Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Chinese APT Group Hits Air-Gapped Systems in Europe with Malware

By Deeba Ahmed Industrial organizations in Eastern Europe are the prime targets of this data-harvesting campaign. This is a post from HackRead.com Read the original post: Chinese APT Group Hits Air-Gapped Systems in Europe with Malware

HackRead
Open in Source
#google#git#intel#auth#wifi
Uvdesk 1.1.3 Shell Upload

Uvdesk version 1.1.3 suffers from a remote shell upload vulnerability.

CVE-2023-36211: OffSec’s Exploit Database Archive

The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.

GHSA-5r98-f33j-g8h7: pnpm incorrectly parses tar archives relative to specification

### Summary It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. ### Details The TAR format is an append-only archive format, and as such, the specification for how to update a file is to add a new record to the end with the updated version of the file. This means that it is completely valid for an archive to contain multiple copies of, say, `package.json`, and the expected behavior when extracting is that all versions other than the last get ignored. This is further complicated by that during tarball extraction, all package managers are configured to drop the first path component, so collisions can be created simply by using multiple root folders in the archive, even without performing updates. When pnpm extracts a tar archive via tar-stream, it appears to extract only the _first_ file of a given name and discards all subsequent files with the same name. ...

GHSA-vxjg-hchx-cc4g: @simonsmith/cypress-image-snapshothas fix for insecure snapshot file names

### Impact It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example: ```js cy.get('h1').matchImageSnapshot('../../../ignore-relative-dirs') ``` The above will create an `ignore-relative-dirs.png` three levels up ### Patches Fixed in `8.0.2` ### Workarounds Validate all the existing uses of `matchImageSnapshot` to ensure correct use of the filename argument. Example: ```js // snapshot name will be the test title cy.matchImageSnapshot(); // snapshot name will be the name passed in cy.matchImageSnapshot('login'); ``` ### References https://github.com/simonsmith/cypress-image-snapshot/issues/15

Online Diagnostic Lab Management 1.0 SQL Injection

Online Lab Diagnostic Management version 1.0 suffers from a remote SQL injection vulnerability.

GHSA-7c28-wg7r-pg6f: RaspAP Command Injection vulnerability

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the `cfg_id` parameter in `/ajax/openvpn/activate_ovpncfg.php` and `/ajax/openvpn/del_ovpncfg.php`.

GHSA-7r88-wjhj-jr8m: RaspAP Command Injection vulnerability

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the `entity` POST parameters in `/ajax/networking/get_wgkey.php`.

CVE-2023-38357: Session Token Enumeration in RWS WorldServer

Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.

CVE-2023-31710: My-CVE/TP-Link/CVE-2023-31710 at main · xiaobye-ctf/My-CVE

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.