OXAS-ADV-2023-0007: OX App Suite Security Advisory
Posted by Martin Heiland via Fulldisclosure on Feb 13 Dear subscribers, We're sharing our latest advisory with you and like to thank everyone who contributed...
Android passkeys unexpectedly deleted or useless after sync
Posted by Erik van Straten (FD) on Feb 13 *INTRODUCTION* Passkeys on Android are stored in Google Password Manager by default. The user cannot make...
Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables
Posted by Austin DeFrancesco via Fulldisclosure on Feb 13 Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables ================================================================================================================================= Contents:...
Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749)
Posted by Austin DeFrancesco via Fulldisclosure on Feb 13 Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749) =========================================================================================== Contents: --------- Summary...
Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 2.
Posted by hyp3rlinx on Feb 13 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com...
Wyrestorm Apollo VX20 / Incorrect Access Control – Credentials Disclosure / CVE-2024-25735
Posted by hyp3rlinx on Feb 13 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.wyrestorm.com...
Wyrestorm Apollo VX20 / Account Enumeration / CVE-2024-25734
Posted by hyp3rlinx on Feb 13 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_ACCOUNT_ENUMERATION_CVE-2024-25734.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.wyrestorm.com...
Wyrestorm Apollo VX20 / Incorrect Access Control – DoS / CVE-2024-25736
Posted by hyp3rlinx on Feb 13 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_DOS_CVE-2024-25736.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.wyrestorm.com...
IBM i Access Client Solutions / Remote Credential Theft / CVE-2024-22318
Posted by hyp3rlinx on Feb 13 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/IBMI_ACCESS_CLIENT_REMOTE_CREDENTIAL_THEFT_CVE-2024-22318.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.ibm.com...
USN-6629-1: UltraJSON vulnerabilities
It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the...