Category Archives: Advisories

CVE-2018-14519

Read Time:11 Second

An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.

Read More

[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities

Read Time:45 Second

[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities
Arnie Cabral
Wed, 08/24/2022 – 12:18

Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified, reported and fixed. With the release of Nessus Agent 8.3.4, Tenable has mitigated the reported issues by enabling the ability to sign and verify custom audit files.

1. CVE-2022-32973 – An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
2. CVE-2022-32974 – An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.

Additional details on the custom audit signing functionality can be found here: https://community.tenable.com/s/article/Audit-Signing-Overview

Read More