Category Archives: Advisories

ZDI-24-594: Siemens Tecnomatix Plant Simulation MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-32639.

Read More

libopenmpt-0.7.8-1.el8

Read Time:2 Minute, 37 Second

FEDORA-EPEL-2024-9d9625a171

Packages in this update:

libopenmpt-0.7.8-1.el8

Update description:

libopenmpt 0.7.8 (2024-06-09)

[Sec] Potential heap out-of-bounds read with malformed Dynamic Studio DSm files (r20912).
MED: Additional command pages can now be read.
MED: Echo DSP is now emulated.
AMS: Default channel panning was broken, using all-center panning instead of MOD-style panning.
STP: Correctly import volume slides where both nibbles are set.
MDL: Pitch slide depth was wrong since libopenmpt 0.6.0.
DTM: Fix pitch slide depth for samples with finetune.
DSm: Don’t import as Amiga module (and thus allow Amiga resampler to be enabled), as this PC format can easily exceed the Amiga frequency range.
DSm: Only the first 48 samples were ever read.
STM / STX: Don’t set channel panning. ScreamTracker 2 only outputs mono sound.
PSM: File header probing was stricter than actual file loader, rejecting manipulated files that would otherwise load fine.

libopenmpt 0.7.7 (2024-05-12)

[Bug] examples/libopenmpt_example_c_pipe.c and libopenmpt/bindings/freebasic/libopenmpt_ext.bi were missing from the Autotools package.
[New] New Makefile CONFIG=mingw-w64 option WINDOWS_CRT=[crtdll,msvcrt,ucrt] to select the toolchain CRT library.
[Change] build/download_externals.sh now verifies the integrity of any downloaded files and uses curl instead of wget.
[Regression] Optimization level when compiling with GCC 14 has been forced down to -O1 due to the severe miscompilation GCC 14 has shown on MinGW-w64 amd64 (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115049).
IT: Disable a few more compatibility flags for older SchismTracker builds.
IT: Halve the output volume of files saved with ChibiTracker, as its mixer is about half as loud as ours.
S3M: In mono mode, the ratio between sample and OPL volume was incorrect.
S3M: Detect files saved with PlayerPRO.
XM: Detect files saved with PlayerPRO. Improved detection of files saved with ModPlug Tracker.
XM: Files with impossibly small pattern headers are now rejected, like FastTracker 2 does.
STK: Loosen SoundTracker file rejection heuristics a bit to allow loading of files with malformed song titles and overly long samples. Other heuristics has been tightened a bit.
MOD: Change VBlank timing heuristic to always assume CIA timing when long samples unsupported by original ProTracker) are found.
MOD: Disable NoiseTracker quirks if empty sample slots have a default volume other than 0.
MOD: 7-bit panning detection may have returned incorrect results for MODs with a channel count other than 4.
MED: Improve handling of default tempo, panning and channel volume in files containing more than one song.
MO3: Reduced maximum allowed music data (not samples) size from 2 GiB to 512 MiB.
XMF: Header validation is now stricter.
MDL: Slightly more accurate import of pattern command 9 (enabling envelopes instead of setting envelope position).
ULT: Support the highest three octaves.
OPL emulation could produce clicks when using a mix rate higher than 65536 Hz.
xmp-openmpt: Subsongs whose length could not be calculate no longer show a duration of -12:-55.
mpg123: Update to v1.32.6 (2024-04-04).

Read More

libopenmpt-0.7.8-1.el7

Read Time:2 Minute, 37 Second

FEDORA-EPEL-2024-fa86f0e8f1

Packages in this update:

libopenmpt-0.7.8-1.el7

Update description:

libopenmpt 0.7.8 (2024-06-09)

[Sec] Potential heap out-of-bounds read with malformed Dynamic Studio DSm files (r20912).
MED: Additional command pages can now be read.
MED: Echo DSP is now emulated.
AMS: Default channel panning was broken, using all-center panning instead of MOD-style panning.
STP: Correctly import volume slides where both nibbles are set.
MDL: Pitch slide depth was wrong since libopenmpt 0.6.0.
DTM: Fix pitch slide depth for samples with finetune.
DSm: Don’t import as Amiga module (and thus allow Amiga resampler to be enabled), as this PC format can easily exceed the Amiga frequency range.
DSm: Only the first 48 samples were ever read.
STM / STX: Don’t set channel panning. ScreamTracker 2 only outputs mono sound.
PSM: File header probing was stricter than actual file loader, rejecting manipulated files that would otherwise load fine.

libopenmpt 0.7.7 (2024-05-12)

[Bug] examples/libopenmpt_example_c_pipe.c and libopenmpt/bindings/freebasic/libopenmpt_ext.bi were missing from the Autotools package.
[New] New Makefile CONFIG=mingw-w64 option WINDOWS_CRT=[crtdll,msvcrt,ucrt] to select the toolchain CRT library.
[Change] build/download_externals.sh now verifies the integrity of any downloaded files and uses curl instead of wget.
[Regression] Optimization level when compiling with GCC 14 has been forced down to -O1 due to the severe miscompilation GCC 14 has shown on MinGW-w64 amd64 (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115049).
IT: Disable a few more compatibility flags for older SchismTracker builds.
IT: Halve the output volume of files saved with ChibiTracker, as its mixer is about half as loud as ours.
S3M: In mono mode, the ratio between sample and OPL volume was incorrect.
S3M: Detect files saved with PlayerPRO.
XM: Detect files saved with PlayerPRO. Improved detection of files saved with ModPlug Tracker.
XM: Files with impossibly small pattern headers are now rejected, like FastTracker 2 does.
STK: Loosen SoundTracker file rejection heuristics a bit to allow loading of files with malformed song titles and overly long samples. Other heuristics has been tightened a bit.
MOD: Change VBlank timing heuristic to always assume CIA timing when long samples unsupported by original ProTracker) are found.
MOD: Disable NoiseTracker quirks if empty sample slots have a default volume other than 0.
MOD: 7-bit panning detection may have returned incorrect results for MODs with a channel count other than 4.
MED: Improve handling of default tempo, panning and channel volume in files containing more than one song.
MO3: Reduced maximum allowed music data (not samples) size from 2 GiB to 512 MiB.
XMF: Header validation is now stricter.
MDL: Slightly more accurate import of pattern command 9 (enabling envelopes instead of setting envelope position).
ULT: Support the highest three octaves.
OPL emulation could produce clicks when using a mix rate higher than 65536 Hz.
xmp-openmpt: Subsongs whose length could not be calculate no longer show a duration of -12:-55.
mpg123: Update to v1.32.6 (2024-04-04).

Read More

libopenmpt-0.7.8-1.el9

Read Time:2 Minute, 37 Second

FEDORA-EPEL-2024-c862af93eb

Packages in this update:

libopenmpt-0.7.8-1.el9

Update description:

libopenmpt 0.7.8 (2024-06-09)

[Sec] Potential heap out-of-bounds read with malformed Dynamic Studio DSm files (r20912).
MED: Additional command pages can now be read.
MED: Echo DSP is now emulated.
AMS: Default channel panning was broken, using all-center panning instead of MOD-style panning.
STP: Correctly import volume slides where both nibbles are set.
MDL: Pitch slide depth was wrong since libopenmpt 0.6.0.
DTM: Fix pitch slide depth for samples with finetune.
DSm: Don’t import as Amiga module (and thus allow Amiga resampler to be enabled), as this PC format can easily exceed the Amiga frequency range.
DSm: Only the first 48 samples were ever read.
STM / STX: Don’t set channel panning. ScreamTracker 2 only outputs mono sound.
PSM: File header probing was stricter than actual file loader, rejecting manipulated files that would otherwise load fine.

libopenmpt 0.7.7 (2024-05-12)

[Bug] examples/libopenmpt_example_c_pipe.c and libopenmpt/bindings/freebasic/libopenmpt_ext.bi were missing from the Autotools package.
[New] New Makefile CONFIG=mingw-w64 option WINDOWS_CRT=[crtdll,msvcrt,ucrt] to select the toolchain CRT library.
[Change] build/download_externals.sh now verifies the integrity of any downloaded files and uses curl instead of wget.
[Regression] Optimization level when compiling with GCC 14 has been forced down to -O1 due to the severe miscompilation GCC 14 has shown on MinGW-w64 amd64 (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115049).
IT: Disable a few more compatibility flags for older SchismTracker builds.
IT: Halve the output volume of files saved with ChibiTracker, as its mixer is about half as loud as ours.
S3M: In mono mode, the ratio between sample and OPL volume was incorrect.
S3M: Detect files saved with PlayerPRO.
XM: Detect files saved with PlayerPRO. Improved detection of files saved with ModPlug Tracker.
XM: Files with impossibly small pattern headers are now rejected, like FastTracker 2 does.
STK: Loosen SoundTracker file rejection heuristics a bit to allow loading of files with malformed song titles and overly long samples. Other heuristics has been tightened a bit.
MOD: Change VBlank timing heuristic to always assume CIA timing when long samples unsupported by original ProTracker) are found.
MOD: Disable NoiseTracker quirks if empty sample slots have a default volume other than 0.
MOD: 7-bit panning detection may have returned incorrect results for MODs with a channel count other than 4.
MED: Improve handling of default tempo, panning and channel volume in files containing more than one song.
MO3: Reduced maximum allowed music data (not samples) size from 2 GiB to 512 MiB.
XMF: Header validation is now stricter.
MDL: Slightly more accurate import of pattern command 9 (enabling envelopes instead of setting envelope position).
ULT: Support the highest three octaves.
OPL emulation could produce clicks when using a mix rate higher than 65536 Hz.
xmp-openmpt: Subsongs whose length could not be calculate no longer show a duration of -12:-55.
mpg123: Update to v1.32.6 (2024-04-04).

Read More

webkitgtk-2.44.2-2.fc40

Read Time:36 Second

FEDORA-2024-4d71f28349

Packages in this update:

webkitgtk-2.44.2-2.fc40

Update description:

Update to 2.44.2:

Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834

Read More

webkitgtk-2.44.2-2.fc39

Read Time:36 Second

FEDORA-2024-826bf5a09a

Packages in this update:

webkitgtk-2.44.2-2.fc39

Update description:

Update to 2.44.2:

Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834

Read More

CyberDanube Security Research 20240604-0 | Multiple Vulnerabilities in utnserver Pro/ProMAX/INU-100

Read Time:16 Second

Posted by Thomas Weber via Fulldisclosure on Jun 09

CyberDanube Security Research 20240604-0
——————————————————————————-
title| Multiple Vulnerabilities
product| SEH utnserver Pro/ProMAX / INU-100
vulnerable version| 20.1.22
fixed version| 20.1.28
CVE number| CVE-2024-5420, CVE-2024-5421, CVE-2024-5422
impact| High
homepage| https://www.seh-technology.com/

Read More

SEC Consult SA-20240606-0 :: Multiple critical vulnerabilities in Kiuwan SAST on-premise (KOP) & cloud/SaaS & Kiuwan Local Analyzer (KLA)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09

SEC Consult Vulnerability Lab Security Advisory < 20240606-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Kiuwan SAST on-premise (KOP) & cloud/SaaS
Kiuwan Local Analyzer (KLA)
vulnerable version: Kiuwan SAST <2.8.2402.3
Kiuwan Local Analyzer <master.1808.p685.q13371…

Read More

Blind SQL Injection – fengofficev3.11.1.2

Read Time:24 Second

Posted by Andrey Stoykov on Jun 09

# Exploit Title: FengOffice – Blind SQL Injection
# Date: 06/2024
# Exploit Author: Andrey Stoykov
# Version: 3.11.1.2
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html

Steps to Reproduce:

1. Login to application
2. Click on “Workspaces”
3. Copy full URL
4. Paste the HTTP GET request into text file
5. Set the injection point to be in the “dim” parameter…

Read More