CyberDanube Security Research 20240109-0 | Multiple Vulnerabilities in JetNet Series
Posted by Thomas Weber via Fulldisclosure on Jan 14 CyberDanube Security Research 20240109-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Korenix JetNet Series vulnerable version| See "Vulnerable...
Re: cpio privilege escalation vulnerability via setuid files in cpio archive
Posted by Harry Sintonen via Fulldisclosure on Jan 14 Tar does set setuid bit, but tar is not vulnerable. This is not an attack. The...
Re: cpio privilege escalation vulnerability via setuid files in cpio archive
Posted by Harry Sintonen via Fulldisclosure on Jan 14 So does for example tar. The same rules that apply to tar also apply to cpio:...
Re: cpio privilege escalation vulnerability via setuid files in cpio archive
Posted by Georgi Guninski on Jan 14 Hi, thanks for the feedback :) Which version of tar is vulnerable to this attack? I am pretty...
Re: cpio privilege escalation vulnerability via setuid files in cpio archive
Posted by fulldisclosure on Jan 14 Am 08.01.24 um 10:25 schrieb Georgi Guninski: It's not a vulnerability, as a) cpio archives must archive that flag...
Re: [SBA-ADV-20220120-01] MOKOSmart MKGW1 Gateway Improper Session Management
Posted by SBA - Advisory via Fulldisclosure on Jan 14 MITRE assigned CVE-2023-51059 for this issue. Read More
ZDI-24-073: Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in...
ZDI-24-072: Synology RT6600ax Qualcomm LDB Service Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The...