SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by hyp3rlinx on May 01

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: https://hyp3rlinx.altervista.org/advisories/Microsoft_Windows_xrm-ms_File_NTLM-Hash_Disclosure.txt
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
.xrm-ms File Type

[Vulnerability Type]
NTLM Hash Disclosure (Spoofing)

[Video URL PoC]
https://www.youtube.com/watch?v=d5U_krLQbNY

[CVE Reference]
N/A

[Security Issue]
The...

Posted by Artur Janicki via Fulldisclosure on Apr 26

[APOLOGIES FOR CROSS-POSTING]

CALL FOR PAPERS
14th International Workshop on Cyber Crime (IWCC 2025 -
https://2025.ares-conference.eu/program/iwcc/)
to be held in conjunction with the 20th International Conference on
Availability, Reliability and Security (ARES 2025 -
http://2025.ares-conference.eu)

August 11-14, 2025, Ghent, Belgium

IMPORTANT DATES
Submission Deadline May 12, 2025
Author Notification May 30, 2025
Proceedings Version...

Posted by Daniel Owens via Fulldisclosure on Apr 26

Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks
(among other things) because the information system directly exposes the C# reflection used during the request-action
mapping process and fails to properly protect certain pathways. These are amplified by cross-site request forgery
vulnerabilities (CSRF) due to the application's failure to verify the HTTP request method...

Posted by Daniel Owens via Fulldisclosure on Apr 26

Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery
(CSRF) protections continue to be vulnerable to the same attacks as the 2022 implementation. Currently, Rails
generates "authenticity tokens" and "csrf tokens" using a random "one time pad" (OTP). This random value is then XORed
with the "raw token" (which can take one of two...

Posted by hyp3rlinx on Apr 26

[-] Microsoft ".library-ms" File / NTLM Information Disclosure
Spoofing (Resurrected 2025) / CVE-2025-24054

[+] John Page (aka hyp3rlinx)
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

Back in 2018, I reported a ".library-ms" File NTLM information
disclosure vulnerability to MSRC and was told "it was not severe
enough", that being said I post it anyways. Seven years passed, until
other researchers re-reported it....

Posted by Marco Ivaldi on Apr 23

Hi,

Please find attached a security advisory that describes some
vulnerabilities we discovered in the Zyxel uOS Linux-based operating
system.

* Title: Local privilege escalation via Zyxel fermion-wrapper
* Product: USG FLEX H Series
* OS: Zyxel uOS V1.31 (and potentially earlier versions)
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2025-04-23
* CVE ID: CVE-2025-1731 (see discussion in "5 - Remediation" below)...

Posted by Apple Product Security via Fulldisclosure on Apr 23

APPLE-SA-04-16-2025-4 visionOS 2.4.1

visionOS 2.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122402.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: Apple Vision Pro
Impact: Processing an audio stream in a maliciously crafted media file
may result in...

Posted by Apple Product Security via Fulldisclosure on Apr 23

APPLE-SA-04-16-2025-3 tvOS 18.4.1

tvOS 18.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122401.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing an audio stream in a maliciously crafted media file...

Posted by Apple Product Security via Fulldisclosure on Apr 23

APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1

macOS Sequoia 15.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122400.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: macOS Sequoia
Impact: Processing an audio stream in a maliciously crafted media file
may...

Posted by Apple Product Security via Fulldisclosure on Apr 23

APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1

iOS 18.4.1 and iPadOS 18.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122282.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch
3rd generation and...

Posted by Andrey Stoykov on Apr 23

# Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9
# Date: 04/2025
# Exploit Author: Andrey Stoykov
# Version: 1.2.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Business Logic Flaw: Price Manipulation #1:

Steps to Reproduce:

1. Visit the store and add a product
2. Intercept the HTTP GET request and add negative value to the "quantity"
parameter

// HTTP GET request

GET...

Posted by Andrey Stoykov on Apr 23

# Exploit Title: Stored XSS in "Message" Functionality - alegrocartv1.2.9
# Date: 04/2025
# Exploit Author: Andrey Stoykov
# Version: 1.2.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS #1:

Steps to Reproduce:

1. Login as demonstrator account and visit "Customers" > "Newsletter"
2. In "Message" use the following XSS payload

<iframe srcdoc="<img src=x...

Posted by Andrey Stoykov on Apr 23

# Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9
# Date: 04/2025
# Exploit Author: Andrey Stoykov
# Version: 1.2.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

XSS via SVG Image Upload:

Steps to Reproduce:

1. Visit http://192.168.58.129/alegrocart/administrator/?controller=download
2. Upload SVG image file with the contents below
3. Intercept the POST request and change the Content-Type to "Content-Type:...

Posted by Housma mardini on Apr 23

Hi Full Disclosure,

I'd like to share a local privilege escalation technique involving BBOT
(Bighuge BLS OSINT Tool) when misconfigured with sudo access.

---

Exploit Title: BBOT 2.1.0 - Local Privilege Escalation via Malicious Module
Execution
Date: 2025-04-16
Exploit Author: Huseyin Mardinli
Vendor Homepage: https://github.com/blacklanternsecurity/bbot
Version: 2.1.0.4939rc (tested)
Tested on: Kali Linux Rolling (2025.1)
CVE: N/A...

Posted by Pierre Kim on Apr 13

No message preview for long message of 656780 bytes.

Posted by Rafael Pedrero on Apr 13

<!--
# Exploit Title: Server-Side Request Forgery (SSRF) in CrushFTP 10.7.1 and
11.1.0 (as well as legacy 9.x)
# Date: 2024-10-20
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.crushftp.com/
# Software Link: https://www.crushftp.com/download/
# Version: CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1
# Tested on: all
# CVE : CVE-2025-32102
# Vulnerability: CWE-918
# Category: webapps

1. Description

CrushFTP 9.x...

Posted by Nick Boyce on Apr 13

[Complete Apple product novice here (my devices all run a non-Apple
OS), but I'm asking for a friend]

Could someone please clarify the following part of the advisory for me:

Does this mean the update will be available via the "Software Update"
feature on an iPhone - or not ?

The quoted paragraph of Apple's advisory is a bit
Schroedinger's-Cat-ish - the update is both available and not
available.

Thanks,

Nick

[...]...

Posted by Egidio Romano on Apr 13

------------------------------------------------------------------------------------
UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection
Vulnerability
------------------------------------------------------------------------------------

[-] Software Links:

https://unacms.com

https://github.com/unacms/una

[-] Affected Versions:

All versions from 9.0.0-RC1 to 14.0.0-RC4.

[-] Vulnerability Description:

The vulnerability...

Posted by Martin Heiland via Fulldisclosure on Apr 13

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2025/oxas-adv-2025-0001.html.

Yours sincerely,
Martin Heiland, Open-Xchange...

Posted by Apple Product Security via Fulldisclosure on Apr 02

APPLE-SA-04-01-2025-1 watchOS 11.4

watchOS 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122376.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirDrop
Available for: Apple Watch Series 6 and later
Impact: An app may be able to read arbitrary file metadata
Description: A...