Tag
#web
This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate a hash for the "forgot password" feature. This protects accounts against being taken over through attacks trying to predict the hash. If the increased randomness is not available in your PHP installation, it will now log a warning. Second, it improves security of the information collector feature, by ensuring no collection emails will be sent from invalid manipulated forms. Third, it stops the possible leaking of the names of content objects that should not be readable for certain users, on installations where these users can create or edit XML text. Fourth, it protects against cross-site scripting (XSS) in the Matrix data type, on installations where users are allowed to edit content c...
This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if you have strict controls on this and trust all who have this permission, you're not affected. On the basis of the tests we have made, we also believe the vulnerability cannot be exploited as long as our recommended vhost configuration is used. Here is the v2.5 recommendation for Nginx, as an example: https://github.com/ezsystems/ezplatform/blob/2.5/doc/nginx/vhost.template#L31 This vhost template specifies that only the file app.php in the web root is executed, while vulnerable configurations allow execution of any php file. Apache is affected in the same way as Nginx, and is also protected by using the recommended configuration. The build-in webserver in PHP stays vulnerable, as it doesn't...
Data breach marketplace BreachForums has been seized by law enforcement agencies.
Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the Federal Bureau of Investigation (FBI). The operation is the
### Summary A low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/*.yaml. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. ### Proof Of Concept `{{ read_file('/var/www/html/grav/user/accounts/riri.yaml') }}` Use the above Twig template syntax in a page and observe that the administrator riri's authentication details are exposed accessible by any unauthenticated user.  As an additional proof of concept for reading system files, observe the `/etc/passwd` file read using the following Twig syntax: `{{ read_file('/etc/passwd') }}` . This unprecedented takedown includes not just the clear web domain, but also the dark web, escrow sections and Telegram accounts. This is a post from HackRead.com Read the original post: Popular Cyber Crime Forum Breach Forums Seized by Police
Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.
SAP Cloud Connector versions 2.15.0 through 2.16.1 were found to happily accept self-signed TLS certificates between SCC and SAP BTP.
Zope version 5.9 suffers from a command injection vulnerability in /utilities/mkwsgiinstance.py.