Posted by Andrey Stoykov on Jul 16

# Exploit Title: WBCE – Stored XSS
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 1.6.1
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com

Steps to Exploit:

1. Login to application
2. Browse to following URI “http://host/wbce/admin/pages/intro.php"
3. Paste XSS payload “TEST”><img src=x onerror=alert(1)>”
4. Then browse to settings “Settings->General Settings->Enable…

Read More

Posted by Jens Timmerman on Jul 16

Hi,

I’ve been working with a lot of products I believe that are vulnerable
to a very similar exploit, and I was wondering how one should fix
this/protect against this attack?

I looked at
https://owasp.org/www-community/attacks/Session_hijacking_attack
<https://owasp.org/www-community/attacks/Session_hijacking_attack> but
the page linking to the related controls doesn’t seem to exist.

Read More

FEDORA-EPEL-2023-62c97d6572

Packages in this update:

zabbix50-5.0.36-1.el7

Update description:

Update to 5.0.36

Read More

FEDORA-2023-6cfe7492c1

Packages in this update:

aerc-0.15.2-1.fc38

Update description:

Update to 0.15.2

Read More

FEDORA-2023-aa7c75ed4a

Packages in this update:

aerc-0.15.2-1.fc37

Update description:

Update to 0.15.2

Read More

FEDORA-EPEL-2023-226639904e

Packages in this update:

netcdf-4.7.0-3.el8

Update description:

Add upstream patch to fix stack-read-overflow in ncindexlookup()

Read More

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

Read More

Riccardo Bonafede discovered that the Kanboard project management
software was susceptible to SQL injection.

Read More