BD Pyxis™ SupplyStation™ RF Auxiliary Security Vulnerabilities

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure Vulnerability

The Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality

...

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vulnerability

Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vulnerability

Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the...

[SECURITY] [DLA 3596-1] firmware-nonfree security update

Debian LTS Advisory DLA-3596-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost September 30, 2023 https://wiki.debian.org/LTS Package : firmware-nonfree Version :...

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I...

2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs

Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution due to IBM Java SDK (CVE-2022-40609)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE,...

Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

Title: Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass Advisory ID: ZSL-2023-5791 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release...

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution

Title: Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Advisory ID: ZSL-2023-5796 Type: Local/Remote Impact: Security Bypass, System Access, DoS Risk: (5/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of...

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Title: Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Advisory ID: ZSL-2023-5793 Type: Local/Remote Impact: Privilege Escalation, Manipulation of Data Risk: (4/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced...

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure

Title: Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure Advisory ID: ZSL-2023-5789 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information Risk: (5/5) Release Date: 30.09.2023 ...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality

Title: Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Advisory ID: ZSL-2023-5794 Type: Local/Remote Impact: Security Bypass, Privilege Escalation Risk: (4/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced...

Electrolink FM/DAB/TV Transmitter Remote Authentication Removal

Title: Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Advisory ID: ZSL-2023-5792 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release Date:...

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS

Title: Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Advisory ID: ZSL-2023-5795 Type: Local/Remote Impact: DoS Risk: (4/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure

Title: Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure Advisory ID: ZSL-2023-5790 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information Risk: (5/5) Release Date: 30.09.2023 ...

Rockwell Automation PanelView 800

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : binutils (SUSE-SU-2023:3825-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3825-1 advisory. An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data...

CVE-2023-20226

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to....

CVE-2023-20227

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could...

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact....

Metasploit Weekly Wrap-Up

Improved Ticket Forging Metasploit’s admin/kerberos/forge_ticket module has been updated to work with Server 2022. In Windows Server 2022, Microsoft started requiring additional new PAC elements to be present - the PAC requestor and PAC attributes. The newly forged tickets will have the necessary.....

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Workload Scheduler is vulnerable to an unspecified vulnerability.

Summary IBM® SDK Java™ Technology Edition is used by IBM Workload Scheduler. (CVE-2023-21830, CVE-2023-21843) Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a...

SUSE SLES12 Security Update : binutils (SUSE-SU-2023:3695-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3695-1 advisory. An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to...

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...

Rapid7 doubles down on a platform approach for Vulnerability Risk Management

This week, Rapid7 was named a Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q3 2023. The report, which included 11 vulnerability risk management vendors, represented Rapid7's inclusion in the Wave report for vulnerability management. We are proud to be recognized for our.....

DXE Driver Memory Leaks

Bulletin ID: AMD-SB-4007 Potential Impact:Data Leakage Severity:Medium Summary Potential memory leak vulnerabilities in AMD Driver Execution Environment (DXE) driver. CVE Details Refer to Glossary for explanation of terms CVE| Severity| Description ---|---|--- CVE-2023-20594| Medium| Improper...

Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a.....

Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a.....

(RHSA-2023:5244) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...

ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies

Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and....

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...

Ubuntu 16.04 ESM / 18.04 ESM : GNU binutils vulnerabilities (USN-6381-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6381-1 advisory. A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via...

Windows Gather Virtual Environment Detection

This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, QEMU, and...

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and.....

Metasploit Weekly Wrap-Up

Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...

Apache Superset Signed Cookie RCE

Apache Superset versions <= 2.0.0 utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. Th...

Exploit for CVE-2022-32862

%PDF-1.5 %���� 16 0 obj << /Length 972 /Filter...

Splunk "edit_user" Capability Privilege Escalation

A low-privileged user who holds a role that has the "edit_user" capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the "edit_user" capability does not honor the "grantableRoles" setting in the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION:.....

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities (CVE-2023-21939, CVE-2023-21967, CVE-2022-29117, XFID: 234366)

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF19 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.19.0 (CVE-2023-21939, CVE-2023-21967). The following 3rd party components...

LDAP Login Scanner

This module attempts to login to the LDAP...

Apache Superset Signed Cookie Priv Esc

Apache Superset versions <= 2.0.0 utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. Th...

2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery (SSRF). In this series we are taking an in-depth look at each category – the details, the...

Metasploit Weekly Wrap-Up

New module content (4) Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: #18286 contributed by cudalac Path: auxiliary/gather/roundcube_auth_file_read AttackerKB reference: CVE-2017-16651 Description: This PR adds a module to.....