Posted by Egidio Romano on Jun 23
Hello list,
Just wanted to share with you my latest blog post:
https://karmainsecurity.com/zip-slip-meets-artifactory-a-bug-bounty-story
Enjoy it!
Posted by Egidio Romano on Jun 23
Hello list,
Just wanted to share with you my latest blog post:
https://karmainsecurity.com/zip-slip-meets-artifactory-a-bug-bounty-story
Enjoy it!
Posted by malvuln on Jun 23
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/eeb631127f1b9fb3d13d209d8e675634.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln
Threat: Backdoor.Win32.Plugx
Vulnerability: Insecure Permissions
Family: Plugx
Type: PE32
MD5: eeb631127f1b9fb3d13d209d8e675634
SHA256: c2804080c3f45e8232b3e955611f56c9ba513a7845ddad56a588c4191d139990
Vuln ID: MVID-2024-0686
Disclosure: 06/17/2024…
Posted by SBA Research Security Advisory via Fulldisclosure on Jun 23
# Paradox IP150 Internet Module Cross-Site Request Forgery #
## Vulnerability Overview ##
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to
Cross-Site Request Forgery (CSRF) attacks due to
a lack of countermeasures and the use of the HTTP method `GET` to introduce
changes in the system.
* **Identifier**…
The update for composer released as DSA 5715 introduced a regression
in the handling of git feature branches. Updated composer packages
are now available to address this issue.
python-PyMySQL-0.9.3-2.el7
Security fix for CVE-2024-36039
libreswan-4.15-1.fc39
Update to 4.15 for CVE-2024-3652
mingw-gstreamer1-1.22.9-1.fc39
mingw-gstreamer1-plugins-bad-free-1.22.9-1.fc39
mingw-gstreamer1-plugins-base-1.22.9-2.fc39
mingw-gstreamer1-plugins-good-1.22.9-1.fc39
Update to gstreamer-1.22.9.
Backport fix for CVE-2024-0444.
mingw-gstreamer1-plugins-bad-free-1.22.7-2.fc39
Backport fix for CVE-2024-0444.
This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. User interaction on the part of an administrator is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2024-2003.
libreswan-4.15-1.fc40
Update to 4.15 for CVE-2024-3652