CVE-2024-31453 PsiTransfer vulnerable to violation of the integrity of file distribution

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability...

CVE-2024-31453

PsiTransfer is affected by two CVEs: CVE-2024-31453 and CVE-2024-31454, both prior to version 2.2.0. The issue in CVE-2024-31453 arises from lack of endpoint restrictions that let an attacker push arbitrary files into a file distribution bucket, enabling manipulation of the distribution and poten...

PsiTransfer 安全漏洞

PsiTransfer is a simple open source hosted file sharing solution from the individual developer Christoph Wiechert. A security vulnerability exists in PsiTransfer versions prior to 2.2.0, which stems from an unrestricted endpoint that allows an attacker who receives a file distribution ID to alter...

Microsoft OLE DB Provider for SQL Server 安全漏洞

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation USA that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. An attacker could exploit the vulnerability to remotely execute cod...

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs...

PsiTransfer: File integrity violation

Summary The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. Details Vulnerable endpoint: PATCH /files/id PoC 1. Create a file distribution. 2. Go to the...

GHSA-2P2X-P7WJ-J5H2 PsiTransfer: File integrity violation

Summary The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. Details Vulnerable endpoint: PATCH /files/id PoC 1. Create a file distribution. 2. Go to the...

PsiTransfer: Violation of the integrity of file distribution

Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. Details Vulnerable endpoint: POST /files PoC 1. Create a file distribution. 2. Go to the link address ...

GHSA-XG8V-M2MH-45M6 PsiTransfer: Violation of the integrity of file distribution

Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. Details Vulnerable endpoint: POST /files PoC 1. Create a file distribution. 2. Go to the link address ...

PT-2024-24088 · Unknown · Psitransfer

Name of the Vulnerable Software and Affected Versions: PsiTransfer versions prior to 2.2.0 Description: The issue arises from the absence of restrictions on the PATCH /files/id endpoint, which is designed for uploading files. This allows an attacker who has received the id of a file distribution ...

PT-2024-24087

Name of the Vulnerable Software and Affected Versions PsiTransfer versions prior to 2.2.0 Description The issue arises from the absence of restrictions on the "POST /files" endpoint, which allows users to create a path for uploading a file in a file distribution. This enables an attacker to add...

Bing ad for NordVPN leads to SecTopRAT

Most of the malicious search ads we have seen have originated from Google, but threat actors are also abusing other search engines. Microsoft Bing is probably the second best target due to its close ties to the Windows ecosystem and Edge browser. In this blog post, we look at a very recent...

JetBrains TeamCity Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, relates to the distribution of resources without any restrictions or controls. This allows a malicious actor to trigger service failures.

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, is related to an experimental exploit that allows containers to become unlimited in size. Exploiting this vulnerability could enable a...

com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +5 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=3.0.0 <=3.0.3)

org.apache.pulsar:pulsar-broker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...

org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.3), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.1.0 <=3.1.3) +2 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.3)

org.apache.pulsar:pulsar-broker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.3 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.11.0 <=2.11.4) +3 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.4)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.4 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...

SuperSize Me

SuperSize Me By Floser Bacurio Jr., Bernadette Canubas, Michaelo Oliveros · April 02, 2024 Introduction Cyber attackers are always finding new ways to outsmart security systems and distribute malware effectively. We discovered an interesting detection evasion technique of delivering archive files...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094-detect XZ Utils Vulnerability Check and Downg...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094-info - CVE-2024-3094 PoC Exploration https://gi...