Category Archives: Advisories

ZDI-24-1713: Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11364.

Read More

Stored XSS with Filter Bypass – blogenginev3.3.8

Read Time:24 Second

Posted by Andrey Stoykov on Dec 18

# Exploit Title: Stored XSS with Filter Bypass – blogenginev3.3.8
# Date: 12/2024
# Exploit Author: Andrey Stoykov
# Version: 3.3.8
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html

Stored XSS Filter Bypass #1:

Steps to Reproduce:

1. Login as admin and go to “Content” > “Posts”
2. On the right side of the page choose “Categories”
3. In…

Read More

[SYSS-2024-085]: Broadcom CA Client Automation – Improper Privilege Management (CWE-269)

Read Time:18 Second

Posted by Matthias Deeg via Fulldisclosure on Dec 18

Advisory ID: SYSS-2024-085
Product: CA Client Automation (CA DSM)
Manufacturer: Broadcom
Affected Version(s): 14.5.0.15
Tested Version(s): 14.5.0.15
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2024-10-18
Solution Date: 2024-12-17
Public Disclosure:…

Read More

USN-7169-2: Linux kernel (GCP) vulnerabilities

Read Time:14 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Ext4 file system;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-49967, CVE-2024-53057, CVE-2024-50264)

Read More