PT-2023-24730 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: An issue was discovered in SystemFirmwareManagementRuntimeDxe. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses...

CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

Exploit for SQL Injection in Progress Moveit_Cloud

MOVEit Exploit an exploit of POC for CVE-2023-34362 affe...

MAL-2023-1530 Malicious code in usaa-progress-indicator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bda554520601e00fc54bc5db28faf1d16fd41ea1d00cc51dc62e9a8b7e4eb1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in usaa-progress-indicator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bda554520601e00fc54bc5db28faf1d16fd41ea1d00cc51dc62e9a8b7e4eb1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in progress-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ef7c85d0514dd6025ca318ffb0b25040d4c1ef626b00125f13d43ea506d3299 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

CVE-2023-28864

Progress Chef Infra Server before 15.7 is affected by CVE-2023-28864. A local attacker can exploit a world-readable /var/opt/opscode/local-mode-cache/backup temporary backup path to access sensitive information, leading to disclosure of all indexed node data because OpenSearch credentials are exp...

CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

PT-2023-22015 · Progress · Progress Chef Infra Server

Name of the Vulnerable Software and Affected Versions: Progress Chef Infra Server versions prior to 15.7 Description: The issue allows a local attacker to access sensitive information by exploiting a world-readable temporary backup path at /var/opt/opscode/local-mode-cache/backup. This results in...

MOVEit Transfer fixes three new vulnerabilities

The Cybersecurity and Infrastructure Security Agency CISA has warned about three new vulnerabilities in Progress Software's MOVEit software. A cybercriminal could exploit some of these vulnerabilities to obtain sensitive information. In the advisory, CISA encouraged users to review Progress MOVEi...

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability,...

Progress MOVEit Transfer < 2020.1.11 / 2021.0 < 2021.0.9 / 2021.1 < 2021.1.7 / 2022.0 < 2022.0.7, 2022.1 < 2022.1.8 / 2023.0 < 2023.0.4 Multiple Vulnerabilities (July 2023)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is prior to 2020.1.11 / 2021.0 2021.0.9 / 2021.1 2021.1.7 / 2022.0 2022.0.7, 2022.1 2022.1.8 / 2023.0 2023.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in Progress...

Progress Software MOVEit Transfer UserProcessPassChangeRequest SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software MOVEit Transfer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the human.aspx endpoint. A crafted request can trigger execution of SQ...

Progress WhatsUp Gold < 23.0.0 XSS

According to its self-reported version number, the Progress WhatsUp Gold application installed on the remote host is prior to 23.0.0. It is, therefore, affected by a cross-site scripting vulnerability due to an SNMP-related application endpoint failing to adequately sanitize malicious input. This...

Progress Software WhatsUp Gold 跨站脚本漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold prior to version 23.0...

Progress OpenEdge 注入漏洞

Progress OpenEdge is an application. A security vulnerability exists in Progress OpenEdge LTS versions prior to 11.7.16, 12.x through 12.2.12, and 12.3.x through 12.6.x. The vulnerability stems from a URL injection attack that can be executed by a remote user to change identity or role membership...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of protective measures for SQL query structures, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the...

Understanding and Mitigating the MOVEit Incidents

Over the last several weeks, attackers have taken advantage of vulnerabilities in MOVEit, a popular file transfer application developed by Progress. Cyber attackers have successfully performed ransomware and exfiltrated data by uploading web shells into vulnerable MOVEit instances deployed...