Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 1 hour 35 min ago

SEC Consult blog :: Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey (CVE-2024-38014) + msiscan tool release

16 September, 2024 - 22:09

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 16

The SEC Consult Vulnerability Lab published a new blog post titled:
"Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey"
covering the recent Microsoft September 2024 patch for CVE-2024-38014.

Blog URL:
---------
https://r.sec-consult.com/msi

Author:
-------
Michael Baer, SEC Consult Vulnerability Lab

Abstract:
---------
This article by our researcher Michael Baer for the SEC Consult Vulnerability Lab
will explain...

Stored XSS to Account Takeover - htmlyv2.9.9

16 September, 2024 - 22:08

Posted by Andrey Stoykov on Sep 16

# Exploit Title: Stored XSS to Account Takeover - htmlyv2.9.9
# Date: 9/2024
# Exploit Author: Andrey Stoykov
# Version: 2.9.9
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/08/friday-fun-pentest-series-9-stored-xss.html

Description:

- It was found that the application suffers from stored XSS

- Low level user having an "author" role can takeover admin account and
change their password via posting a malicious...

APPLE-SA-09-16-2024-10 macOS Ventura 13.7

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-10 macOS Ventura 13.7

macOS Ventura 13.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121234.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Ventura
Impact: An app may be able to leak sensitive user information
Description: The...

APPLE-SA-09-16-2024-9 macOS Sonoma 14.7

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-9 macOS Sonoma 14.7

macOS Sonoma 14.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121247.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: The issue was...

APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7

iOS 17.7 and iPadOS 17.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121246.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
2nd generation and...

APPLE-SA-09-16-2024-7 Xcode 16

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-7 Xcode 16

Xcode 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121239.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

IDE Documentation
Available for: macOS Sonoma 14.5 and later
Impact: A malicious application may gain access to a user's Keychain
items...

APPLE-SA-09-16-2024-6 Safari 18

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-6 Safari 18

Safari 18 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121241.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The...

APPLE-SA-09-16-2024-5 visionOS 2

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-5 visionOS 2

visionOS 2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121249.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: Apple Vision Pro
Impact: A malicious app with root privileges may be able to modify the
contents of system files...

APPLE-SA-09-16-2024-4 watchOS 11

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-4 watchOS 11

watchOS 11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121240.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple Watch Series 6 and later
Impact: An attacker with physical access to a locked device may be able
to...

APPLE-SA-09-16-2024-3 tvOS 18

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-3 tvOS 18

tvOS 18 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121248.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Game Center
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access user-sensitive data
Description: A file...

APPLE-SA-09-16-2024-2 macOS Sequoia 15

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-2 macOS Sequoia 15

macOS Sequoia 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121238.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac
Pro (2019 and later), Mac Mini (2018 and...

APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18

16 September, 2024 - 22:08

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18

iOS 18 and iPadOS 18 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121250.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad...

CVE-2024-25286 - RedSys - A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0

11 September, 2024 - 21:16

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Authorization Method
Tested Version(s): 3DSecure 2.0 3DS Authorization Method
Vulnerability Type: Cross-Site Request Forgery (CSRF)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25286

Overview:
A Cross-Site Request Forgery (CSRF) vulnerability was...

CVE-2024-25285 - RedSys - 3DSecure 2.0 is vulnerable to form action hijacking

11 September, 2024 - 21:16

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Method Authentication
Tested Version(s): 3DSecure 2.0 3DS Method Authentication
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25285

Overview:
3DSecure 2.0 is vulnerable to form action hijacking via the...

CVE-2024-25284 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0

11 September, 2024 - 21:16

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Authorization Method
Tested Version(s): 3DSecure 2.0 3DS Authorization Method
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25284

Overview:
Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in...

CVE-2024-25283 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0

11 September, 2024 - 21:15

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Authorization Challenge
Tested Version(s): 3DSecure 2.0 3DS Authorization Challenge
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25283

Overview:
Multiple reflected Cross-Site Scripting (XSS)...

CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication

11 September, 2024 - 21:15

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Method Authentication
Tested Version(s): 3DSecure 2.0 3DS Method Authentication
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25282

Overview:
3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its...

KL-001-2024-012: VICIdial Authenticated Remote Code Execution

10 September, 2024 - 14:31

Posted by KoreLogic Disclosures via Fulldisclosure on Sep 10

KL-001-2024-012: VICIdial Authenticated Remote Code Execution

Title: VICIdial Authenticated Remote Code Execution
Advisory ID: KL-001-2024-012
Publication Date: 2024-09-10
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt

1. Vulnerability Details

     Affected Vendor: VICIdial
     Affected Product: VICIdial
     Affected Version: 2.14-917a
     Platform: GNU/Linux
     CWE Classification:...

KL-001-2024-011: VICIdial Unauthenticated SQL Injection

10 September, 2024 - 14:29

Posted by KoreLogic Disclosures via Fulldisclosure on Sep 10

KL-001-2024-011: VICIdial Unauthenticated SQL Injection

Title: VICIdial Unauthenticated SQL Injection
Advisory ID: KL-001-2024-011
Publication Date: 2024-09-10
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt

1. Vulnerability Details

     Affected Vendor: VICIdial
     Affected Product: VICIdial
     Affected Version: 2.14-917a
     Platform: GNU/Linux
     CWE Classification: CWE-89:...

OXAS-ADV-2024-0005: OX App Suite Security Advisory

9 September, 2024 - 22:26

Posted by Martin Heiland via Fulldisclosure on Sep 09

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0005.html.

Yours sincerely,
Martin Heiland, Open-Xchange...