CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.
Monthly Archives: November 2022
Panaseer Launches Guidance on Security Controls Ahead of EU’s New Legislation
The cybersecurity monitoring firm offers 18 recommendations on security controls to help organizations anticipate tougher cybersecurity regulations
Meta outlines US involvement in social media disinformation in new report
A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military.
“Coordinated inauthentic behavior” is Meta’s term for misinformation activity performed by groups of social media accounts on its platforms that target particular groups or demographics. CIB groups, the company said in a 2018 official blog post, are targeted for removal not because of the content that they share, but because of their deceptive nature.
CVE-2022-23740
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2021-35284
SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.
CVE-2009-1143
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
CVE-2009-1142
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.
Hive ransomware has extorted $100 million in 18 months, FBI warns
$100 million.
That’s the amount of money that the Hive ransomware is thought to have extorted from over 1300 companies around the world, according to a joint report from the FBI, CISA, and HHS.
Read more in my article on the Hot for Security blog.
CISA Updates Guidelines to Increase Resilience of Infrastructure Planning
They expand the framework’s scope by adding new resources and tools to support SLTT partners
CVE-2021-35246
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user’s network traffic could bypass the application’s use of SSL/TLS encryption and use the application as a platform for attacks against its users.