Monthly Archives: October 2023

Advisories

CVE-2015-10126

Read Time:21 Second

A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability.

Read More

News

Deepfake Election Interference in Slovokia

Read Time:48 Second

Well designed and well timed deepfake or two Slovokian politicians discussing how to rig the election:

Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was posted during a 48-hour moratorium ahead of the polls opening, during which media outlets and politicians are supposed to stay silent. That meant, under Slovakia’s election rules, the post was difficult to widely debunk. And, because the post was audio, it exploited a loophole in Meta’s manipulated-media policy, which dictates only faked videos—­where a person has been edited to say words they never said­—go against its rules.

I just wrote about this. Countries like Russia and China tend to test their attacks out on smaller countries before unleashing them on larger ones. Consider this a preview to their actions in the US next year.

Read More

Advisories

ZDI-23-1535: Microsoft Windows UMPDDrvStretchBltROP Use-After-Free Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-36804.

Read More

Advisories

SEC Consult SA-20231005 :: Open Redirect in SAP® BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)

Read Time:16 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Oct 05

SEC Consult Vulnerability Lab Security Advisory < 20231005-0 >
=======================================================================
title: Open Redirect in BSP Test Application it00
(Bypass for CVE-2020-6215 Patch)
product: SAP® Application Server ABAP and ABAP®
Platform (SAP_BASIS)
vulnerable version: see section “Vulnerable / tested versions”…

Read More

Advisories

APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3

Read Time:27 Second

Posted by Apple Product Security via Fulldisclosure on Oct 05

APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3

iOS 17.0.3 and iPadOS 17.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213961.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro…

Read More

Advisories

CVE-2023-4911: Local Privilege Escalation in the glibc’s ld.so

Read Time:11 Second

Posted by Qualys Security Advisory via Fulldisclosure on Oct 05

Qualys Security Advisory

Looney Tunables: Local Privilege Escalation in the glibc’s ld.so
(CVE-2023-4911)

========================================================================
Contents
========================================================================

Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline

========================================================================
Summary…

Read More