Where's My Perry Security Vulnerabilities

Exploit for SQL Injection in Nagios Nagios Xi

CVE-2023-48084 Fixes broken syntax in the POC, primarily...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0976-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0976-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0925-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0925-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free ...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0926-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0926-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

Debian dsa-5645 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5645 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0975-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0975-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

Friday Squid Blogging: New Species of Squid Discovered

A new species of squid was discovered, along with about a hundred other species. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by.....

Skytrack - Planespotting And Aircraft OSINT Tool Made Using Python

About skytrack is a command-line based plane spotting and aircraft OSINT reconnaissance tool made using Python. It can gather aircraft information using various data sources, generate a PDF report for a specified aircraft, and convert between ICAO and Tail Number designations. Whether you are a...

Reflectionless Templates With Spring

A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native...

Win32.STOP.Ransomware (Smokeloader) MVID-2024-0676 Remote Code Execution

...

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.21 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request

Description The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible....

Debian: Security Advisory (DSA-5643-1)

The remote host is missing an update for the...

minaliC 2.0.0 - Denied of Service

...

[SECURITY] [DSA 5643-1] firefox-esr security update

Debian Security Advisory DSA-5643-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 21, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-5388 CVE-2024-0743...

“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

Whether you want to call them "catfishing," "pig butchering" or just good 'old-fashioned "social engineering," romance scams have been around forever. I was first introduced to them through the MTV show "Catfish," but recently they seem to be making headlines as the term "pig butchering" enters...

Public AI as an Alternative to Corporate AI

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. It's nothing I haven't said here before, but for anyone who hasn't read my longer essays on the topic, it's a shorter introduction. The increasingly centralized control of AI is an ominous sign. When...

The Not-so-True People-Search Network from China

It's not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it's not every day you run across a....

Debian dsa-5643 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5643 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

OpenNMS Horizon 31.0.7 Remote Command Execution

...

Exploit for Use After Free in Linux Linux Kernel

CVE-2024-1086 Universal local privilege escalation...

PortSwigger Web Security: [portswigger.net] Path Traversal al /cms/audioitems

Prelude. I wasn't going to report it, I thought it was your laboratory but after my first analysis this seems real. Description It's detected a path traversal as root user that allows to remote attackers see internal files as root. https://portswigger.net/cms/audioitems//etc/networks...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6703-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6703-1 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...

Hello, Java 22!

update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead. Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade for....

Token Exchange support in Spring Security 6.3.0-M3

I'm excited to share that the there will be support for the OAuth 2.0 Token Exchange Grant (RFC 8693) in Spring Security 6.3, which is available for preview now in the latest milestone (6.3.0-M3). This support provides the ability to use Token Exchange with OAuth2 Client. Similarly, server-side...

Gaining kernel code execution on an MTE-enabled Pixel 8

In this post, I'll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported to Arm on November 15, 2023 and was fixed in the Arm Mali driver version r47p0, which was released publicly on December 14, 2023. It was fixed in Android in the March security update. When exploited, this....

Friday Squid Blogging: Operation Squid

Operation Squid found 1.3 tons of cocaine hidden in frozen fish. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

CVE-2023-51369

Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through...

CVE-2023-51369

Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through...

CVE-2023-51369 WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through...

CVE-2024-25916

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through...

CVE-2024-25916

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through...

CVE-2024-25916 WordPress My Calendar plugin <= 3.4.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through...

Exploit for File Descriptor Leak in Linuxfoundation Runc

PoC of CVE-2024-21626 Read my full article for detailed...

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....

Not everything has to be a massive, global cyber attack

Some of my Webex rooms recently have been blowing up with memes about blaming Canada or wild speculation that a state-sponsored actor is carrying out some sort of major campaign. After a widespread outage of cellular service with AT&T and other carriers a few weeks ago, people were sure it was...

Rapid7’s Ciara Cullinan Recognized as Community Trailblazer in Belfast Awards Program

At the 2024 Women Who Code She Rocks Awards, Rapid7 Software Engineer II Ciara Cullinan was recognized with their ‘Community Trailblazer’ award. According to Women Who Code, “This award celebrates the efforts of someone who brings people together and creates genuine connections in our tech...

Navigating the perilous waters of conference invitations

TL:DR Being asked to speak at events is great …except when it looks like a scam or a phishing attempt This is walkthrough of my experience If you think it’s a scam, it probably is It's a typical Sunday evening, and as I'm gearing up for the week ahead and an interesting email lands in my inbox....

CVE-2024-26629

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws

The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V. Hyper-V is a hardware virtualization product that allows you to run multiple operating systems as virtual...

CVE-2024-26629

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

CVE-2024-26629

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

CVE-2024-26629

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

CVE-2024-26629 nfsd: fix RELEASE_LOCKOWNER

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

CVE-2024-26629 nfsd: fix RELEASE_LOCKOWNER

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

my-fitness.ucoz.ru Cross Site Scripting vulnerability OBB-3870471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

New Facebook photo rule hoax spreads

Some hoaxes on Facebook are years old, but like a cat with nine lives they keep coming back again and again. This is certainly the case with this most recent hoax. Fact-checking site Snopes is reporting on a hoax that concerns Meta's use of our photos, messages and other posts on Facebook. Users...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0857-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0857-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...