๐จ CVE-2024-41237
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
๐@cveNotify
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/SQL Injection - Teacher.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-6706
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
๐@cveNotify
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
๐@cveNotify
๐จ CVE-2018-0824
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
๐@cveNotify
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
๐@cveNotify
๐จ CVE-2024-36971
In the Linux kernel, the following vulnerability has been resolved:
net: fix __dst_negative_advice() race
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.
RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).
Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.
Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.
Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.
Many thanks to Clement Lecigne for tracking this issue.
This old bug became visible after the blamed commit, using UDP sockets.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
net: fix __dst_negative_advice() race
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.
RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).
Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.
Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.
Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.
Many thanks to Clement Lecigne for tracking this issue.
This old bug became visible after the blamed commit, using UDP sockets.
๐@cveNotify
๐จ CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
๐@cveNotify
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
๐@cveNotify
๐จ CVE-2024-36397
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
๐@cveNotify
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
๐@cveNotify
๐จ CVE-2024-37085
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
๐@cveNotify
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
๐@cveNotify
VMware Cloud Foundation (VCF) Blog
Home Page
VMware Cloud Foundation (VCF) - The simplest path to hybrid cloud that delivers consistent, secure and agile cloud infrastructure. Read more.
๐จ CVE-2024-42154
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length
I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long, and the policy doesn't have an entry
for this attribute at all (neither does it for IPv6 but v6 is
manually validated).
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length
I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long, and the policy doesn't have an entry
for this attribute at all (neither does it for IPv6 but v6 is
manually validated).
๐@cveNotify
๐จ CVE-2024-42155
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of protected- and secure-keys
Although the clear-key of neither protected- nor secure-keys is
accessible, this key material should only be visible to the calling
process. So wipe all copies of protected- or secure-keys from stack,
even in case of an error.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of protected- and secure-keys
Although the clear-key of neither protected- nor secure-keys is
accessible, this key material should only be visible to the calling
process. So wipe all copies of protected- or secure-keys from stack,
even in case of an error.
๐@cveNotify
๐จ CVE-2024-41249
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
๐@cveNotify
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/Broken Access Control - Admin - View Subjects.pdf at main ยท tโฆ
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-41251
An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.
๐@cveNotify
An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/Broken Access Control - Admin Dashboard - Registered Teacher.pdfโฆ
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-41252
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
๐@cveNotify
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/Broken Access Control - Admin Dashboard - Registered Student.pdfโฆ
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-41308
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
๐@cveNotify
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
๐@cveNotify
Blogspot
Enjay CRM 1.0 - Multiple code executions via Unrestricted Terminal
๐จ CVE-2024-41309
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
๐@cveNotify
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
๐@cveNotify
Blogspot
Enjay CRM 1.0 - Multiple code executions via Unrestricted Terminal
๐จ CVE-2024-41432
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.
๐@cveNotify
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.
๐@cveNotify
๐จ CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server.
The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control.
Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine.
Impact:
Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system.
Affected Products:
Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11
Second Chance Client versions 2.0.0-2.0.9
PIQ Client versions 1.0.0-1.0.15
Remediation:
Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks.
Workarounds:
Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing.
Credits:
This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.
๐@cveNotify
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server.
The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control.
Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine.
Impact:
Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system.
Affected Products:
Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11
Second Chance Client versions 2.0.0-2.0.9
PIQ Client versions 1.0.0-1.0.15
Remediation:
Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks.
Workarounds:
Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing.
Credits:
This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.
๐@cveNotify
KnowBe4 Knowledge Base
CVE-2024-29209
Title
CVE-2024-29209: Insufficient Domain Verification could lead to RCE in Outlook PAB (Phish Alert Button) via DNS Spoofing
Description
A medium severity vulnerability has been identified in the ...
CVE-2024-29209: Insufficient Domain Verification could lead to RCE in Outlook PAB (Phish Alert Button) via DNS Spoofing
Description
A medium severity vulnerability has been identified in the ...
๐จ CVE-2024-35009
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
๐@cveNotify
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
๐@cveNotify
GitHub
cms/5.md at main ยท Thirtypenny77/cms
Contribute to Thirtypenny77/cms development by creating an account on GitHub.
๐1
๐จ CVE-2024-4965
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
๐@cveNotify
๐จ CVE-2024-21823
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access.
๐@cveNotify
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access.
๐@cveNotify
๐จ CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
๐@cveNotify
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
๐@cveNotify
๐จ CVE-2024-34949
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
๐@cveNotify
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
๐@cveNotify
charm-august-88a on Notion
CVE-2024-34949 - SQL injection vulnerability in Likeshop 2.5.7 | Notion
Hello everyone, I'm tltp188. Today, I want to share an analysis about the CVE-2024-34949 SQL injection security vulnerability through the OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.