It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.

'1593632?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2018-10866: Invalid Bug ID

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

'1905565?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-35518: Invalid Bug ID

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.

**Welcome to your site**

**Posted** 3 hours ago  
**Comments** 1

**What do you want to do next?**

*   Write a new article? Let your creativity flow!
*   Change this site’s name, slogan or select a different article URL style? Check and modify your preferences.
*   Edit or delete this article? Your articles list is the place to start.
*   Upload images or files to accompany your articles?
*   Learn Textile, the markup generator included with Textpattern? You can try it in the Textile sandbox.
    *   If you want to learn more, you can refer to an extensive Textile manual.
*   Be guided through your Textpattern first steps by completing some tasks?
*   Study the Textpattern Semantic Model?
*   Add one or more additional users, or extend Textpattern’s capabilities with plugins from the Textpattern plugin directory?
*   Dive in and learn by doing? Please note:
    *   When you write an article you assign it to a section of your site.
    *   Sections use a page template and a style to define how site content appears in a browser.
    *   Page templates typically use HTML and Textpattern tags (like this: <txp:article />) to build the output code.
    *   Some Textpattern tags use forms, reusable building blocks that provide extensive control and customization over your site construction.
    *   Pages, styles and forms can be packaged into themes and assigned to one or more sections.

Textpattern tags, their attributes and values are explained within the Textpattern User Documentation, where you will also find valuable examples, advice and tutorials.

There’s also a group of friendly, helpful Textpattern users and administrators at the Textpattern support forum.

Additional language translations and corrections are welcomed. Please visit Textpattern language translations for further details.

This is an example article included with Textpattern to demonstrate some of the first steps you can undertake. An example comment is associated with this article. The article and comment can be safely deleted using the articles and comments lists.

**Author**  
**Categories** Hope for the future, Meaningful labor

CVE-2023-36220: My site

Apple Security Advisory 09-16-2024-7 - Xcode 16 addresses unauthorized access issues.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-16-2024-7 Xcode 16

Xcode 16 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121239.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

IDE Documentation  
Available for: macOS Sonoma 14.5 and later  
Impact: A malicious application may gain access to a user's Keychain  
items  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2024-44162: Mickey Jin (@patch1t)

IDE Tools  
Available for: macOS Sonoma 14.5 and later  
Impact: An attacker may be able to determine the Apple ID of the owner  
of the computer  
Description: A privacy issue was addressed by removing sensitive data.  
CVE-2024-40862: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Kernel  
Available for: macOS Sonoma 14.5 and later  
Impact: An app may gain unauthorized access to Bluetooth  
Description: This issue was addressed through improved state management.  
CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven  
(@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

Additional recognition

Reality Composer Pro  
We would like to acknowledge Ron Masas of BreakPoint.sh for their  
assistance.

Swift  
We would like to acknowledge Banavath Aravind for their assistance.

Xcode 16 may be obtained from:  
https://developer.apple.com/xcode/downloads/  To check that the Xcode  
has been updated:  * Select Xcode in the menu bar * Select About  
Xcode * The version after applying this update will be "Xcode 16".

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboyXkACgkQX+5d1TXa  
IvqCRxAAg1rkAKtcgeWhSMqBPcPT8p3dpGm0gm6f5bIIJHefxwmHcNjS6GJh7Doi  
g3Dv+MJiGLOa/B0fqdDlAuimxAyW5KrMKl4oXHmo0Hl0D8SHi2f+NL3JI91SmZts  
rs1L4VpbR9uUJTCoXeZOXVH+LnXDN6jfUpD5+23kFJtuRBGw8a7BHRD1H0sl7yi9  
sS8n6zvYujiQyS8zP1NWkpxVMaLwTqFuE4gLR7Whjod70cPkQOzUpa2pmvA/xSXQ  
hpT8jhV1EVXVCGySkOmks3sdOxMg2PTTJ0l1r/hsLZSOhvbG6XyLPp1Y79uGLsnn  
aZIIHdHg9DWyoy8KNbgMsyjQC5/ZMkcEQloIgdx/vH3L0WDEa+/sZObrkERAKhZi  
qJneaBWmasy/I6QuoBihyo1EJhXRcDgw/7wjJaTPxJVJEAEVXMnwhz4UokvAE6CU  
Jo4qH1Yi6LLbCFuSUKUzJTq6OC0kssVp6Se2WAaqIm+5+374BgW/x2diaS1eLgYo  
e6db73koL1apAgP4vMvg3GUTA0/e4siZ9rAKYnRTghPWaKMX93Yeab9xHh5tNKb7  
INav09fDLuGBs97oe9pBfDFajYACaGdmYDA/mtoKchMt5gkgcovysjfV51KXdz8L  
dMGDYdOAtf0Lg0YkyuKEPzfYIoeTBKhWq1hZYS+ZQVULd5gkysM=  
=o+oG  
-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-7

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.

@@ -19,10 +19,14 @@ const expect = chai.expect describe('Test video comments API validator', function () { let pathThread: string let pathComment: string  
let server: PeerTubeServer  
let video: VideoCreateResult  
let userAccessToken: string let userAccessToken2: string  
let commentId: number let privateCommentId: number let privateVideo: VideoCreateResult @@ -203,9 +207,8 @@ describe('Test video comments API validator', function () {  
it('Should fail with an incorrect video', async function () { const path \= '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads' const fields \= { text: 'super comment' } const fields \= { text: 'super comment' }  
await makePostBodyRequest({ url: server.url, path, @@ -215,10 +218,21 @@ describe('Test video comments API validator', function () { }) })  
it('Should fail with a private video of another user', async function () { const fields \= { text: 'super comment' }  
await makePostBodyRequest({ url: server.url, path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', token: userAccessToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN\_403 }) })  
it('Should succeed with the correct parameters', async function () { const fields \= { text: 'super comment' } const fields \= { text: 'super comment' }  
await makePostBodyRequest({ url: server.url, path: pathThread, @@ -230,6 +244,7 @@ describe('Test video comments API validator', function () { })  
describe('When adding a comment to a thread', function () {  
it('Should fail with a non authenticated user', async function () { const fields \= { text: 'text' @@ -276,6 +291,18 @@ describe('Test video comments API validator', function () { }) })  
it('Should fail with a private video of another user', async function () { const fields \= { text: 'super comment' }  
await makePostBodyRequest({ url: server.url, path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId, token: userAccessToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN\_403 }) })  
it('Should fail with an incorrect comment', async function () { const path \= '/api/v1/videos/' + video.uuid + '/comments/124' const fields \= {

CVE-2022-0727: Check video privacy when creating comments/rates · Chocobozzz/PeerTube@6ea9295

Plus: A hacker finds an issue with Cloudflare’s systems that could reveal app users’ rough locations, and the Trump administration puts a wrench in a key cybersecurity investigation.

This week started off with a bang and just kept going. In the wee hours of Saturday night, TikTok cut off access to users in the United States ahead of Sunday’s deadline that forced Apple and Google to remove the video-sharing app from their app stores. While TikTok was dark, US users raced to get around the TikTok ban while several other unexpected apps saw their access to Americans severed as well. By midday on Sunday, however, TikTok access was already coming back in the US. By Monday night, newly inaugurated US president Donald Trump had signed an executive order delaying the TikTok ban by 75 days.

On Tuesday, Trump made good on his promise to free Ross Ulbricht, the imprisoned creator of the Silk Road dark-web market, where users sold drugs, guns, and worse. Ulbricht had spent more than 11 years behind bars after he was arrested by the FBI in 2013 and later sentenced to life in prison. Trump’s decision to pardon Ulbricht is largely seen as linked to the support he’s received from the libertarian cryptocurrency community, which has long considered the Silk Road creator a martyr.

As the world enters the second Trump era, WIRED sat down with Jen Easterly, who recently left her top spot as director of the Cybersecurity and Infrastructure Security Agency to discuss the cyber threats facing the US and CISA’s uncertain future as the frontline watchdog against nation-state hackers and other digital security threats facing the US.

Lastly, we detailed new research that revealed how trivial bugs had exposed Subaru’s system for tracking the locations of its customers’ vehicles. The researchers found they could access a web portal for Subaru employees that allowed them to pinpoint up to a years’ worth of a car’s location—down to the parking spots they use. The flaws are now patched, but Subaru employees still have access to sensitive driver location data.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Judge Says Controversial FBI Searches Require a Warrant**

A US judge in New York this week found that the FBI’s practice of searching data on US persons under Section 702 of the Foreign Intelligence Surveillance Act without obtaining a warrant is unconstitutional. FISA gives the US government the authority to collect the communications of foreign entities through internet providers and companies like Apple and Google. Once this data was collected, the FBI could perform “backdoor searches” for information on US citizens or residents who communicated with foreigners, and it did so without first obtaining a warrant. Judge DeArcy Hall found that these searches do require a warrant. “To hold otherwise would effectively allow law enforcement to amass a repository of communications under Section 702—including those of US persons—that can later be searched on demand without limitation,” the judge wrote.

**Cloudflare Function Could Expose App Users’ Rough Location**

An “issue” with the basic functionality of internet infrastructure company Cloudflare’s content delivery network, or CDN, can reveal the coarse location of people using apps, including those meant for protecting privacy, according to findings from an independent security researcher. Cloudflare has servers in hundreds of cities and more than 100 countries around the world. Its CDN works by caching peoples’ internet traffic across its servers then delivering that data from the server closest to a person’s location. The security researcher, who goes by Daniel, found a way to send an image to a target, collect the URL, then use a custom-built tool to query Cloudflare to find out which data center delivered the image—and thus the state or possibly the city the target is in. Fortunately, Cloudflare tells 404 Media that it fixed the issue after Daniel reported it.

**Trump Administration Disbands Review Board Investigating China’s Salt Typhoon Attacks**

In one of its first moves after Trump took office on Monday, the Department of Homeland Security let go everyone on the agency’s advisory committees. This includes the Cyber Safety Review Board, which was investigating widespread attacks on the US telecommunications system by the China-backed hacker group Salt Typhoon. US authorities revealed in mid-November that Salt Typhoon had embedded itself in at least nine US telecoms for espionage purposes, potentially exposing anyone using unencrypted calls and text message to surveillance by Beijing. While the future of the CSRB remains uncertain, sources tell reporter Eric Geller that their investigation into Salt Typhoon’s attacks is effectively “dead.”

US Privacy Snags a Win as Judge Limits Warrantless FBI Searches

Where there’s a gift to be bought, there’s also a scammer out to make money. Here's how to stay safe this shopping season.

It’s that time of year again. Thanksgiving will pass just as quickly as it arrived, and the festive season will soon hit full swing as countless people go online for some gift shopping. But where there’s a gift to be bought, there’s also a scammer out to make money.

And make money they do. In the last five years, the Internet Crime Complaint Center (IC3) said it has received 3.79 million complaints for a wide range of internet scams, resulting in $37.4 billion in losses. 

Today, we’re warning of several online threats that could target you over the next few weeks and months: brand impersonation and fakes, credit card skimming, and malvertising. 

**1\. **Brand impersonation scams** **

This Black Friday and beyond, you’re likely to see scammers ripping off big name brands. Here are a few fakes you should look out for. 

****Temu ads offer discounted PS5s** **

Scrolling through Facebook, we were presented with a couple of posts advertising discounted PS5s. 

> “Quit overspending on PS5! This one I got off TEMU is AWESOME and is much cheaper. I’d highly recommend picking this up!” 

Of course, it’s tempting to get a discount on high-value items like a PlayStation 5, but Temu doesn’t actually sell PS5s.

If you click the play button on the “video,” you are instead redirected to a Temu page selling various PlayStation accessories that are not official or in any way approved by Sony.  

****Fake Amazon offers you great deals this Black Friday** **

Amazon is relatively low cost, it’s convenient, and you can look at someone’s wish list on there. Except in this scam we caught online, the website isn’t really Amazon—check out the URL. 

Fake online stores like this use Amazon’s branding to sell counterfeit products. Even if you take the risk and buy a knock off product (which we think is a bad idea), you have no guarantee of receiving the merchandise, and definitely no buyer protection. 

****Walmart makes it easy for you to buy gift cards** **

Nothing says “I saw this and thought of you” like a Walmart gift card on Christmas day. But make sure you are buying from the right website.  

Again, in this example, check out the URL—this website might look Walmart, but it’s a fake that will happily take your money in exchange for nothing. 

****“USPS” now delivers you fraud** **

If you’re taking advantage of Black Friday sales and buying many things at once, it can be tricky to keep track of what you’ve ordered. Even if you do know what’s coming, you often don’t know which package service will deliver it to your door. Scammers take advantage of this and will send fake delivery notice emails that encourage you to click on them. 

With this fake USPS site, you are asked to pay a small fee to have your delivery processed. However, once you hand over your card details the scammers can take whatever amount they like and sell your details to other criminals. 

These scams are very common. In fact, when we looked, we saw 50 fake USPS sites set up in only a day: 

**2\. **Credit card skimmers** **

We’re seeing a lot of online stores hosting credit card skimmers, especially smaller retailers.  

A credit card skimmer is a piece of malware that is injected into a website, often through vulnerabilities in the content management system (CMS) or the plugins that the site owner uses. 

When visiting a site that has a card skimmer on it, you’ll likely have no idea it’s even there. However, a single script injection is enough to steal your credit card data. 

Last year, we saw a large uptick in card skimmers just before the holiday season. One particular campaign that we tracked peaked in April 2023, but then really slowed down during the summer months. Across months, cybercriminals had infected multiple websites and built custom templates to trick victims into handing over their credit card details. By October, the same campaign had increased to its highest volume yet, and it is highly likely that this year will be the same. 

When looking at compromised websites, it can be hard to tell what—if anything—is wrong. However, if a site looks like it hasn’t been maintained in a while (for example, it displays outdated information, such as ‘Copyright 2022′) you should avoid entering in your card details. Most compromises happen because a website’s CMS and its plugins are outdated and vulnerable. 

Our free browser extension Malwarebytes Browser Guard blocks credit card skimmers by default. If you visit a compromised store you’ll be shown a warning like this: 

Access to the store isn’t blocked, we just block the skimmer code so it can’t load. And while you could in theory still shop safely, we’d still advise you to avoid buying anything from there. 

Malvertising—or malicious advertising—is a favorite of scammers, who use online ads and sponsored search results to deliver malware to their unsuspecting victims.  

Malvertising doesn’t require that criminals know a victim’s email address, login credentials, or personal information to deliver them malware. All the scammers need to do is fool someone into clicking on an ad that looks legitimate.  

Last fall, Malwarebytes tracked a 42% increase month-over-month in malvertising incidents in the US. This year we’re seeing a similar uptick, with a 41% increase from July to September as we head into the holiday shopping season. 

In terms of the actual advertiser accounts that are used in malvertising campaigns, most are based in the US and are set up using a combination of fake identities or hijacked accounts. However, according to our research findings, ads originating in Pakistan and Vietnam account for 90% of the fraud. 

Most (77%) of the accounts are used once only—created quickly and then burned. Once that account is dead, cybercriminals spin up the next one and on it goes.  

No brand is safe from malvertisers. We’ve tracked campaigns that spoof Google, Amazon, eBay, Walmart, Lowe’s—and even Malwarebytes.  

Our advice: It’s not always easy to tell a real ad from a scam, so it’s best to avoid clicking on sponsored ads at all. Use genuine search results or navigate directly to the site yourself. 

****How to shop safely this holiday season**  **

*   **Remember: If it’s too good to be true then it probably is.** Discounted items are tempting—especially at a time of year when lots of spending takes place—but these offers often amount to nothing. Instead, research the best deal at reputable retailers. 

*   **Don’t get rushed into making decisions.** Scammers will use a sense of urgency to pressure you into performing quick actions before you can properly think things through. Take your time before doing anything like clicking links or entering card details. 

*   **Get an ad and malicious content blocker like** **Malwarebytes Browser Guard.** If you’re blocking ads then you can’t be tricked into clicking on them. Browser Guard (which is free!) also protects against credit card skimming and other online threats. 

*   **Keep an eye on your financial statements:** An uptick in online shopping deserves an uptick in vigilance with checking online bank accounts, credit card statements, investment portfolios—in fact, any financial account data. Flag anything that seems suspicious with your provider. 

*   **Protect your online accounts.** Use a different password for every account (a password manager is super helpful in generating and storing all your passwords), and set up multi-factor authentication (MFA) wherever you can.  

*   **Protect your devices:** Most security products offer some kind of web protection that detects malicious domains and IP addresses, including Malwarebytes Premium which offers web and phishing protection. 

*   **Clean up your personal data online:** Cybercriminals use publicly available information in their scams, so check what information is available about you online using our free Digital Footprint scan. You can also take the first step in removing your personal information from the network of data brokers online with our Personal Data Remover. 

_Thanks to Jerome Segura for his research on this piece._

 Warning: Online shopping threats to avoid this Black Friday and Cyber Monday  

### Summary
---
Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading  Stored XSS(Cross-Site Script) attack.

### PoC
---
NocoDB was configured using the Release Binary `Noco-macos-arm64`, and nocodb version 0.202.9 (currently the latest version) was used.
binary hash infos: md5(164b727f287af56168bc16fba622d0b4) / sha256(43e8e97f4c5f5330613abe071a359f84e4514b7186f92954b678087c37b7832e)
<img width="665" alt="image" src="https://user-images.githubusercontent.com/86613161/287472673-aeb60a02-2080-429f-8583-9f130ab62779.png">

### 1. Run the binary to start the server and access the arbitrary table dashboard.
<img width="830" alt="image" src="https://user-images.githubusercontent.com/86613161/287472852-98b2286e-ad66-45bf-b503-63780619d775.png">

Here, used the default `Features` table.

### 2. Click `+` in the table `field header` to add an `attachment` field.
<img width="1173" alt="image" src="https://user-images.githubusercontent.com/86613161/287472936-98a67213-a547-4e71-915c-d2a43300530b.png">

### 3. Click the `Add File(s)` button to select and upload files.

<img width="1132" alt="image" src="https://user-images.githubusercontent.com/86613161/287473041-0801ff39-e48c-4746-8518-be825bfd5533.png">

Here, `test.html` containing `<script>alert(document.domain)</script>` was uploaded.

### 4. Check the uploaded file path.
<img width="1163" alt="image" src="https://user-images.githubusercontent.com/86613161/287473337-b1c7c781-2fb5-4bd0-b464-dbd3d4158f04.png"

### 5. Access the uploaded file path.
<img width="1201" alt="image" src="https://user-images.githubusercontent.com/86613161/287473278-410f9228-58e3-4ee4-b111-70cdbffa9ed5.png">

When the file path is accessed, the `<script>alert(document.domain)</script>` script statement contained in the file is executed and the server host appears in the alert message.


### Impact
---
This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form.


**Summary**

Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack.

**PoC**

NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently the latest version) was used.  
binary hash infos: md5(164b727f287af56168bc16fba622d0b4) / sha256(43e8e97f4c5f5330613abe071a359f84e4514b7186f92954b678087c37b7832e)  

**1\. Run the binary to start the server and access the arbitrary table dashboard.**

Here, used the default Features table.

**2\. Click + in the table field header to add an attachment field.**

**3\. Click the Add File(s) button to select and upload files.**

Here, test.html containing <script>alert(document.domain)</script> was uploaded.

**4\. Check the uploaded file path.**

<img width="1163" alt="image" src="https://user-images.githubusercontent.com/86613161/287473337-b1c7c781-2fb5-4bd0-b464-dbd3d4158f04.png"

**5\. Access the uploaded file path.**

When the file path is accessed, the <script>alert(document.domain)</script> script statement contained in the file is executed and the server host appears in the alert message.

**Impact**

This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form.

**References**

*   GHSA-qg73-g3cf-vhhh

GHSA-qg73-g3cf-vhhh: NocoDB Allows Preview of Files with Dangerous Content

stored xss in GitHub repository getgrav/grav prior to 1.7.33.

@@ -219,7 +219,8 @@ public static function detectXss($string, array $options = null): ?string $string = html\_entity\_decode($string, ENT\_NOQUOTES | ENT\_HTML5, 'UTF-8');  
// Strip whitespace characters $string = preg\_replace('!\\s!u', '', $string); $string = preg\_replace('!\\s!u', ' ', $string); $stripped = preg\_replace('!\\s!u', '', $string);  
// Set the patterns we'll test against $patterns = \[ @@ -242,7 +243,7 @@ public static function detectXss($string, array $options = null): ?string // Iterate over rules and return label if fail foreach ($patterns as $name => $regex) { if (!empty($enabled\_rules\[$name\])) { if (preg\_match($regex, $string) || preg\_match($regex, $orig)) { if (preg\_match($regex, $string) || preg\_match($regex, $stripped) || preg\_match($regex, $orig)) { return $name; } }

CVE-2022-1173: Fixed XSS check not detecting onX events without quotes · getgrav/grav@1c0ed43

The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.

**vm2 vulnerable to Arbitrary Code Execution**

Critical severity GitHub Reviewed Published Dec 21, 2022 • Updated Dec 22, 2022

Search

lenovo warranty check/lookup | check warranty status | lenovo support us