Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with VenomRAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as

The Hacker News
Open in Source
#sql#vulnerability#web#windows#git#rce#The Hacker News
Steer clear of cryptocurrency recovery phrase scams

Categories: Personal Tags: cryptocurrency Tags: mark cuban Tags: scam Tags: phish Tags: phishing Tags: wallet Tags: hot Tags: cold Tags: metamask Tags: extension Tags: browser Tags: mobile Tags: android Tags: search engine We take a look at a common cryptocurrency scam which focuses on your recovery phrase. (Read more...) The post Steer clear of cryptocurrency recovery phrase scams appeared first on Malwarebytes Labs.

GHSA-c647-pxm2-c52w: Vyper vulnerable to memory corruption in certain builtins utilizing `msize`

### Impact In certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. - For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. - For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode. Below are the conditions that must be fulfilled for the corruption to happen for each builtin: #### `raw_call` - memory is not fully initialized, ex. all parameters to an external function live in calldata and - The `data` argument of the builtin is `msg.data`. and - The `value` or `gas` passed to the builtin is some complex expression that results in writing to uninitialized memory (e.g. calling an internal function) #### `create_copy_of` - memory is not fully initialized, ex. all parameters to an external function live in calldata and - The `value` or `salt` passed to the...

GHSA-pxg5-h34r-7q8p: GeoNode vulnerable to SSRF Bypass to return internal host data

A SSRF vulnerability exists, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. the application is using a whitelist, but the whitelist can be bypassed with @ and encoded value of @ (%40) GET /proxy/?url=http://development.demo.geonode.org%40geoserver:8080/geoserver/web This will trick the application that the first host is a whitelisted address, but the browser will use @ or %40 as a credential to the host geoserver on port 8080, this will return the data to that host on the response. ![image](https://user-images.githubusercontent.com/35967437/264379628-8cecbc56-be6c-49dc-abe8-0baf8b8695cc.png)

GHSA-fv2h-753j-9g39: Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation

### Impact When a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: * the issuer of the generated identity and claims * items in the stored request state (AuthenticationProperties) ### Patches Patched in version 2.9.2 and 1.0.3. All previous versions are vulnerable. ### Workarounds The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible. ### References The patch is linked to https://github.com/Sustainsys/Saml2/issues/712 and https://github.com/Sustainsys/Saml2/is...

CVE-2023-36234: CVE netbox 1 · Issue #6 · gozan10/cve

Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.

CVE-2023-43135: CVE/TPLINK-TL-ER5120G/unauthorized access/Unauthorized Access Vulnerability.md at main · 7R4C4R/CVE

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

CVE-2023-38876: vulnerability-research/CVE-2023-38876 at main · dub-flow/vulnerability-research

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'.

CVE-2023-38875: vulnerability-research/CVE-2023-38875 at main · dub-flow/vulnerability-research

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.

CVE-2023-40930: CVE-2023-40930

Skyworth 3.0 OS is vulnerable to Directory Traversal.