This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2762.
Category Archives: Advisories
SQL Injection in Admin Functionality – dolphin.prov7.4.2
Posted by Andrey Stoykov on Mar 24
# Exploit Title: SQL Injection in Admin Functionality – dolphin.prov7.4.2
# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-21-sql.html
SQL Injection in Admin Functionality:
Steps to Reproduce:
1. Login as admin user and visit the page of “
http://192.168.58.170/dolphinCMS/administration/index.php?cat="
2….
Stored XSS via Send Message Functionality – dolphin.prov7.4.2
Posted by Andrey Stoykov on Mar 24
# Exploit Title: Stored XSS via Send Message Functionality –
dolphin.prov7.4.2
# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-20-stored-xss.html
Stored XSS via Send Message Functionality:
Steps to Reproduce:
1. Login and visit “http://192.168.58.170/dolphinCMS/mail.php?mode=compose"
2. Add…
USN-7370-1: SmartDNS vulnerabilities
It was discovered that SmartDNS did not correctly align certain objects in
memory, leading to undefined behaviour. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS. (CVE-2024-24198, CVE-2024-24199)
It was discovered that SmartDNS did not correctly handle certain inputs,
which could lead to an integer overflow. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-42643)
DSA-5886-1 ruby-rack – security update
Multiple security issues were found in Rack, an interface for developing
web applications in Ruby, which could result in log injection or
information disclosure.
dokuwiki-20240206b-1.fc42 php-kissifrot-php-ixr-1.8.4-1.fc42 php-phpseclib3-3.0.43-1.fc42
FEDORA-2025-12f2e3e40b
Packages in this update:
dokuwiki-20240206b-1.fc42
php-kissifrot-php-ixr-1.8.4-1.fc42
php-phpseclib3-3.0.43-1.fc42
Update description:
Update DokuWiki to release 2024-02-06b “Kaos”, update dependencies accordingly
dokuwiki-20240206b-1.fc43 php-kissifrot-php-ixr-1.8.4-1.fc43 php-phpseclib3-3.0.43-1.fc43
FEDORA-2025-0ec100da82
Packages in this update:
dokuwiki-20240206b-1.fc43
php-kissifrot-php-ixr-1.8.4-1.fc43
php-phpseclib3-3.0.43-1.fc43
Update description:
Update DokuWiki to release 2024-02-06b “Kaos”, update dependencies accordingly
exim-4.98.1-1.fc42
FEDORA-2025-d75bc3d211
Packages in this update:
exim-4.98.1-1.fc42
Update description:
This is new version fixing possible remote SQL injection and FTBFS with gcc-15.
USN-7369-1: elfutils vulnerabilities
It was discovered that readelf from elfutils could be made to read out of
bounds. If a user or automated system were tricked into running readelf
on a specially crafted file, an attacker could cause readelf to crash,
resulting in a denial of service. This issue only affected Ubuntu 24.04
LTS. (CVE-2024-25260)
It was discovered that readelf from elfutils could be made to write out of
bounds. If a user or automated system were tricked into running readelf
on a specially crafted file, an attacker could cause readelf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365)
It was discovered that readelf from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
readelf on a specially crafted file, an attacker could cause readelf to
crash, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS and Ubuntu 24.10. (CVE-2025-1371)
It was discovered that readelf from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
readelf on a specially crafted file, an attacker could cause readelf to
crash, resulting in a denial of service. (CVE-2025-1372)
It was discovered that strip from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
strip on a specially crafted file, an attacker could cause strip to
crash, resulting in a denial of service. (CVE-2025-1377)
USN-7348-2: Python regression
USN-7348-1 fixed vulnerabilities in Python. The update introduced a
regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered “private” or
“globally reachable”. This could possibly result in applications applying
incorrect security policies. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-4032)
It was discovered that Python incorrectly handled quoting path names when
using the venv module. A local attacker able to control virtual
environments could possibly use this issue to execute arbitrary code when
the virtual environment is activated. (CVE-2024-9287)
It was discovered that Python incorrectly handled parsing bracketed hosts.
A remote attacker could possibly use this issue to perform a Server-Side
Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-11168)
It was discovered that Python incorrectly handled parsing domain names that
included square brackets. A remote attacker could possibly use this issue
to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)