Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 4 hours 22 min ago

KL-001-2025-002: Checkmk NagVis Remote Code Execution

4 February, 2025 - 17:11

Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04

KL-001-2025-002: Checkmk NagVis Remote Code Execution

Title: Checkmk NagVis Remote Code Execution
Advisory ID: KL-001-2025-002
Publication Date: 2025-02-04
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt

1. Vulnerability Details

     Affected Vendor: Checkmk
     Affected Product: Checkmk/NagVis
     Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40
     Platform: GNU/Linux
     CWE...

KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting

4 February, 2025 - 17:08

Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04

KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting

Title: Checkmk NagVis Reflected Cross-site Scripting
Advisory ID: KL-001-2025-001
Publication Date: 2025-02-04
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt

1. Vulnerability Details

     Affected Vendor: Checkmk
     Affected Product: Checkmk/NagVis
     Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40
     Platform: GNU/Linux...

APPLE-SA-01-30-2025-1 GarageBand 10.4.12

2 February, 2025 - 02:33

Posted by Apple Product Security via Fulldisclosure on Feb 01

APPLE-SA-01-30-2025-1 GarageBand 10.4.12

GarageBand 10.4.12 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121866.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

GarageBand
Available for: macOS Sonoma 14.4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary...

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

2 February, 2025 - 02:33

Posted by David Fifield on Feb 01

I tested a few more times, and it appears the text injection has
disappeared.

These are timestamps when I tested, with offsets relative to the initial
discovery.

+0h 2025-01-28 03:00 initial discovery
+5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works
(https://archive.is/DD9xB)
+14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works
(no archive)
+45h...

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3

2 February, 2025 - 02:32

Posted by hyp3rlinx on Feb 01

Updated SQL Injection CVE-2019-19245 exploit for Python3.

import requests,time,re,sys,argparse

#NAPC Xinet Elegant 6 Asset Library v6.1.655
#Pre-Auth SQL Injection 0day Exploit
#By hyp3rlinx
#ApparitionSec
#UPDATED: Jan 2024 for python3
#TODO: add SSL support
#===============================
#This will dump tables, usernames and passwords in vulnerable versions
#REQUIRE PARAMS:...

Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449

29 January, 2025 - 19:59

Posted by Shaikh Shahnawaz on Jan 29

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
https://quorum.com/about/

[Product]
Quorum onQ OS - 6.0.0.5.2064

Vulnerability Type]
Reflected Cross Site Scripting (XSS)

[Affected Component]
Login page get parameter 'msg' is vulnerable to Reflected Cross site
scripting

[CVE Reference]
CVE-2024-44449

[Security Issue]
Cross Site Scripting vulnerability in Quorum onQ OS...

Deepseek writes textbook insecure code in 2025-01-28

29 January, 2025 - 19:58

Posted by Georgi Guninski on Jan 29

Asking Deepseek on Jan 28 09:33:11 AM UTC 2025:

Write a python CGI which takes as an argument string NAME and outputs
"Hello"+NAME

The Deepseek AI [3] returned:

====
name = form.getvalue('NAME', 'World') # Default to 'World' if NAME is
not provided
# Output the HTML response
print(f"<html><body><h1>Hello, {name}!</h1></body></html>")

*For security reasons,...

Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

29 January, 2025 - 19:58

Posted by David Fifield on Jan 29

The page https://www.google.com/sorry/index is familiar to Tor and VPN
users. It is the one that says "Our systems have detected unusual
traffic from your computer network. Please try your request again
later." You will frequently be redirected to this page when using Tor
Browser, when you do a search on a Google site such as www.youtube.com
or scholar.google.com. The text of the page reports the client IP
address, a timestamp of the...

APPLE-SA-01-27-2025-9 Safari 18.3

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-9 Safari 18.3

Safari 18.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122074.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Passwords
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious app may be able to bypass browser extension
authentication...

APPLE-SA-01-27-2025-8 tvOS 18.3

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-8 tvOS 18.3

tvOS 18.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122072.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker on the local network may be able to cause unexpected...

APPLE-SA-01-27-2025-7 watchOS 11.3

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-7 watchOS 11.3

watchOS 11.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122071.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: Apple Watch Series 6 and later
Impact: An attacker on the local network may be able to cause unexpected
system...

APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3

macOS Ventura 13.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122070.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data...

APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3

macOS Sonoma 14.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122069.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: macOS Sonoma
Impact: A remote attacker may cause an unexpected application
termination or...

APPLE-SA-01-27-2025-4 macOS Sequoia 15.3

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-4 macOS Sequoia 15.3

macOS Sequoia 15.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122068.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: macOS Sequoia
Impact: An attacker on the local network may be able to cause unexpected
system...

APPLE-SA-01-27-2025-3 iPadOS 17.7.4

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-3 iPadOS 17.7.4

iPadOS 17.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122067.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: A remote attacker may...

APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3

iOS 18.3 and iPadOS 18.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122066.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

APPLE-SA-01-27-2025-1 visionOS 2.3

27 January, 2025 - 19:07

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-1 visionOS 2.3

visionOS 2.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122073.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: Apple Vision Pro
Impact: An attacker on the local network may be able to cause unexpected
system termination or...

AutoLib Software Systems OPAC Version.20.10 | Exposure of Sensitive Information | CVE-2024-48310

27 January, 2025 - 19:07

Posted by Shaikh Shahnawaz on Jan 27

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Autolib-india
http://autolib-india.net/products.php

[Product]
AutoLib Software Systems OPAC Version.20.10

[Affected Component]
main.js file

[CVE Reference]
CVE-2024-48310

[Security Issue]
AutoLib Software Systems OPAC v20.10 was discovered to have multiple API
keys exposed within the source code. Attackers may use these keys to...

SEC Consult SA-20250127-0 :: Weak Password Hashing Algorithms in Wind River Software VxWorks RTOS

27 January, 2025 - 19:06

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 27

SEC Consult Vulnerability Lab Security Advisory < 20250127-0 >
=======================================================================
title: Weak Password Hashing Algorithms
product: Wind River Software VxWorks RTOS
vulnerable version: >= VxWorks 6.9
fixed version: not available
CVE number: no CVE assigned by Wind River
impact: High
homepage:...

Host Header Injection - atutorv2.2.4

27 January, 2025 - 19:06

Posted by Andrey Stoykov on Jan 27

# Exploit Title: Host Header Injection - atutorv2.2.4
# Date: 01/2025
# Exploit Author: Andrey Stoykov
# Version: 2.2.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-18-host.html

Description:

- It was found that the application had a Host Header Injection
vulnerability.

Host Header Injection #1:

Steps to Reproduce:

1. Visit specific page of the application
2. Intercept the HTTP GET/POST...