Category Archives: Advisories

USN-6844-1: CUPS vulnerability

Read Time:14 Second

Rory McNamara discovered that when starting the cupsd server with a
Listen configuration item, the cupsd process fails to validate if
bind call passed. An attacker could possibly trick cupsd to perform
an arbitrary chmod of the provided argument, providing world-writable
access to the target.

Read More

USN-6845-1: Hibernate vulnerability

Read Time:12 Second

It was discovered that Hibernate incorrectly handled certain inputs with
unsanitized literals. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain sensitive information.

Read More

SEC Consult SA-20240620-0 :: Arbitrary File Upload in edu-sharing (metaVentis GmbH)

Read Time:21 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 23

SEC Consult Vulnerability Lab Security Advisory < 20240620-0 >
=======================================================================
title: Arbitrary File Upload
product: edu-sharing (metaVentis GmbH)
vulnerable versions: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19
fixed versions: >=8.0.8-RC2, >=8.1.4-RC0, >=9.0.0-RC19
CVE number: CVE-2024-28147
impact: high…

Read More

Backdoor.Win32.Plugx / Insecure Permissions

Read Time:17 Second

Posted by malvuln on Jun 23

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/eeb631127f1b9fb3d13d209d8e675634.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.Plugx
Vulnerability: Insecure Permissions
Family: Plugx
Type: PE32
MD5: eeb631127f1b9fb3d13d209d8e675634
SHA256: c2804080c3f45e8232b3e955611f56c9ba513a7845ddad56a588c4191d139990
Vuln ID: MVID-2024-0686
Disclosure: 06/17/2024…

Read More

[SBA-ADV-20240321-01] CVE-2024-5676: Paradox IP150 Internet Module Cross-Site Request Forgery

Read Time:24 Second

Posted by SBA Research Security Advisory via Fulldisclosure on Jun 23

# Paradox IP150 Internet Module Cross-Site Request Forgery #

Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery

## Vulnerability Overview ##

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to
Cross-Site Request Forgery (CSRF) attacks due to
a lack of countermeasures and the use of the HTTP method `GET` to introduce
changes in the system.

* **Identifier**…

Read More