Posted by Egidio Romano on Apr 10
——————————————————————————
Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
——————————————————————————
[-] Software Link:
[-] Affected Versions:
Version 4.7.16 and prior versions.
[-] Vulnerability Description:
The vulnerability is located in the…
Posted by Egidio Romano on Apr 10
——————————————————————–
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
——————————————————————–
[-] Software Link:
[-] Affected Versions:
All versions from 4.4.0 to 4.7.15.
[-] Vulnerability Description:
The vulnerability is located in the
/applications/nexus/modules/front/store/store.php script….
Posted by Andrey Stoykov on Apr 10
# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7
# Date: 4/2024
# Exploit Author: Andrey Stoykov
# Version: 9.2.7
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com
Verbose Error Message – Stack Trace:
1. Directly browse to edit profile page
2. Error should come up with verbose stack trace
Verbose Error Message – SQL Error:
1. Page Settings > Design > Save Changes
2. Intercept HTTP POST request and place single…
Posted by Martin Heiland via Fulldisclosure on Apr 10
Dear subscribers,
We’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.
This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0001.html.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH…
Posted by malvuln on Apr 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32.Razy.abc
Vulnerability: Insecure Permissions (In memory IPC)
Family: Razy
Type: PE32
MD5: 0eb4a9089d3f7cf431d6547db3b9484d
SHA256: 3d82fee314e7febb8307ccf8a7396b6dd53c7d979a74aa56f3c4a6d0702fd098
Vuln ID: MVID-2024-0678…
Posted by Clément Cruchet on Apr 10
CVE ID: CVE-2023-27195
Description:
An access control issue in Trimble TM4Web v22.2.0 allows
unauthenticated attackers to access a specific crafted URL path to
retrieve the last registration access code and use this access code to
register a valid account. If the access code was used to create an
Administrator account, attackers are also able to register new
Administrator accounts with full rights and privileges.
Vulnerability Type: Broken…
python-django3-3.2.25-1.el9
Security fixes for
CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words()
CVE-2023-41164 Potential DOS vulnerability in django.utils.encoding.uri_to_iri()
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
kernel-6.8.5-100.fc38
The 6.8.5 stable kernel update contains a number of important fixes across the tree.
