Where's My Perry Security Vulnerabilities

Friday Squid Blogging: Searching for the Colossal Squid

A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

CVE-2024-32730 Missing authorization check in SAP Enable Now Manager

SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the...

CentOS 9 : glibc-2.34-83.el9.3

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glibc-2.34-83.el9.3 build changelog. Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) (CVE-2023-4527) potential use-after-free in gaih_inet (RHEL-2438)...

A Bootiful Podcast: Daniel Garnier-Moiroux on Passkeys and Spring Security

Hi, Spring fans! In this installment, I talk to my friend and colleague Daniel Garnier-Moiroux about the amazing awesome implications of passkeys in a Spring Security...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

Important: glibc

Issue Overview: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable....

AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)

IBM SECURITY ADVISORY First Issued: Wed Apr 24 15:34:58 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/rpm_advisory2.asc Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)...

CVE-2024-32823

Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through...

CVE-2024-32823

Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through...

CVE-2024-32823 WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through...

Assessing the Y, and How, of the XZ Utils incident

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....

Exploit for Injection in Glpi-Project Glpi

CVE-2022-35914 PoC References ...

HTML attributes vs DOM properties

Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: <div>…</div> &lt;script&gt; const div = document.querySelector('div[foo=bar]'); console.log(div.getAttribute('foo')); // 'bar' ...

This Week in Spring - Tuesday, April 23rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! We've had a really busy, wonderful week, as always, so let's dive right into it! We want you! ...to submit a talk to SpringOne 2024, in sunny Las Vegas! Hurry, the CFP closes May 3rd! Spring Shell 3.1.11, 3.2.4, and 3.3.0-m1...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6747-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6747-1 advisory. There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory...

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...

USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award

This past Friday, April 19, the University of South Florida (USF) College of Engineering recognized individuals and organizations who have greatly impacted USF and beyond at its ninth annual Engineering Honors Awards at The Armature Works in Tampa. I had the honor of joining my colleagues,...

Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

Summary When using serveStatic with deno, it is possible to directory traverse where main.ts is located. My environment is configured as per this tutorial https://hono.dev/getting-started/deno PoC bash $ tree . ├── deno.json ├── deno.lock ├── main.ts ├── README.md └── static └── a.txt source...

Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

Summary When using serveStatic with deno, it is possible to directory traverse where main.ts is located. My environment is configured as per this tutorial https://hono.dev/getting-started/deno PoC bash $ tree . ├── deno.json ├── deno.lock ├── main.ts ├── README.md └── static └── a.txt source...

Theme My Login < 7.1.7 - Missing Authorization to Notice Dismissal

Description The Theme My Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tml_admin_ajax_dismiss_notice() function in all versions up to, and including, 7.1.6. This makes it possible for authenticated attackers, with...

LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction

Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file api_functions.php, line 307 for function list_devices ```php...

LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction

Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file api_functions.php, line 307 for function list_devices ```php...

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to...

[SECURITY] [DLA 3791-1] thunderbird security update

Debian LTS Advisory DLA-3791-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 22, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.10.1-1~deb10u1 CVE...

Debian: Security Advisory (DLA-3790-1)

The remote host is missing an update for the...

Friday Squid Blogging: Squid Trackers

A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

Hyperledger: Code exec on Github runner via Pull request name

Hi, I have discovered command injection vulnerability in one of your Github repos. Apologies for any inconvenience if this type of bug is not of interest to you. Allow me to explain the problem. GitHub Actions, a powerful tool for automating workflows, can inadvertently introduce security...

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities.....

[SECURITY] [DLA 3790-1] firefox-esr security update

Debian LTS Advisory DLA-3790-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 19, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.10.0esr-1~deb10u1 CVE...

Debian dla-3790 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...

Debian: Security Advisory (DSA-5663-1)

The remote host is missing an update for the...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

The Windows Registry Adventure #1: Introduction and research results

Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer...

The Windows Registry Adventure #2: A brief history of the feature

Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...

Should you share your location with your partner?

Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners—50% of people valued...

[SECURITY] [DSA 5663-1] firefox-esr security update

Debian Security Advisory DSA-5663-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-2609 CVE-2024-3302...

my-shishu.com Cross Site Scripting vulnerability OBB-3918593

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-32525

Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through...

CVE-2024-32525

Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through...

CVE-2024-32525 WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through...

GEO my WordPress < 4.2 - Cross-Site Request Forgery

Description The GEO my WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a...

Debian dsa-5663 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5663 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

This Week in Spring - April 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from beautiful Paris, France, ahead of the amazing Devoxx France event. I've come to almost all of these events over the years. It's hard to believe it's been more than a decade since the show was first...

Argo CD's API server does not enforce project sourceNamespaces

Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...

Argo CD's API server does not enforce project sourceNamespaces

Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...

Crickets from Chirp Systems in Smart Lock Key Leak

The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical.....

Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I.....

CVE-2024-32097

Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through...

CVE-2024-32097

Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through...