Category Archives: Advisories

ZDI-25-176: (0Day) CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2762.

Read More

SQL Injection in Admin Functionality – dolphin.prov7.4.2

Read Time:24 Second

Posted by Andrey Stoykov on Mar 24

# Exploit Title: SQL Injection in Admin Functionality – dolphin.prov7.4.2
# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-21-sql.html

SQL Injection in Admin Functionality:

Steps to Reproduce:

1. Login as admin user and visit the page of “
http://192.168.58.170/dolphinCMS/administration/index.php?cat="
2….

Read More

Stored XSS via Send Message Functionality – dolphin.prov7.4.2

Read Time:24 Second

Posted by Andrey Stoykov on Mar 24

# Exploit Title: Stored XSS via Send Message Functionality –
dolphin.prov7.4.2
# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-20-stored-xss.html

Stored XSS via Send Message Functionality:

Steps to Reproduce:

1. Login and visit “http://192.168.58.170/dolphinCMS/mail.php?mode=compose"
2. Add…

Read More

USN-7370-1: SmartDNS vulnerabilities

Read Time:29 Second

It was discovered that SmartDNS did not correctly align certain objects in
memory, leading to undefined behaviour. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS. (CVE-2024-24198, CVE-2024-24199)

It was discovered that SmartDNS did not correctly handle certain inputs,
which could lead to an integer overflow. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-42643)

Read More

USN-7369-1: elfutils vulnerabilities

Read Time:1 Minute, 21 Second

It was discovered that readelf from elfutils could be made to read out of
bounds. If a user or automated system were tricked into running readelf
on a specially crafted file, an attacker could cause readelf to crash,
resulting in a denial of service. This issue only affected Ubuntu 24.04
LTS. (CVE-2024-25260)

It was discovered that readelf from elfutils could be made to write out of
bounds. If a user or automated system were tricked into running readelf
on a specially crafted file, an attacker could cause readelf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365)

It was discovered that readelf from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
readelf on a specially crafted file, an attacker could cause readelf to
crash, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS and Ubuntu 24.10. (CVE-2025-1371)

It was discovered that readelf from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
readelf on a specially crafted file, an attacker could cause readelf to
crash, resulting in a denial of service. (CVE-2025-1372)

It was discovered that strip from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
strip on a specially crafted file, an attacker could cause strip to
crash, resulting in a denial of service. (CVE-2025-1377)

Read More

USN-7348-2: Python regression

Read Time:57 Second

USN-7348-1 fixed vulnerabilities in Python. The update introduced a
regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered “private” or
“globally reachable”. This could possibly result in applications applying
incorrect security policies. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-4032)

It was discovered that Python incorrectly handled quoting path names when
using the venv module. A local attacker able to control virtual
environments could possibly use this issue to execute arbitrary code when
the virtual environment is activated. (CVE-2024-9287)

It was discovered that Python incorrectly handled parsing bracketed hosts.
A remote attacker could possibly use this issue to perform a Server-Side
Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-11168)

It was discovered that Python incorrectly handled parsing domain names that
included square brackets. A remote attacker could possibly use this issue
to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)

Read More