Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Gambio Online Webshop 4.9.2.0 Remote Code Execution

A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems. The insecure deserialization vulnerability in Gambio poses a significant risk to affected systems. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

Packet Storm
#vulnerability#web#linux#git#php#rce#auth#ssl
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on (default). Multiple versions are affected. Payloads may take up to one hour to execute, depending on how often the telemetry service is set to run.

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.

GHSA-qwhw-hh9j-54f5: Ant Media Server vulnerable to a local privilege escalation

### Impact We have identified a local privilege escalation vulnerability in Ant Media Server which allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the “antmedia” service account on the system. ### Patches 2.9.0 ### Workarounds Remote the following parameters from antmedia.service file ```-Dcom....

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

This week on the Lock and Code podcast, we speak with Justin Brookman about past consumer wins in the tech world, and how to avoid despair.

Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor

By Deeba Ahmed IT professionals are under attack! This article exposes a malicious malvertising campaign targeting IT teams with a novel backdoor named MadMxShell. Learn how attackers use typosquatting and DNS techniques to compromise systems. This is a post from HackRead.com Read the original post: Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor

GHSA-3gg8-mc87-cq3h: Improper Certificate Validation vulnerability in Apache Airflow FTP Provider

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue.

GHSA-6g7w-8wpp-frhj: Infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input

### Summary `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. ### Details Verified at `0.22` and `0.23` `rustls`, but 0.21 and 0.20 release lines are also affected. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop where: - `eof`: false - `until_handshaked`: true - `self.is_handshaking()`: true - `self.wants_write()`: false - `self.wants_read()`: false ### PoC 1. Run simple server: `cargo run --bin simpleserver test-ca/rsa/end.fullchain test-ca/rsa/end.key` 2. Run following python script ```python3 #!/usr/bin/env python3 import socket sock = socket.socket() sock.connect(("localhost", 4443)) print("Sending client hello...") # Fake handshake data of a client hello message. fake_handshake = """ 1603 0100 c801 0000 c403 03ec 12dd 1764 a439 fd7e 8c85 46b8 4d1e a...

GHSA-x84c-p2g9-rqv9: IPv6 enabled on IPv4-only network interfaces

In 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. ### Impact A container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, with IPv6 enabled: - Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses. - If router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses. - The interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. A container with an unexpected IPv6 address can do anything a container configured with an IPv6 address can do. That is, listen for connections on its IPv6 address, open connections to other nodes on the network over IPv6, or attempt a DoS attack by flooding packets from i...

Red Hat Security Advisory 2024-1882-03

Red Hat Security Advisory 2024-1882-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.