Magento 1& 2 Security Vulnerabilities

CVE-2024-37247

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through...

CVE-2024-37247

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through...

CVE-2024-37248

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Anima allows Stored XSS.This issue affects Anima: from n/a through...

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack

On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal Threat...

CVE-2024-37247 WordPress jQuery T(-) Countdown Widget plugin <= 2.3.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through...

CVE-2024-37247 WordPress jQuery T(-) Countdown Widget plugin <= 2.3.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through...

CVE-2024-37248 WordPress Anima theme <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Anima allows Stored XSS.This issue affects Anima: from n/a through...

CVE-2024-37248 WordPress Anima theme <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Anima allows Stored XSS.This issue affects Anima: from n/a through...

CVE-2024-38527

ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the...

CVE-2024-38950

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy...

CVE-2024-38949

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at...

Takeaways From The Take Command Summit: Unprecedented Threat Landscape

The Rapid7 Take Command summit unveiled crucial findings from the 2024 Attack Intelligence Report, offering invaluable insights for cybersecurity professionals navigating today's complex threat landscape. Key takeaways from the 30 minute panel: Rise of Zero-Day Exploits: 53% of mass compromise...

sqlite3 vulnerability

USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled certain memory operations in the sessions extension. A remote attacker could possibly.....

Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common...

Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common...

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the....

Exposure of secrets through system log in Jenkins Structs Plugin

Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the....

Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin

When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content...

Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin

When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content...

Exposure of secrets through system log in Jenkins Structs Plugin

Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details ** CVEID: CVE-2022-25857 DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties

In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that I reported in March 2024 as bug 331383939. A similar bug, 331358160, was also reported and was assigned CVE-2024-3832. Both of these bugs were fixed in version 124.0.6367.60/.61....

Multiple vulnerabilities in TP-Link Omada system could lead to root access

The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN...

Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that...

XAES-256-GCM

About a year ago I wrote that "I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing." Well, there is now an XAES-256-GCM specification. (Had to give up on the /11 part, but that was just a performance optimization.) XAES-256-GCM is an...

[updated] Federal Reserve &#8220;breached&#8221; data may actually belong to Evolve Bank

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27983, CVE-2024-27980, CVE-2024-22329, CVE-2024-27982, CVE-2024-22354, CVE-2024-4068). Vulnerability Details ** CVEID: CVE-2024-27983 DESCRIPTION:...

Exploit for Path Traversal in Apache Http Server

CVE-2021-42013: Apache HTTP Server Path Traversal and Remote...

netplan.io vulnerabilities

Andreas Hasenack discovered that netplan incorrectly handled the permissions for netdev files containing wireguard configuration. An attacker could use this to obtain wireguard secret keys. It was discovered that netplan configuration could be manipulated into injecting arbitrary commands while...

SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure

The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated...

Argo CD Unauthenticated Access to sensitive setting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except...

ruby2.7, ruby3.0, ruby3.1 vulnerability

It was discovered that Ruby incorrectly handled the ungetbyte and ungetc methods. A remote attacker could use this issue to cause Ruby to crash, resulting in a denial of service, or possibly obtain sensitive...

wget vulnerability

It was discovered that Wget incorrectly handled semicolons in the userinfo subcomponent of a URI. A remote attacker could possibly trick a user into connecting to a different host than...

plasma-workspace vulnerability

Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this issue to gain access to another user's session manager and execute arbitrary...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2022-48554 DESCRIPTION: **File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the file_copystr...

CVE-2024-37098

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

CVE-2024-37098

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...