SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Michal Zalewski via Dailydave on Mar 06

Not really different from prototyping on the Linux kernel or the
Chromium codebase - pick an old version if you want known bugs... you
don't see a whole lot of that either, and in contrast to Windows, that
wouldn't lead to all kinds of icky questions about ethics, IP, etc.

The thing about most of these tools is that they don't fare well in
large and exotic codebases. What makes sense for a web app is seldom
applicable to a kernel,...

Posted by Konrads Klints via Dailydave on Mar 06

Windows XP and Windows 2003 partial source code is out there on github. With such a rich corpus of known
vulnerabilities in those OS'es and source code availability, surely there should be an amazing amount of
SAST/semgrep/codeql rules that take as input existing known exploits and then do rules that find similar things, yet I
don't seem to be able to find such projects

Surely, these two code bases should be the foundation of most...

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated

Title: Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Advisory ID: KL-001-2024-004
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.50
    ...

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability

Title: Artica Proxy Unauthenticated File Manager Vulnerability
Advisory ID: KL-001-2024-003
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.40 and 4.50
     Platform: Debian 10...

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Advisory ID: KL-001-2024-002
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.50
     Platform: Debian...

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
Advisory ID: KL-001-2024-001
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.40 and 4.50
    ...

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02

SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >
=======================================================================
title: Local Privilege Escalation via DLL Hijacking
product: Qognify VMS Client Viewer
vulnerable version: >=7.1
fixed version: see solution
CVE number: CVE-2023-49114
impact: medium
homepage: https://www.qognify.com/...

Posted by Shaikh Shahnawaz on Mar 02

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Tp-Link (http://tp-link.com)

[Product]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Vulnerability Type]
Improper Access Control

[Affected Product Code Base]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole

[CVE Reference]
CVE-2023-43318...

Posted by Andrey Stoykov on Mar 02

# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1
# Date: 3/2024
# Exploit Author: Andrey Stoykov
# Version: 2.0.1
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

XSS via SVG File Upload

Steps to Reproduce:

1. Login with admin user
2. Visit "Media" page
3. Upload xss.svg
4. Click "View" and XSS payload will execute

// xss.svg contents

<?xml version="1.0" standalone="no"?>...

Posted by Andrey Stoykov on Mar 02

# Exploit Title: XAMPP - Error Based SQL Injection
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 5.6.40
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Steps to Reproduce:

1. Login to phpmyadmin
2. Visit Export > New Template > test > Create
3. Navigate to "Existing Templates"
4. Select template "test" and click "Update"
5. Trap HTTP POST request
6. Place single quote to...

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.amt
Vulnerability: Authentication Bypass
Description: The malware can run an FTP server which listens on TCP port
2121. Third-party attackers who can reach infected systems can logon using
any username/password...

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jeemp.c
Vulnerability: Cleartext Hardcoded Credentials
Description: The malware listens on three TCP ports which are randomized
e.g. 9719,7562,8687,8948,7376,8396 so forth. There is an ESMTP server
component...

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.AutoSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1008. Third party adversaries
who can reach an infected host can issue various commands made available by...

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Armageddon.r
Vulnerability: Hardcoded Cleartext Credentials
Description: The malware listens on TCP port 5859 and requires
authentication. The password "KOrUPtIzEre" is stored in cleartext within
the PE file at...

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38946]=======

Access Control Bypass in Multilaser router's Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38945]=======

Access Control Bypass in Multilaser routers' Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38944]=======

Access Control Bypass in Multilaser routers' Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....