User Profile & Membership Security Vulnerabilities

RHEL 7 : kubernetes (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin (CVE-2017-1000056) In...

RHEL 5 : vim (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. vim: Integer overflow at an unserialize_uep memory allocation site (CVE-2017-6350) vim before patch...

RHEL 7 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. batik: XML external entity processing vulnerability (CVE-2017-5662) batik: information disclosure when...

RHEL 6 : exiv2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265) exiv2: Heap-based...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service (CVE-2024-25026)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s)| Version(s) ---|---...

CVE-2024-4383 Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2024-4383 Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....

Pipedream ICS malware toolkit is a nightmare

TL;DR Malware toolkit specifically designed for attacking ICS Modular and framework based Main features are enumeration, Modbus comms, and HTTP interactions Operational Technology (OT) network breaches are often due to connected Windows devices Off-network compromise assessments give a strategic...

CVE-2024-28889

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical...

CVE-2024-28889

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical...

CVE-2024-28889 BIG-IP SSL vulnerability

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical...

CVE-2024-28889 BIG-IP SSL vulnerability

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical...

State of ransomware in 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely –...

K11342432 : BIG-IP HTTP non-RFC-compliant security exposure

Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported.....

K000132430 : The BIG-IP system may fail to block HTTP Request Smuggling attacks

Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP.....

K000138912 : BIG-IP SSL vulnerability CVE-2024-28889

Security Advisory Description When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-28889) Impact Traffic.....

K000139037: TMM vulnerability CVE-2024-25560

Security Advisory Description When BIG-IP AFM is licensed and provisioned, and a DNS profile is applied to a virtual server, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-25560) Impact Traffic is disrupted while the TMM process restarts. This...

CVE-2024-4030

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

CVE-2024-4030

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

CVE-2024-4030

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

CVE-2024-4030

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

CVE-2024-0043

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2024-0022

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction.....

CVE-2024-0022

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction.....

CVE-2024-0043

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2024-0043

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2024-4030 tempfile.mkdtemp() may be readable and writeable by all users on Windows

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

CVE-2024-4030 tempfile.mkdtemp() may be readable and writeable by all users on Windows

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

PSF-2024-3

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

CVE-2024-0022

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction.....

CVE-2024-0022

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction.....

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera,...

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...

Exploit for CVE-2023-49606

[![Profile...

SUSE SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1509-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1509-1 advisory. A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing...

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.27 - Unauthenticated PHP Object Injection

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.0.26 via deserialization of untrusted input. This makes it possible for unauthenticated...

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.27 - Authenticated (Contributor+) PHP Object Injection

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.0.26 via deserialization of untrusted input. This makes it possible for authenticated...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

CVE-2024-4030

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-1 advisory. A user changing their email after signing up and verifying it can change it without verification in profile settings. The...

SUSE: Security Advisory (SUSE-SU-2024:1375-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0870-1)

The remote host is missing an update for...

SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1508-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1508-1 advisory. A user changing their email after signing up and verifying it can change it without verification in profile settings. The...

Exploit for CVE-2024-4439

[![Profile...

A week in security (April 29 &#8211; May 5)

Last week on Malwarebytes Labs: You get a passkey, you get a passkey, everyone should get a passkey Dropbox Sign customer data accessed in breach Watch out for tech support scams lurking in sponsored search results Psychotherapy practice hacker gets jail time after extorting patients, publishing...

Systemd Insecure PTY Handling

...

Exploit for CVE-2024-32709

CVE-2024-32709-Poc WP-Recall – Registration, Profile,...

HackerOne: Able to Create Testimonials for myself using Sandbox

Summary: Recently you allowed us to give testimonials for the sandbox reports which is Vulnerable and allows all the researcher to control their Testimonials for their benefit t. Description: When a report is closed as resolved we are given the option of "This hacker is eligible for a...