Metasploit Weekly Wrap-Up 08/02/2024

Metasploit goes to Hacker Summer Camp Next week, Metasploit will have demos at both Black Hat and DEF CON where the latest functionality from this year will be presented. The Black Hat demo will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on Saturday the 10th from 12:0...

Malicious code in moti-dep-con-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5bc71f5232122aed2afbe9d2cf3ba2af4b88c9daf47d5dd53be1010621e218c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7727 Malicious code in moti-dep-con-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5bc71f5232122aed2afbe9d2cf3ba2af4b88c9daf47d5dd53be1010621e218c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-2148 Malicious code in down_load_ebook_bridgerton_5_a_sir_phillip_con_amore_by_julia_quinn_mkmfh (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2127 Malicious code in down_load_ebook_al_suelo_enredos_con_la_ley_4_by_ruth_m_lerga_smplq (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2024-26751

In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiodlookuptable Without the terminator, if a conid is passed to gpiofind that does not exist in the lookup table the function will not stop looping correctly, and eventually cause an oops...

DEBIAN-CVE-2024-26751

In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiodlookuptable Without the terminator, if a conid is passed to gpiofind that does not exist in the lookup table the function will not stop looping correctly, and eventually cause an oops...

Ubuntu: Security Advisory (USN-6704-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

con-web.net Improper Access Control vulnerability OBB-3857943

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kernel: denial of service in tipc_conn_close

A data race flaw was found in the Linux kernel, between where con is allocated and con-sock is set. This issue leads to a NULL pointer dereference when accessing con-sock-sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel...

Fighting Cock Information System SQL Injection Vulnerability

Fighting Cock Information System is a chicken information system by chrisjelo individual developer. code-projects Fighting Cock Information System version 1.0 has a SQL injection vulnerability that originates from a SQL injection vulnerability in the file admin/pages/tables/addcon.php...

CVE-2023-6775

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/itemcon. The manipulation of the argument itemname leads to cross site scripting. It is possible to initiate the attack remotely. T...

congresoderefrigeracion.com Improper Access Control vulnerability OBB-3796178

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

con-well.ca Improper Access Control vulnerability OBB-3788979

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Recapping the top stories from Black Hat and DEF CON

Welcome to this weeks edition of the Threat Source newsletter. I had a significant amount of FOMO last week seeing everyone out in Vegas. I was happy to not get conference crud sickness, but it seems like I missed a great time otherwise. But, as anyone who works with me could guess, I was followi...

NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security

A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform WFP to achieve privilege escalation in the Windows operating system. "If an attacker has the ability to execute code with admin privilege and the target is to perform LSASS Shtinkering,...

lrzip 安全漏洞

lrzip is a compression utility program by the individual developer Con Kolivas. A security vulnerability exists in lrzip-next LZMA v23.01, which stems from the presence of an access conflict...

Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk

Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management DCIM platform and Dataprobe's iBoot Power Distribution Unit PDU could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in...

Metasploit Weekly Wrap-Up

Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter, this module gains access to the target,...

Previewing Talos at BlackHat 2023

Welcome to this weeks edition of the Threat Source newsletter. The time has come once again for all of us well, not me specifically but lots of other Talos people to descend on Las Vegas for Hacker Summer Camp. Cisco Talos will be well-represented at BlackHat and DEF CON over the course of the ne...