Security News
Microsoft PlayReady toolkit - codes release
Posted by Security Explorations on May 06
Hello All,We released codes for "Microsoft PlayReady toolkit", a tool that has
been developed as part of our research from 2022:
https://security-explorations.com/microsoft-playready.html#details
The toolkit illustrates the following:
- fake client device identity generation,
- acquisition of license and content keys for encrypted content,
- downloading and decryption of content,
- content inspection (MPEG-4 file format),
- Manifest...
Live2D Cubism refusing to fix validation issue leading to heap corruption.
Posted by PT via Fulldisclosure on May 03
Live2D Cubism is the dominant "vtuber" software suite for 2D avatars for use in livestreaming and integrating them inother software.
They publish various SDKs and a frameworks for integrating their libraries with your own program. You're supposed to
use those to deserialize and render/animate the models created with their main software - often untrusted files from
random people on the internet.
While their main java-based...
Microsoft PlayReady white-box cryptography weakness
Posted by Security Explorations on May 01
Hello All,There is yet another attack possible against Protected Media Path
process beyond the one involving two global XOR keys [1]. The new
attack may also result in the extraction of a plaintext content key
value.
The attack has its origin in a white-box crypto [2] implementation.
More specifically, one can devise plaintext content key from white-box
crypto data structures of which goal is to make such a reconstruction
difficult / not...
Re: Excellent piece by Chris Rohlf - " No, LLM Agents can not Autonomously Exploit One-day Vulnerabilities "
Posted by Arun Koshy via Dailydave on Apr 24
This is probably an independent issue ( imvho ).Re LLMs and present AI / ML regime, my only public comment is that
we're in the Hindenburg [1] era .. caveat emptor. Another insightful
paper that probably will be ignored this summer:
https://arxiv.org/abs/2308.03762 ( author :
https://people.csail.mit.edu/kostas/ )
[1] - https://en.wikipedia.org/wiki/LZ_129_Hindenburg
Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers
Posted by Stefan Kanthak on Apr 24
Hi @ll,this post is a continuation of
<https://seclists.org/fulldisclosure/2023/Oct/17> and
<https://seclists.org/fulldisclosure/2021/Oct/17>
With the release of .NET Framework 4.8 in April 2019, Microsoft updated
the following paragraph of the MSDN article "What's new in .NET Framework"
<https://msdn.microsoft.com/en-us/library/ms171868.aspx>
| Starting with .NET Framework 4.5, the clrcompression.dll assembly...
Response to CVE-2023-26756 - Revive Adserver
Posted by Matteo Beccati on Apr 24
CVE-2023-26756 has been recently filed against the Revive Adserver project.The action was taken without first contacting us, and it did not follow
the security process that is thoroughly documented on our website. The
project team has been given no notice before or after the disclosure.
Our team has been made aware of this report by a community member via a
GitHub issue. All of this resulted in an inability for us to produce an
appropriate...
A Familiar World of Chaos
Posted by Dave Aitel via Dailydave on Apr 21
After spending some time looking at "Secure by Design/Default" I have nodoubt many of you feel like something is missing - something that's hard to
put your finger on. So you go back to the treadmill of reading about bugs
in Palo Alto devices, or the latest Project Zero blogpost, or something the
Microsoft Threat Team is naming RidonculousBreeze, or whatever.
For those of you who chose to read the latest Project Zero post, one...
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)
Posted by malvuln on Apr 19
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source:
https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Dumador.c
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware runs an FTP server on TCP port 10000. Third-party
adversaries who can reach the server can send a specially crafted payload
triggering...
SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19
SEC Consult Vulnerability Lab Security Advisory < 20240418-0 >=======================================================================
title: Broken authorization
product: Dreamehome app
vulnerable version: <=2.1.5 (iOS)
fixed version: none, see solution
CVE number: -
impact: medium
homepage: https://www.dreametech.com
found: 2024-01-17...
MindManager 23 - full disclosure
Posted by Pawel Karwowski via Fulldisclosure on Apr 19
Resending! Thank you for your efforts.GitHub - pawlokk/mindmanager-poc: public disclosure<https://github.com/pawlokk/mindmanager-poc>
Affected application: MindManager23_setup.exe
Platform: Windows
Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition)
Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team)
Proposed mitigation:...
Sophia D'Antoine
Posted by Dave Aitel via Dailydave on Apr 17
On Monday, I and 400 other people, including many on this mailing list,attended Sophia's funeral in a huge church in the upper east side of NYC.
Although I grew up in a Jewish household, I am not religious, and the last
time I went to a church was also with Sophia, in Jerusalem, where we
wandered through various landmarks until we ended up at the Church of the
Holy Sepulcher, one of the holiest sites for Christianity.
We waited in a line...
CVE-2024-31705
Posted by V3locidad on Apr 14
CVE ID: CVE-2024-31705Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface
Affected Product : GLPI - 10.X.X and last version
Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.
Affected Component : A remote code execution (RCE) vulnerability has been identified in the 'Shell...
SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14
SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: -
impact: medium
homepage: https://aws.amazon.com/glue/
found:...
[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
Posted by Egidio Romano on Apr 10
------------------------------------------------------------------------------Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
------------------------------------------------------------------------------
[-] Software Link:
https://invisioncommunity.com
[-] Affected Versions:
Version 4.7.16 and prior versions.
[-] Vulnerability Description:
The vulnerability is located in the...
[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
Posted by Egidio Romano on Apr 10
--------------------------------------------------------------------Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
--------------------------------------------------------------------
[-] Software Link:
https://invisioncommunity.com
[-] Affected Versions:
All versions from 4.4.0 to 4.7.15.
[-] Vulnerability Description:
The vulnerability is located in the
/applications/nexus/modules/front/store/store.php script....
Multiple Issues in concretecmsv9.2.7
Posted by Andrey Stoykov on Apr 10
# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7# Date: 4/2024
# Exploit Author: Andrey Stoykov
# Version: 9.2.7
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com
Verbose Error Message - Stack Trace:
1. Directly browse to edit profile page
2. Error should come up with verbose stack trace
Verbose Error Message - SQL Error:
1. Page Settings > Design > Save Changes
2. Intercept HTTP POST request and place single...
OXAS-ADV-2024-0001: OX App Suite Security Advisory
Posted by Martin Heiland via Fulldisclosure on Apr 10
Dear subscribers,We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.
This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0001.html.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH...
Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)
Posted by malvuln on Apr 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source:
https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32.Razy.abc
Vulnerability: Insecure Permissions (In memory IPC)
Family: Razy
Type: PE32
MD5: 0eb4a9089d3f7cf431d6547db3b9484d
SHA256: 3d82fee314e7febb8307ccf8a7396b6dd53c7d979a74aa56f3c4a6d0702fd098
Vuln ID: MVID-2024-0678...
CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0
Posted by Clément Cruchet on Apr 10
CVE ID: CVE-2023-27195Description:
An access control issue in Trimble TM4Web v22.2.0 allows
unauthenticated attackers to access a specific crafted URL path to
retrieve the last registration access code and use this access code to
register a valid account. If the access code was used to create an
Administrator account, attackers are also able to register new
Administrator accounts with full rights and privileges.
Vulnerability Type: Broken...
