#git

### Impact A security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. ### Patches Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. ### Workarounds To workaround this vulnerability without upgrading, users can _temporarily_ disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting. #...

### Summary Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. ### Details HTTP method for requests can be easily set by an attacker to be random and long. ### PoC Send many requests with long randomly generated HTTP methods and observe how memory consumption increases during it. The app can be like [this example from the official docs](https://opentelemetry-python-contrib.readthedocs.io/en/latest/instrumentation/flask/flask.html#id1). ### Impact In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. ### Proposed solution For convenience and safe usage of this library, it should by default mark with the label `UNKNOWN` non-standard HTTP methods to show that such requests were made (and this way does not increase cardinality). In case som...

By Owais Sultan Online dating is not a new phenomenon; however, scammers have found ways to exploit it for various purposes,… This is a post from HackRead.com Read the original post: Online Dating: Cybercrime Red Flags

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.

An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.

Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.

## Impact wallabag was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily disable 2FA through `/config/otp/app/disable` and `/config/otp/email/disable`. This vulnerability has a CVSSv3.1 score of 4.3. **You should upgrade your instance to version 2.6.7 or higher.** ## Resolution These endpoints now require POST method. ## Credits We would like to thank @dhina016 for reporting this issue through huntr.dev. Reference: https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487/

An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.