Friday Squid Blogging: Searching for the Colossal Squid
A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
7.3AI Score
CVE-2024-32730 Missing authorization check in SAP Enable Now Manager
SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the...
6.5CVSS
6.9AI Score
0.0004EPSS
CentOS 9 : glibc-2.34-83.el9.3
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glibc-2.34-83.el9.3 build changelog. Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) (CVE-2023-4527) potential use-after-free in gaih_inet (RHEL-2438)...
6.5CVSS
7.8AI Score
0.001EPSS
A Bootiful Podcast: Daniel Garnier-Moiroux on Passkeys and Spring Security
Hi, Spring fans! In this installment, I talk to my friend and colleague Daniel Garnier-Moiroux about the amazing awesome implications of passkeys in a Spring Security...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
Issue Overview: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable....
7.6AI Score
0.0005EPSS
AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)
IBM SECURITY ADVISORY First Issued: Wed Apr 24 15:34:58 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/rpm_advisory2.asc Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)...
7.3CVSS
9.4AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through...
5.3CVSS
5.6AI Score
0.0004EPSS
Assessing the Y, and How, of the XZ Utils incident
High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....
7.6AI Score
9.8CVSS
7.9AI Score
0.974EPSS
HTML attributes vs DOM properties
Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: <div>…</div> <script> const div = document.querySelector('div[foo=bar]'); console.log(div.getAttribute('foo')); // 'bar' ...
6.5AI Score
This Week in Spring - Tuesday, April 23rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! We've had a really busy, wonderful week, as always, so let's dive right into it! We want you! ...to submit a talk to SpringOne 2024, in sunny Las Vegas! Hurry, the CFP closes May 3rd! Spring Shell 3.1.11, 3.2.4, and 3.3.0-m1...
7.1AI Score
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6747-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6747-1 advisory. There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory...
7.8AI Score
0.0004EPSS
Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...
8.6AI Score
0.0004EPSS
USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award
This past Friday, April 19, the University of South Florida (USF) College of Engineering recognized individuals and organizations who have greatly impacted USF and beyond at its ninth annual Engineering Honors Awards at The Armature Works in Tampa. I had the honor of joining my colleagues,...
7.4AI Score
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Summary When using serveStatic with deno, it is possible to directory traverse where main.ts is located. My environment is configured as per this tutorial https://hono.dev/getting-started/deno PoC bash $ tree . ├── deno.json ├── deno.lock ├── main.ts ├── README.md └── static └── a.txt source...
5.3CVSS
5.3AI Score
0.0004EPSS
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Summary When using serveStatic with deno, it is possible to directory traverse where main.ts is located. My environment is configured as per this tutorial https://hono.dev/getting-started/deno PoC bash $ tree . ├── deno.json ├── deno.lock ├── main.ts ├── README.md └── static └── a.txt source...
5.3CVSS
5.2AI Score
0.0004EPSS
Theme My Login < 7.1.7 - Missing Authorization to Notice Dismissal
Description The Theme My Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tml_admin_ajax_dismiss_notice() function in all versions up to, and including, 7.1.6. This makes it possible for authenticated attackers, with...
4.3CVSS
4.4AI Score
0.0004EPSS
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file api_functions.php, line 307 for function list_devices ```php...
7.2CVSS
8.2AI Score
0.0004EPSS
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file api_functions.php, line 307 for function list_devices ```php...
7.2CVSS
8.2AI Score
0.0004EPSS
Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to...
7AI Score
[SECURITY] [DLA 3791-1] thunderbird security update
Debian LTS Advisory DLA-3791-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 22, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.10.1-1~deb10u1 CVE...
10AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Friday Squid Blogging: Squid Trackers
A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
7.2AI Score
Hyperledger: Code exec on Github runner via Pull request name
Hi, I have discovered command injection vulnerability in one of your Github repos. Apologies for any inconvenience if this type of bug is not of interest to you. Allow me to explain the problem. GitHub Actions, a powerful tool for automating workflows, can inadvertently introduce security...
7.5AI Score
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers
Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities.....
9.1CVSS
8.2AI Score
0.027EPSS
[SECURITY] [DLA 3790-1] firefox-esr security update
Debian LTS Advisory DLA-3790-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 19, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.10.0esr-1~deb10u1 CVE...
10AI Score
0.0004EPSS
Debian dla-3790 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.2AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
6.8AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8.4AI Score
EPSS
The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer...
7.8CVSS
8.3AI Score
0.049EPSS
The Windows Registry Adventure #2: A brief history of the feature
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...
6.3AI Score
Should you share your location with your partner?
Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners—50% of people valued...
6.9AI Score
[SECURITY] [DSA 5663-1] firefox-esr security update
Debian Security Advisory DSA-5663-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-2609 CVE-2024-3302...
6.9AI Score
0.0004EPSS
my-shishu.com Cross Site Scripting vulnerability OBB-3918593
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-32525 WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
GEO my WordPress < 4.2 - Cross-Site Request Forgery
Description The GEO my WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a...
5.4CVSS
6.5AI Score
0.0004EPSS
Debian dsa-5663 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5663 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.5AI Score
0.0004EPSS
This Week in Spring - April 16th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from beautiful Paris, France, ahead of the amazing Devoxx France event. I've come to almost all of these events over the years. It's hard to believe it's been more than a decade since the show was first...
7.2AI Score
Argo CD's API server does not enforce project sourceNamespaces
Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...
4.8CVSS
6.9AI Score
0.0004EPSS
Argo CD's API server does not enforce project sourceNamespaces
Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...
4.8CVSS
5AI Score
0.0004EPSS
Crickets from Chirp Systems in Smart Lock Key Leak
The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical.....
7AI Score
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I.....
6.7AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS