#js

<h3>Implementing the CISA known exploited vulnerability mandate with greater ease</h3> <p><br /> <img alt="" height="229" src="https://lh4.googleusercontent.com/xGj9oBUjSLNwwGwJq9ZIrzXXkhqhmFUFuEzmO7_Zu1zGXT8_s8vBfnXCOE8arv0FJIDYRQJ9wdjymsY1mmzIWsuhELntj4oY1QdPY1FzL0xrnB56jMVXmw80nbXALoHtq3Z5ngkuBsOyjDt3820LNrtKXkvjUM5LW5tjPVQYbIvt_1ZROpZX0BAdqEFyNQ" width="357" /></p> <p><em>Source: <a href=&qu

Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server (as a server artifact), but only require privileges to schedule collections on the client. Normally, to schedule an artifact on the server, the COLLECT_SERVER permission is required. This permission is normally only granted to "administrator" role. Due to this issue, it is sufficient to have the COLLECT_CLIENT privilege, which is normally granted to the "investigator" role. To exploit this vulnerability, the attacker must already have a Velociraptor user account at least "investigator" level, and be able to authenticate to the GUI and issue an API call to the backend. Typically, most users deploy Velociraptor with limited access to a trusted group, and most users will already be administrators within the GUI. ...

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives.

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.

SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value.

Red Hat Security Advisory 2023-0202-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0201-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Debian Linux Security Advisory 5321-1 - Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle '--' to separate the editor and arguments from files to edit. A local user permitted to edit certain files can take advantage of this flaw to edit a file not permitted by the security policy, resulting in privilege escalation.

This Metasploit module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance (CSA) for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the Cloud Services Appliance before 4.6.0-512 allows an unauthenticated user to execute arbitrary code with limited permissions. Successful exploitation results in command execution as the nobody user.