#web

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year. As part of the

### Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution ### Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py ```python @bp.route("/render/<path:filename>", endpoint="render") def render(filename): mimetype = mimetypes.guess_type(filename)[0] or "text/html" data = render_template(filename) return flask.Response(data, mimetype=mimetype) ``` So, if we can control file in the path "pyload/webui/app/templates" in latest version and path in "module/web/media/js"(the difference is the older version0.4.20 only renders file with extension name ".js"), the render_template func will works like SSTI(server-side template injection) when render the evil file we control. in /settings page and the choose option general/general, where we can change the download folder. ![image](https://github.com/pyload/pyload/assets/48705773/0b239138-9aaa-45c4-bf84-c1c3103c452a...

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.

Ubuntu Security Notice 6747-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.

Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Batch-Issue Exam Tickets function.

Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice.

A state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, and hundreds of thousands of accounts overall.

By Waqas Update Windows Now or Get Hacked: Microsoft Warns of Actively Exploited Vulnerability! This is a post from HackRead.com Read the original post: Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool

### Summary A vulnerability has been discovered in the handling of the referrer header in the application, which could allow an attacker to conduct open redirects. The issue arises from improper validation of the referrer header in certain conditions. By manipulating the referrer header, an attacker could potentially redirect users to malicious websites, phishing pages, or other dangerous destinations. ### PoC If you change the referer header, you will be redirected to that domain without verifying. https://github.com/Clinical-Genomics/cg/blob/master/cg/server/invoices/views.py#L173 ### Impact An attacker exploiting this vulnerability could trick users into visiting malicious websites or disclose sensitive information by redirecting them to unintended destinations. This could lead to various attacks including phishing, malware distribution, or further exploitation of other vulnerabilities.

By Waqas Coffee with Double Brew of Trouble! This is a post from HackRead.com Read the original post: Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins