Posted by Thomas Weber via Fulldisclosure on Jun 09
CyberDanube Security Research 20240604-0
——————————————————————————-
title| Multiple Vulnerabilities
product| SEH utnserver Pro/ProMAX / INU-100
vulnerable version| 20.1.22
fixed version| 20.1.28
CVE number| CVE-2024-5420, CVE-2024-5421, CVE-2024-5422
impact| High
homepage| https://www.seh-technology.com/…
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09
SEC Consult Vulnerability Lab Security Advisory < 20240606-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Kiuwan SAST on-premise (KOP) & cloud/SaaS
Kiuwan Local Analyzer (KLA)
vulnerable version: Kiuwan SAST <2.8.2402.3
Kiuwan Local Analyzer <master.1808.p685.q13371…
Posted by Andrey Stoykov on Jun 09
# Exploit Title: FengOffice – Blind SQL Injection
# Date: 06/2024
# Exploit Author: Andrey Stoykov
# Version: 3.11.1.2
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html
Steps to Reproduce:
1. Login to application
2. Click on “Workspaces”
3. Copy full URL
4. Paste the HTTP GET request into text file
5. Set the injection point to be in the “dim” parameter…
Posted by malvuln on Jun 09
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln
Threat: Trojan.Win32.DarkGateLoader (multi variants)
Vulnerability: Arbitrary Code Execution
Description: Multiple variants of this malware look for and execute
x32-bit “urlmon.dll” PE file in its current directory. Therefore, we
can…
Posted by InfoSec-DB via Fulldisclosure on Jun 09
Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)
Google Dork: inurl:”Powered by Boelter Blue”
Date: 2024-06-04
Exploit Author: CBKB (DeadlyData, R4d1x)
Vendor Homepage: https://www.boelterblue.com
Software Link: https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US
Version: 1.3
Tested on: Linux Debian 9 (stretch), Apache 2.4.25, MySQL >= 5.0.12
CVE:…
galera-26.4.18-1.fc39
mariadb-10.5.25-1.fc39
MariaDB 10.5.25 & Galera 26.4.18
Release notes:
This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly.
SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geographers, neuroscientists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.
Our goal is always to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to six to eight minutes, with the rest of the time for open discussion. Short talks limit presenters’ ability to get into the boring details of their work, and the interdisciplinary audience discourages jargon.
Since the beginning, this workshop has been the most intellectually stimulating two days of my professional year. It influences my thinking in different and sometimes surprising ways—and has resulted in some new friendships and unexpected collaborations. This is why some of us have been coming back every year for over a decade.
This year’s schedule is here. This page lists the participants and includes links to some of their work. Kami Vaniea liveblogged both days.
Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, eleventh, twelfth, thirteenth, fourteenth, fifteenth and sixteenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio/video recordings of the sessions. Ross maintained a good webpage of psychology and security resources—it’s still up for now.
Next year we will be in Cambridge, UK, hosted by Frank Stajano.
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)
It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
It was discovered that the MediaTek SoC Gigabit Ethernet driver in the
Linux kernel contained a race condition when stopping the device. A local
attacker could possibly use this to cause a denial of service (device
unavailability). (CVE-2024-27432)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– PowerPC architecture;
– x86 architecture;
– Block layer subsystem;
– ACPI drivers;
– Bluetooth drivers;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Cryptographic API;
– DPLL subsystem;
– ARM SCMI message protocol;
– EFI core;
– GPU drivers;
– InfiniBand drivers;
– IOMMU subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– MMC subsystem;
– Network drivers;
– NTB driver;
– NVME drivers;
– PCI subsystem;
– Powercap sysfs driver;
– SCSI drivers;
– Freescale SoC drivers;
– SPI subsystem;
– Media staging drivers;
– Thermal drivers;
– TTY drivers;
– USB subsystem;
– DesignWare USB3 driver;
– VFIO drivers;
– Backlight driver;
– Virtio drivers;
– Xen hypervisor drivers;
– AFS file system;
– File systems infrastructure;
– BTRFS file system;
– debug file system;
– Ext4 file system;
– F2FS file system;
– FAT file system;
– Network file system client;
– NILFS2 file system;
– Overlay file system;
– Pstore file system;
– Diskquota system;
– SMB network file system;
– UBI file system;
– io_uring subsystem;
– BPF subsystem;
– Core kernel;
– Memory management;
– Bluetooth subsystem;
– Networking core;
– HSR network protocol;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– IEEE 802.15.4 subsystem;
– Netfilter;
– Packet sockets;
– Network traffic control;
– Sun RPC protocol;
– ALSA SH drivers;
– SOF drivers;
– USB sound devices;
– KVM core;
(CVE-2024-35822, CVE-2024-26859, CVE-2024-26967, CVE-2024-27053,
CVE-2024-27064, CVE-2024-27437, CVE-2024-26931, CVE-2024-26870,
CVE-2024-26927, CVE-2024-26880, CVE-2024-35789, CVE-2024-26929,
CVE-2024-27034, CVE-2024-26816, CVE-2024-26896, CVE-2024-26975,
CVE-2024-26972, CVE-2024-26937, CVE-2024-27032, CVE-2024-26871,
CVE-2024-26655, CVE-2024-35829, CVE-2024-26886, CVE-2023-52653,
CVE-2024-27028, CVE-2024-26877, CVE-2024-26898, CVE-2024-35796,
CVE-2024-27065, CVE-2024-35807, CVE-2024-26966, CVE-2024-35826,
CVE-2024-27067, CVE-2024-27039, CVE-2024-35811, CVE-2024-26895,
CVE-2024-26814, CVE-2024-26893, CVE-2023-52649, CVE-2024-35801,
CVE-2023-52648, CVE-2024-27048, CVE-2024-26934, CVE-2024-27049,
CVE-2024-26890, CVE-2024-26874, CVE-2022-48669, CVE-2023-52661,
CVE-2024-27436, CVE-2024-27058, CVE-2024-26935, CVE-2024-26956,
CVE-2024-26960, CVE-2024-26976, CVE-2024-27041, CVE-2024-26873,
CVE-2024-26946, CVE-2024-27080, CVE-2024-27432, CVE-2023-52650,
CVE-2024-26879, CVE-2023-52647, CVE-2024-27435, CVE-2024-27038,
CVE-2024-26951, CVE-2024-27390, CVE-2024-26863, CVE-2024-26959,
CVE-2024-35794, CVE-2024-26889, CVE-2024-35845, CVE-2024-27433,
CVE-2024-26961, CVE-2024-35803, CVE-2024-26653, CVE-2024-26939,
CVE-2024-26872, CVE-2024-26979, CVE-2024-26973, CVE-2024-27029,
CVE-2024-35831, CVE-2024-26892, CVE-2024-26888, CVE-2024-27074,
CVE-2024-35844, CVE-2024-26938, CVE-2024-26953, CVE-2024-27391,
CVE-2024-35843, CVE-2024-27040, CVE-2024-26875, CVE-2024-27026,
CVE-2024-26978, CVE-2024-26882, CVE-2023-52652, CVE-2023-52662,
CVE-2024-26963, CVE-2024-26962, CVE-2024-27051, CVE-2024-27068,
CVE-2024-26881, CVE-2024-35800, CVE-2024-26964, CVE-2024-27389,
CVE-2024-27043, CVE-2024-26901, CVE-2024-26941, CVE-2024-35798,
CVE-2024-35799, CVE-2024-26952, CVE-2024-26654, CVE-2024-27046,
CVE-2024-35810, CVE-2024-27050, CVE-2024-27063, CVE-2024-26954,
CVE-2024-26884, CVE-2024-27047, CVE-2024-26932, CVE-2024-26883,
CVE-2024-26943, CVE-2024-26651, CVE-2024-26815, CVE-2024-26948,
CVE-2024-27066, CVE-2024-27037, CVE-2024-35806, CVE-2024-26869,
CVE-2024-26878, CVE-2024-26810, CVE-2024-35797, CVE-2024-27073,
CVE-2024-26812, CVE-2024-26933, CVE-2024-26809, CVE-2024-26894,
CVE-2024-35813, CVE-2024-27033, CVE-2024-26876, CVE-2024-27076,
CVE-2024-27045, CVE-2024-27079, CVE-2024-26861, CVE-2024-26957,
CVE-2024-26864, CVE-2024-26866, CVE-2024-35814, CVE-2024-26813,
CVE-2024-27388, CVE-2024-27042, CVE-2024-26862, CVE-2024-26968,
CVE-2024-26940, CVE-2024-27027, CVE-2024-35793, CVE-2024-35874,
CVE-2024-27035, CVE-2024-26958, CVE-2024-26887, CVE-2024-35809,
CVE-2024-26930, CVE-2024-35819, CVE-2024-27392, CVE-2024-35808,
CVE-2023-52644, CVE-2024-35828, CVE-2024-26657, CVE-2024-26969,
CVE-2024-27434, CVE-2024-35821, CVE-2023-52663, CVE-2024-27078,
CVE-2024-35787, CVE-2024-27044, CVE-2024-26848, CVE-2024-26955,
CVE-2024-26899, CVE-2024-27077, CVE-2024-26897, CVE-2024-26945,
CVE-2024-26885, CVE-2024-27069, CVE-2024-27070, CVE-2024-27054,
CVE-2024-35795, CVE-2024-35817, CVE-2024-35827, CVE-2024-26656,
CVE-2024-26860, CVE-2024-26942, CVE-2023-52659, CVE-2024-26865,
CVE-2024-26868, CVE-2024-26947, CVE-2024-35788, CVE-2024-26950,
CVE-2024-27030, CVE-2024-26949, CVE-2024-26900, CVE-2024-26971,
CVE-2024-35805, CVE-2024-26977, CVE-2024-26944, CVE-2024-27036,
CVE-2024-26965, CVE-2024-26891, CVE-2024-27071, CVE-2024-27075,
CVE-2024-27072, CVE-2024-35830, CVE-2024-27052, CVE-2024-26970,
CVE-2024-27031)
A vulnerability has been discovered in SolarWinds Serv-U that could allow for path transversal that could lead to disclosure of sensitive information. SolarWinds Serv-U is a managed file transfer solution used to store and share files across an enterprise network. It can be hosted on both Windows and Linux-based servers. Successful exploitation of this vulnerability could allow for the disclosure of sensitive information in the context of the files and directories. Depending on the permissions associated with the files, an attacker could view content within them. Files with stricter access controls and file permissions could be less impacted than those without.
