ZDI-24-078: Trend Micro Mobile Security for Enterprises DevicesManagementEditNotePopupTip Cross-Site Scripting Vulnerability

Read Time:19 Second

This vulnerability allows remote attackers to execute web requests with the victim’s privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2023-41176.

Read More

ZDI-24-079: Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability

Read Time:19 Second

This vulnerability allows remote attackers to execute web requests with the victim’s privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2023-41177.

Read More

ZDI-24-080: Trend Micro Mobile Security for Enterprises vpplist_assign_list Cross-Site Scripting Vulnerability

Read Time:19 Second

This vulnerability allows remote attackers to execute web requests with the victim’s privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2023-41178.

Read More

Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities (CVE-2023-46805 and CVE-2024-21887)

Read Time:1 Minute, 0 Second

What is the Vulnerability?
Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory, when chained together, exploiting these vulnerabilities when chained together may allow attackers to run commands without the need for authentication on the compromised system. Both vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

What is the Vendor Solution?

At the time of posting, there is no patch available; Ivanti has released workarounds as the two new vulnerabilities are actively being exploited in the wild. FortiGuard Labs strongly recommends users to apply patches as soon as they are made available and track vendor advisory for any updates. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs is investigating an IPS signature protection and should release it as soon as it becomes available. Please note: any new updates would be added to this Threat Signal.
FortiGuard Labs recommends companies to follow mitigation steps released by the vendor and track patch schedule for the affected systems.

Read More

Minor firefox DoS – semi silently polluting ~/Downloads with files (part 2)

Read Time:27 Second

Posted by Georgi Guninski on Jan 18

Minor firefox DoS – semi silently polluting ~/Downloads with files (part 2)

Tested on: firefox 121 and chrome 120 on GNU/linux

Date: Thu Jan 18 08:38:28 AM UTC 2024

This is barely a DoS, but since it might affect Chrome too we decided
to disclose it.

If firefox user visits a specially crafted page, then firefox
may create many files in `~/Downloads`,
The user is notified about this in a small dialog, but there is
no option to stop the…

Read More

USN-6590-1: Xerces-C++ vulnerabilities

Read Time:40 Second

It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2018-1311)

It was discovered that Xerces-C++ was not properly performing bounds
checks when processing XML Schema Definition files, which could lead to an
out-of-bounds access via an HTTP request. If a user or automated system
were tricked into processing a specially crafted XSD file, a remote
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-37536)

Read More