Where's My Perry Security Vulnerabilities

WordPress Hide My WP < 6.2.9 - Unauthenticated SQL injection Vulnerability

...

WordPress Hide My WP SQL Injection

...

Bootiful Spring Boot in 2024 (part 1)

NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion.....

CVE-2024-26608

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"), my local fuzzer finds another global out-of-bounds read for policy...

Hide My WP &lt; 6.2.9 - Unauthenticated SQLi

...

Exploit for CVE-2024-27697

FuguHub 8.4 Authenticated RCE Fuguhub is a Cloud Media...

Friday Squid Blogging: New Plant Looks Like a Squid

Newly discovered plant looks like a squid. And it's super weird: The plant, which grows to 3 centimetres tall and 2 centimetres wide, emerges to the surface for as little as a week each year. It belongs to a group of plants known as fairy lanterns and has been given the scientific name...

JWX vulnerable to a denial of service attack using compressed JWE message

Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory....

JWX vulnerable to a denial of service attack using compressed JWE message

Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory....

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Thu Mar 7 15:16:48 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_feb2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...

The 3 most common post-compromise tactics on network infrastructure

We've been discussing networking devices quite a lot recently and how Advanced Persistent Threat actors (APTs) are using highly sophisticated tactics to target aging infrastructure for espionage purposes. Some of these attacks are also likely prepositioning the APTs for future disruptive or...

WinFiHack - A Windows Wifi Brute Forcing Utility Which Is An Extremely Old Method But Still Works Without The Requirement Of External Dependencies

WinFiHack is a recreational attempt by me to rewrite my previous project Brute-Hacking-Framework's main wifi hacking script that uses netsh and native Windows scripts to create a wifi bruteforcer. This is in no way a fast script nor a superior way of doing the same hack but it needs no external...

My Calendar < 3.4.24 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin) PoC 1. Use any type of role (as long as you permit it the action to Add Events). 2......

About the security content of macOS Sonoma 14.4

About the security content of macOS Sonoma 14.4 This document describes the security content of macOS Sonoma 14.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

About the security content of watchOS 10.4

About the security content of watchOS 10.4 This document describes the security content of watchOS 10.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

My Calendar < 3.4.24 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the...

macOS 13.x < 13.6.5 Multiple Vulnerabilities (HT214085)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.5. It is, therefore, affected by multiple vulnerabilities: A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may...

macOS 14.x < 14.4 Multiple Vulnerabilities (HT214084)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.4. It is, therefore, affected by multiple vulnerabilities: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS...

About the security content of macOS Ventura 13.6.5

About the security content of macOS Ventura 13.6.5 This document describes the security content of macOS Ventura 13.6.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

CVE-2023-52589

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762 - 0day Exploit 0day for FortiOS 6.0-7.4.2....

AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)

IBM SECURITY ADVISORY First Issued: Wed Mar 6 15:05:06 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory4.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...

CVE-2023-52589

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

CVE-2023-52589

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

CVE-2023-52589

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

CVE-2023-52589 media: rkisp1: Fix IRQ disable race issue

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

CVE-2023-52589 media: rkisp1: Fix IRQ disable race issue

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3qx3-6hxr-j2ch. This link is maintained to preserve external references. Original Description Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the...

CVE-2024-25817

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects...

CVE-2024-25817

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects...

Buffer overflow

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects...

Function Calling in Java and Spring AI using the latest Mistral AI API

UPDATE: As of March 13, 2024, Mistral AI has integrated support for parallel function calling into their large model, a feature that was absent at the time of this blog's initial publication. Mistral AI, a leading developer of open-source large language models, unveiled the addition of Function...

CVE-2024-25817

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. Notes Author| Note ---|--- | Priority reason: Likely not affected due to not vendoring libgit2. sbeattie | likely due to an...

CVE-2023-52589

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

Firefox regressions

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details USN-6649-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a...

Ubuntu 20.04 LTS : Firefox regressions (USN-6649-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6649-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let's start with my open...

`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...

`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...

7 Rapid Questions with #77 Ray Bourque

We couldn’t pass up the opportunity to bring Boston Bruins legend Ray Bourque into the herd as we continue to expand our Bruins jersey sponsorship. Ray is an absolute hero to Bruins fans everywhere. He has cemented his status in the annals of Boston sports history through 21 seasons in the black...

Internet Bug Bounty: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()

TL;DR CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words() Details: django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a...

CVE-2024-25817

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects...

About the security content of iOS 17.4 and iPadOS 17.4

About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Coder's OIDC authentication allows email with partially matching domain to register

Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODER_OIDC_EMAIL_DOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider (such as...

Coder's OIDC authentication allows email with partially matching domain to register

Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODER_OIDC_EMAIL_DOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider (such as...

Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music

"Gotta Fly Now" is more closely associated with corporate hype videos or conferences with thousands of attendees in a mid-market city's convention center than it is from its origins in the "Rocky" movies. But Heather Couk thinks it's useful in incident response calls, too. Couk, an incident...

[SECURITY] [DLA 3748-1] thunderbird security update

Debian LTS Advisory DLA-3748-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.8.0-1~deb10u1 CVE...

[SECURITY] [DLA 3747-1] firefox-esr security update

Debian LTS Advisory DLA-3747-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.8.0esr-1~deb10u1 CVE...

Debian dla-3747 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...