Security News

Typey typey

Daily Dave - 27 May, 2025 - 14:45

Posted by Dave Aitel via Dailydave on May 27

https://www.linkedin.com/mwlite/feed/posts/daveaitel_for-the-offensive-information-professionals-activity-7331470514927865856-
<https://www.linkedin.com/mwlite/feed/posts/daveaitel_for-the-offensive-information-professionals-activity-7331470514927865856-yRnO>
yRnO

So I wanted to point this contracting gig out because I think it's a good
opportunity for someone who can do quick vulnerability triage and either
replicate or disprove that...

Announcing the Parity Release of Volatility 3 and the Deprecation of Volatility 2

Daily Dave - 27 May, 2025 - 14:25

Posted by Andrew Case via Dailydave on May 27

The Volatility Team is very excited to announce the official Parity
Release of Volatility 3!

This release is not only capable of fully replacing all of Volatility
2’s features, but it also incorporates support for all the latest
operating system versions plus all the latest memory forensics
research.

With this release, Volatility 2 is now deprecated, and its GitHub
project has been archived.

Our announcement blog post details the new...

Re: Typey typey

Daily Dave - 27 May, 2025 - 14:15

Posted by Dave Aitel via Dailydave on May 27

https://www.linkedin.com/jobs/view/4233405535/

I am bad at links it seems ? Anyways, clicky clicky assuming you are the
type of person who uses Binja for fun and maybe a little bit of profit.

Also here is the OffensiveCon25 Youtube List - it's amazing to me they
managed to get these out so soon.
https://youtu.be/kF31SYIVob8?si=QWPps_--UsILr0mR

-dave

Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086

Full Disclosure - 16 May, 2025 - 21:39

Posted by Shaikh Shahnawaz on May 16

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor of Product]
RSI Queue (https://www.rsiqueue.com/)

[Vulnerability Type]
Blind SQL Injection

[Affected Component]
The vulnerable component is the TaskID parameter in the get request.

[CVE Reference]
CVE-2025-26086

[Security Issue]
An unauthenticated blind SQL injection vulnerability exists in RSI Queue
Management System v3.0 within the...

CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay

Full Disclosure - 16 May, 2025 - 21:39

Posted by Sebastian Auwärter via Fulldisclosure on May 16

Advisory ID: SYSS-2025-006
Product: Tiiwee X1 Alarm System
Manufacturer: Tiiwee B.V.
Affected Version(s): TWX1HAKV2
Tested Version(s): TWX1HAKV2
Vulnerability Type: Authentication Bypass by Capture-replay
(CWE-294)
Risk Level: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Solution Status: Open
Manufacturer Notification: 2025-01-27...

SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection

Full Disclosure - 16 May, 2025 - 21:39

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16

SEC Consult Vulnerability Lab Security Advisory < 20250507-0 >
=======================================================================
title: Authenticated Command Injection
product: Honeywell MB-Secure
vulnerable version: MB-Secure versions from V11.04 and prior to V12.53,
MB-Secure PRO versions from V01.06 and prior to V03.09
fixed version: MB-Secure v12.53, MB-Secure PRO v03.09
CVE number:...

SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more

Full Disclosure - 16 May, 2025 - 21:39

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16

SEC Consult Vulnerability Lab Security Advisory < publishing date 20250429-0 >
Combined Security Advisory for Sure Access Enterprise and Sure Click Enterprise
=======================================================================
title: Multiple Vulnerabilities
product: HP Wolf Security Controller / HP Sure Access Enterprise /
HP Sure Click Enterprise
vulnerable version: HP Wolf Security...

SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking

Full Disclosure - 16 May, 2025 - 21:39

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16

SEC Consult Vulnerability Lab Security Advisory < 20250422-0 >
=======================================================================
title: Local Privilege Escalation via DLL Search Order Hijacking
product: Ivanti Endpoint Manager Security Scan (Vulscan) Self
Update
vulnerable version: EPM 2022 SU6 and previous, EPM 2024
fixed version: EPM 2022 SU7 and EPM 2024 SU1
CVE number: CVE-2025-22458...

Session Invalidation in Economizzer Allows Unauthorized Access After Logout

Full Disclosure - 16 May, 2025 - 21:38

Posted by Ron E on May 16

A session management vulnerability exists in gugoan's Economizzer
v.0.9-beta1. The application fails to properly invalidate user sessions
upon logout or other session termination events. As a result, a valid
session remains active and usable even after the user has attempted to log
out.

POST /web/category/create HTTP/2

Host: <host>

Cookie: _economizzerSessionId=<<REDACTED>>;

Persistent Cross-Site Scripting in Economizzer Category Entry

Full Disclosure - 16 May, 2025 - 21:38

Posted by Ron E on May 16

A persistent cross-site scripting (XSS) vulnerability exists in gugoan's
Economizzer v.0.9-beta1. The application fails to properly sanitize
user-supplied input when creating a new category via the
*category/create *endpoint.
An attacker can inject malicious JavaScript payloads that are permanently
stored and later executed in the context of any user who views the affected
entry.

https://<host>/web/category/create

POST...

Persistent Cross-Site Scripting in Economizzer Cashbook Entry

Full Disclosure - 16 May, 2025 - 21:38

Posted by Ron E on May 16

A persistent cross-site scripting (XSS) vulnerability exists in gugoan's
Economizzer v.0.9-beta1 The application fails to properly sanitize
user-supplied input when creating a new cash book entry via the
*cashbook/create* endpoint. An attacker can inject malicious JavaScript
payloads that are permanently stored and later executed in the context of
any user who views the affected entry.

https://<host>/web/cashbook/create

POST...

APPLE-SA-05-12-2025-9 Safari 18.5

Full Disclosure - 16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-9 Safari 18.5

Safari 18.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122719.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: A type confusion issue could lead to memory corruption
Description: This...

APPLE-SA-05-12-2025-8 visionOS 2.5

Full Disclosure - 16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-8 visionOS 2.5

visionOS 2.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122721.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination...

APPLE-SA-05-12-2025-7 tvOS 18.5

Full Disclosure - 16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-7 tvOS 18.5

tvOS 18.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122720.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a maliciously crafted media file may lead to
unexpected...

APPLE-SA-05-12-2025-6 watchOS 11.5

Full Disclosure - 16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-6 watchOS 11.5

watchOS 11.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122722.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: Apple Watch Series 6 and later
Impact: Processing a maliciously crafted media file may lead to
unexpected app...

APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6

Full Disclosure - 16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6

macOS Ventura 13.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122718.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afpfs
Available for: macOS Ventura
Impact: Mounting a maliciously crafted AFP network share may lead to
system...

APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6

Full Disclosure - 16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6

macOS Sonoma 14.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122717.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afpfs
Available for: macOS Sonoma
Impact: Connecting to a malicious AFP server may corrupt kernel memory
Description:...

APPLE-SA-05-12-2025-3 macOS Sequoia 15.5

Full Disclosure - 16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-3 macOS Sequoia 15.5

macOS Sequoia 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122716.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afpfs
Available for: macOS Sequoia
Impact: Connecting to a malicious AFP server may corrupt kernel memory
Description: The...

BeyondTrust PRA connection takeover - CVE-2025-0217

Full Disclosure - 6 May, 2025 - 17:31

Posted by Paul Szabo via Fulldisclosure on May 06

=== Details ========================================================

Vendor: BeyondTrust
Product: Privileged Remote Access (PRA)
Subject: PRA connection takeover
CVE ID: CVE-2025-0217
CVSS: 7.8 (high) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Author: Paul Szabo <psz () maths usyd edu au>
Date: 2025-05-05

=== Introduction ===================================================

I noticed an issue in
BeyondTrust Privileged...

Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing

Full Disclosure - 1 May, 2025 - 02:24

Posted by hyp3rlinx on May 01

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: https://hyp3rlinx.altervista.org/advisories/Microsoft_Windows_xrm-ms_File_NTLM-Hash_Disclosure.txt
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
.xrm-ms File Type

[Vulnerability Type]
NTLM Hash Disclosure (Spoofing)

[Video URL PoC]
https://www.youtube.com/watch?v=d5U_krLQbNY

[CVE Reference]
N/A

[Security Issue]
The...
Syndicate content