulnerability

...

Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings...

WordPress Mimetic Books 0.2.13 Cross Site Scripting

...

WordPress Plugin Mimetic Books 0.2.13 - &#039;Default Publisher ID field&#039; Stored Cross-Site Scripting (XSS)

...

Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page. PoC 1. Install WordPress 5.7.2 2. Install and activate Mimetic Books 3. Navigate to Settings &gt;&gt; Mimetic Books API and enter the XSS payload into the....

WordPress Mimetic Books plugin <= 0.2.13 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability discovered by Vikas Srivastava in WordPress Mimetic Books plugin (versions &lt;= 0.2.13). Solution This plugin has been closed as of July 19, 2021 and is not available for download. This closure is temporary, pending a full...

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2021:2003-1)

The remote host is missing an update for...

Security update for MozillaThunderbird (important)

An update that fixes two vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.11 (bsc#1186696) Security issues fixed: CVE-2021-29964: Out of bounds-read when parsing a WM_COPYDATA message CVE-2021-29967: Memory safety.....

jSonar to Begin a New Chapter in Collaboration

A message from JSonar co-founder and CTO, Ron Bennatan. My wife complains that I’m a boring person. I’ve been doing the same thing for 25 years now – databases, then security, then database security, then data security and then some data lake security. But by that account Tom Brady is a boring...