#vulnerability

Red Hat Security Advisory 2024-4902-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include double free and null pointer vulnerabilities.

Red Hat Security Advisory 2024-4896-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a traversal vulnerability.

### Impact _What kind of vulnerability is it? Who is impacted?_ Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server (requiring a separate, isolated privilege) or some other means. A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. ### Patches _Has the problem been patched? What versions should user...

### Impact This XSS vulnerability is about the system configs * design/header/welcome * design/header/logo_src * design/header/logo_src_small * design/header/logo_alt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. While this is in most usage scenarios not a relevant issue, some people work with more restrictive roles in the backend. Here the ability to inject JavaScript with these settings would be an unintended and unwanted privilege. ### Patches _Has the problem been patched? What versions should users upgrade to?_ The problem is patched with Version 20.10.1 or higher. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ Possible mitigations are * Restricting access to the System Configs * checking templates where these settings are u...

### Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. An attacker can upload a PHP web shell that executes OS commands on the server, compromising the application server. Note: I am using the docker-compose.yaml file from https://github.com/Admidio/admidio/blob/master/README-Docker.md#docker-compose-usage official documentation. ### Impact: An attacker can exploit this flaw to upload a PHP web shell, which can be used to execute arbitrary commands on the server. This can lead to a complete compromise of the application server, allowing the attacker to: - E...

### Description: An SQL Injection has been identified in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. I successfully exploited SQL Injections by causing Time Delays. Advancing the payload, I was able to exfiltrate data from the database based on trial and error conditions and step-wise enumerating the characters of the database name. This was done as a POC of SQL Injection. An attacker could simply drop the database by providing a single payload, steal data, and potentially update the database according to their will. ### Impact: SQL injection (SQLi) vulnerabilities can have serious c...

Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords. The flaw impacts the following versions of Acronis Cyber Infrastructure (ACI) - &

Senators have asked the FTC to investigate the consumer privacy violations by car makers that provide data brokers with information that could be used against them

An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.

This year's conference will be a treasure trove of insights for cybersecurity professionals.