ZDI-24-230: Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-27337.

Read More

ZDI-24-232: Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-27334.

Read More

USN-6669-1: Thunderbird vulnerabilities

Read Time:1 Minute, 7 Second

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742,
CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0755, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550,
CVE-2024-1553)

Cornel Ionce discovered that Thunderbird did not properly manage memory when
opening the print preview dialog. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-0746)

Alfred Peters discovered that Thunderbird did not properly manage memory when
storing and re-accessing data on a networking channel. An attacker could
potentially exploit this issue to cause a denial of service. (CVE-2024-1546)

Johan Carlsson discovered that Thunderbird incorrectly handled Set-Cookie
response headers in multipart HTTP responses. An attacker could potentially
exploit this issue to inject arbitrary cookie values. (CVE-2024-1551)

Gary Kwong discovered that Thunderbird incorrectly generated codes on 32-bit
ARM devices, which could lead to unexpected numeric conversions or undefined
behaviour. An attacker could possibly use this issue to cause a denial of
service. (CVE-2024-1552)

Read More

SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02

SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >
=======================================================================
title: Local Privilege Escalation via DLL Hijacking
product: Qognify VMS Client Viewer
vulnerable version: >=7.1
fixed version: see solution
CVE number: CVE-2023-49114
impact: medium
homepage: https://www.qognify.com/

Read More

JetStream Smart Switch – TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318

Read Time:20 Second

Posted by Shaikh Shahnawaz on Mar 02

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Tp-Link (http://tp-link.com)

[Product]
JetStream Smart Switch – TL-SG2210P v5.0 Build 20211201

[Vulnerability Type]
Improper Access Control

[Affected Product Code Base]
JetStream Smart Switch – TL-SG2210P v5.0 Build 20211201

[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole

[CVE Reference]
CVE-2023-43318…

Read More

Multiple XSS Issues in boidcmsv2.0.1

Read Time:23 Second

Posted by Andrey Stoykov on Mar 02

# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1
# Date: 3/2024
# Exploit Author: Andrey Stoykov
# Version: 2.0.1
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

XSS via SVG File Upload

Steps to Reproduce:

1. Login with admin user
2. Visit “Media” page
3. Upload xss.svg
4. Click “View” and XSS payload will execute

// xss.svg contents

<?xml version=”1.0″ standalone=”no”?>…

Read More

XAMPP 5.6.40 – Error Based SQL Injection

Read Time:22 Second

Posted by Andrey Stoykov on Mar 02

# Exploit Title: XAMPP – Error Based SQL Injection
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 5.6.40
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Steps to Reproduce:

1. Login to phpmyadmin
2. Visit Export > New Template > test > Create
3. Navigate to “Existing Templates”
4. Select template “test” and click “Update”
5. Trap HTTP POST request
6. Place single quote to…

Read More

BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass

Read Time:20 Second

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.amt
Vulnerability: Authentication Bypass
Description: The malware can run an FTP server which listens on TCP port
2121. Third-party attackers who can reach infected systems can logon using
any username/password…

Read More