Category Archives: Advisories

APPLE-SA-03-07-2024-1 Safari 17.4

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-1 Safari 17.4

Safari 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214089.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari Private Browsing
Available for: macOS Monterey and macOS Ventura
Impact: Private Browsing tabs may be accessed without…

Read More

APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

Read Time:27 Second

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

iOS 16.7.6 and iPadOS 16.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214082.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Kernel
Available for: iPhone 8, iPhone 8 Plus, iPhone X,…

Read More

APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

iOS 17.4 and iPadOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214081.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Accessibility
Available for: iPhone XS and later, iPad Pro…

Read More

Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Mar 13

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Beastdoor.oq
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1332, makes outbound
connections to SMTP port 25 and executes a PE file named svchost.exe
dropped in…

Read More

StimulusReflex CVE-2024-28121

Read Time:23 Second

Posted by lixts via Fulldisclosure on Mar 13

StimulusReflex CVE-2024-28121

Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10.

## Vulnerable code excerpt

stimulus_reflex/lib/stimulus_reflex/reflex.rb
“`
# Invoke the reflex action specified by `name` and run all callbacks
def process(name, *args)
run_callbacks(:process) { public_send(name, *args) }
end
“`

stimulus_reflex/app/channels/stimulus_reflex/channel.rb…

Read More

[Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier

Read Time:21 Second

Posted by Valentin Lobstein via Fulldisclosure on Mar 13

CVE ID: CVE-2024-25228

Title: Authenticated Command Injection Vulnerability in ManoeuvreHandler.class.php of Vinchin Backup & Recovery
Versions 7.2 and Earlier

Description:
A critical security vulnerability has been discovered in the `getVerifydiyResult` function within the
`ManoeuvreHandler.class.php` file of Vinchin Backup & Recovery software, affecting versions 7.2 and earlier. This
function, intended for validating IP addresses…

Read More