SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by malvuln on Apr 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Dumador.c
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware runs an FTP server on TCP port 10000. Third-party
adversaries who can reach the server can send a specially crafted payload
triggering...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19

SEC Consult Vulnerability Lab Security Advisory < 20240418-0 >
=======================================================================
title: Broken authorization
product: Dreamehome app
vulnerable version: <=2.1.5 (iOS)
fixed version: none, see solution
CVE number: -
impact: medium
homepage: https://www.dreametech.com
found: 2024-01-17...

Posted by Pawel Karwowski via Fulldisclosure on Apr 19

Resending! Thank you for your efforts.

GitHub - pawlokk/mindmanager-poc: public disclosure<https://github.com/pawlokk/mindmanager-poc>

Affected application: MindManager23_setup.exe

Platform: Windows

Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition)

Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team)

Proposed mitigation:...

Posted by V3locidad on Apr 14

CVE ID: CVE-2024-31705

Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface

Affected Product : GLPI - 10.X.X and last version

Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.

Affected Component : A remote code execution (RCE) vulnerability has been identified in the 'Shell...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14

SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: -
impact: medium
homepage: https://aws.amazon.com/glue/
found:...

Posted by Egidio Romano on Apr 10

------------------------------------------------------------------------------
Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

Version 4.7.16 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the...

Posted by Egidio Romano on Apr 10

--------------------------------------------------------------------
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
--------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

All versions from 4.4.0 to 4.7.15.

[-] Vulnerability Description:

The vulnerability is located in the
/applications/nexus/modules/front/store/store.php script....

Posted by Andrey Stoykov on Apr 10

# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7
# Date: 4/2024
# Exploit Author: Andrey Stoykov
# Version: 9.2.7
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Verbose Error Message - Stack Trace:

1. Directly browse to edit profile page
2. Error should come up with verbose stack trace

Verbose Error Message - SQL Error:

1. Page Settings > Design > Save Changes
2. Intercept HTTP POST request and place single...

Posted by Martin Heiland via Fulldisclosure on Apr 10

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0001.html.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH...

Posted by malvuln on Apr 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Razy.abc
Vulnerability: Insecure Permissions (In memory IPC)
Family: Razy
Type: PE32
MD5: 0eb4a9089d3f7cf431d6547db3b9484d
SHA256: 3d82fee314e7febb8307ccf8a7396b6dd53c7d979a74aa56f3c4a6d0702fd098
Vuln ID: MVID-2024-0678...

Posted by Clément Cruchet on Apr 10

CVE ID: CVE-2023-27195

Description:
An access control issue in Trimble TM4Web v22.2.0 allows
unauthenticated attackers to access a specific crafted URL path to
retrieve the last registration access code and use this access code to
register a valid account. If the access code was used to create an
Administrator account, attackers are also able to register new
Administrator accounts with full rights and privileges.

Vulnerability Type: Broken...

Posted by Andrew Zayine on Apr 05

Dear Colleagues,

IEEE CSR Workshop on Cyber Forensics and Advanced Threat Investigations in
Emerging Technologies organizing committee is inviting you to submit your
research papers. The workshop will be held in Hybrid mode. The in-person
mode will held at Hilton London Tower Bridge, London from 2 to 4 September
2024

Topics include (but not limited to):
-Forensics and threat investigations in P2P, cloud/edge, SDN/NFV, VPN, and
social networks...

Posted by malvuln on Apr 05

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0e6e40aad3e8d46e3c0c26ccc6ab94b3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.ju (PSYRAT)
Vulnerability: Authentication Bypass RCE
Family: PSYRAT
Type: PE32
MD5: 0e6e40aad3e8d46e3c0c26ccc6ab94b3
Vuln ID: MVID-2024-0677
Disclosure: 04/01/2024

Description: The PsyRAT 0.01 malware listens on...

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30929

Description:
A Cross-Site Scripting (XSS) vulnerability has been found in DerbyNet version 9.0, affecting the `playlist.php`
component. This issue allows remote attackers to execute arbitrary code by exploiting the `back` parameter. The
application does not properly sanitize the `back` parameter before it is rendered on the page, thereby allowing the
injection and execution of arbitrary JavaScript code.

Vulnerability...

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30928

Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the
`ajax/query.slide.next.inc` file. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting the unvalidated `classids` parameter used in constructing SQL queries. This
parameter is not properly sanitized before being included in the SQL statement,...

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30927

Description:
A Cross-Site Scripting (XSS) vulnerability is present in DerbyNet version 9.0, specifically within the
`racer-results.php` component. This issue allows remote attackers to execute arbitrary code through the improper
handling of the `racerid` parameter. The vulnerability is notably present within the HTML `<title>` tag, where the
`racerid` parameter value is dynamically inserted directly into the page...

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30926

Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, affecting the
`./inc/kiosks.inc` component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the
`address_for_current_kiosk()` function. The issue stems from the improper sanitization of user-supplied input via the
URL parameters `id` and `address`, which are directly utilized without...

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30925

Description:
A Cross-Site Scripting (XSS) vulnerability exists in DerbyNet version 9.0, specifically within the `photo-thumbs.php`
component. This issue enables a remote attacker to execute arbitrary code through the improper handling of the
`racerid` and `back` parameters. The vulnerability arises because the application dynamically generates URLs for
navigation without adequately sanitizing these parameters, thus...

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30924

Description:
A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically within the
`checkin.php` component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling
of the `order` URL parameter. The flaw lies in the way the `order` parameter is embedded directly into a JavaScript
variable assignment without adequate sanitization or encoding,...

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30923

Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the
`print/render/racer.inc` component. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting improper sanitization of the `where` clause in Racer Document Rendering.

Vulnerability Type: SQL Injection

Vendor of Product: DerbyNet - Available on...