xen-4.16.4-4.fc37
arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320]
(#2228238)
bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593]
x86/AMD: Zenbleed [XSA-433, CVE-2023-20593]
xen-4.17.1-9.fc38
arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320]
(#2228238)
bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593]
x86/AMD: Zenbleed [XSA-433]
omit OCaml 5 patch on fc38
Posted by Stefan Pietsch on Aug 01
# Trovent Security Advisory 2303-01 #
#####################################
Authenticated remote code execution in Eramba
#############################################
Overview
########
Advisory ID: TRSA-2303-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2303-01
Affected product: Eramba
Affected version: 3.19.1 (Enterprise and Community edition)
Vendor: Eramba Limited,…
Posted by Rick Verdoes via Fulldisclosure on Aug 01
=========================
Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)
Product: Gaia Portal
Vendor: Checkpoint
Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198
Tested Version: R81.10 (take 335)
Advisory Publication: July 27, 2023
Latest Update: July 72, 2023
Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]
CVE…
Posted by Patel, Nirav on Aug 01
Severity: High
Description:
An identified security flaw is present in EmpowerID versions V7.205.0.0 and prior versions, causing the system to
mistakenly send Multi-Factor Authentication (MFA) codes to unintended email addresses. To exploit this vulnerability,
an attacker would need to have access to valid and breached login details, including a username and password.
This vulnerability’s root cause lies in insufficient verification of…
Posted by Andrey Stoykov on Aug 01
Just putting this for the new starters.
It is in two languages, Bulgarian and English.
https://drive.google.com/file/d/1mzYeratoSV82Oxaj_dYvu4fg7vSBuhE1/view
https://drive.google.com/file/d/1b8obLloMnmQGI1gqAablzuTyKOFBRZjb/view
Has basic configuration for Burpsuite Proxy, including basic exploitation
of XSS, SQLi, CSRF and Open redirect.
Has brief theory explanation prior to showing how to exploit each flaw.
Kind Regards,
Andrey Stoykov
Posted by Andrey Stoykov on Aug 01
# Exploit Title:
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 3.2
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com
XSS #1:
File: roles.edit.post.php
Line #57:
[…]
<div class=”field-wrap <?php echo $Form->error(‘roleTitle’, false);?>”>
<?php echo $Form->label(‘roleTitle’, ‘Title’); ?>
<div class=”form-entry”>…
Posted by info () vulnerability-lab com on Aug 01
Document Title:
===============
ETSI WEBstore 2023 – Persistent Cross Site Scripting Web Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2327
Release Date:
=============
2023-07-26
Vulnerability Laboratory ID (VL-ID):
====================================
2327
Common Vulnerability Scoring System:
====================================
4.6
Vulnerability Class:
====================…
Cado Security said the malware acts as a botnet and is compatibille with both Windows and Linux
The printers retained various information after re-initialization, including SSIDs and passwords
