#git

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

### Impact _What kind of vulnerability is it? Who is impacted?_ An attacker could exploit this vulnerability by crafting a malicious JSON Web Encryption (JWE) token with a high compression ratio. This token, when processed by a server, leads to excessive memory allocation and processing time during decompression, causing a denial-of-service (DoS) condition. It's important to note that the attacker must have access to the public encrypt key registered with the IDP(Entra ID) for successful exploitation. _According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?_ A scope change (S:C) in the CVSS metric indicates that successful exploitation of this vulnerability could extend beyond the immediate processing of malicious tokens, affecting the overall availability of the system by causing a denial-of-service (DoS) condition. ### Patches _Has the problem been patched? What versions should users upgrade to?_ The v...

### Impact _What kind of vulnerability is it? Who is impacted?_ Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. ### Patches _Has the problem been patched? What versions should users upgrade to?_ The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users **should** update **all** their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher, if using Microsoft.IdentityModel.Protocols.SignedHttpRequest. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ No, users must upgrade. ### References _Are there any links users can visit to find out more?_ https://aka.ms/IdentityModel/Jan2024/jku

SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies, identifying to what extent a network can be compromised using SSH and SSH private keys starting from a particular system. SSH-Snake can automatically reveal the relationship between systems which are connected via SSH, which would normally take a tremendous amount of time and effort to perform manually.suffers from bypass and traversal vulnerabilities.

### Summary Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. ### Details This seems to also affect other functions that calls `Parse` internally, like `jws.Verify`. My understanding of these functions from the docs is that they are supposed to fail gracefully on invalid input and don't require any prior validation. Based on the stack trace in the PoC, the issue seems to be that the processing done in `jws/message.go:UnmarshalJSON()` assumes that if a `signature` field is present, then a `protected` field is also present. If this is not the case, then the subsequent call to `getB64Value(sig.protected)` will dereference `sig.protected`, which is `nil`. ### PoC Reproducer: ```go package poc import ( "testing" "github.com/lestrrat-go/jwx/v2/jws" ) func TestPOC(t *testing.T) { _, _ = jws.Parse([]byte(`{"signature": ""}`)) } ``` Result: ``` $ go tes...

OX App Suite version 7.10.6-rev50 suffers from remote code execution and LDAP injection vulnerabilities. Version 7.10.6-rev33 suffers from a cross site scripting vulnerability.

Intrasrv Simple Web Server version 1.0 suffers from a denial of service vulnerability.

### Summary As of `fonttools>=4.28.2` the subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. ### PoC The vulnerability can be reproduced following the bellow steps on a unix based system. 1. Build a OT-SVG font which includes a external entity in the SVG table which resolves a local file. In our testing we utilised `/etc/passwd` for our POC file to include and modified an existing subset integration test to build the POC font - see bellow. ```python from string import ascii_letters from fontTools.fontBuilder import FontBuilder from fontTools.pens.ttGlyphPen import TTGlyphPen from fontTools.ttLib import newTable XXE_SVG = """\ <?xml version="1.0"?> <!DOCTYPE svg [<!ENTITY test SYSTEM 'file...

A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot’s operators ran phishing campaigns, targeting victims via its two components — a loader and a core module — which enabled unauthorized remote access and allowed the execution of arbitrary commands through an established connection with

By Deeba Ahmed Can You Trust Your Ears? Deepfakes Run Amok, but McAfee Says Relax, We've Got Mockingbird. This is a post from HackRead.com Read the original post: McAfee’s Mockingbird AI Tool Detects Deepfake Audio with 90% accuracy