#web

Thousands of child abuse images are being created with AI. New images of old victims are appearing, as criminals trade datasets.

### Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. ### Details Through the WEB CLI interface provided by koko, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. ``` admin> const { execSync } = require("child_process") admin> console.log(execSync("id; hostname;").toString()) uid=0(root) gid=0(root) groups=0(root) jms_koko admin> ``` ### Patches Safe versions: - v2.28.20 - v3.7.1 ### Workarounds It is recommended to upgrade the safe versions. After upgrade, you can use the same method to check whether the vulnerability is fixed. ``` admin> console.log(execSync("id; hostname;").toString()) /bin/sh: line 1: /bin/hostname: Permission denied ``` ### References Thanks for **Oskar Zeino-Mahmalat** of [Sonar](https://sonarsource.com/) found an...

### Summary The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. ## Details This vulnerability requires: * The WPS extension to be installed * The WPS security setting "Disable complex inputs" to be unselected * Security URL checks to be disabled ### Impact This vulnerability presents the opportunity for Server Side Request Forgery. ### Mitigation The ability to reference an external URL location is defined by the WPS standard Execute operation. This operations is defined by an Industry and International standard and cannot be redefined by the GeoServer application in isolation. To disable complex remote inputs on GeoServer 2.20.5 and GeoServer 2.21.0: 1. Navigate to **Security > WPS Security** page 2. Locate **Complex Inputs** heading 3. Select the check box for **Disable loading complex inputs from remote references** ### Resolution...

### Summary The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. It is possible to use this for "Blind SSRF" on the WMS endpoint to steal NetNTLMv2 hashes via file requests to malicious servers. ### Details This vulnerability requires: * WMS Settings dynamic styling being enabled * Security URL checks to be disabled, or to be enabled and allowing ``file:\\*`` access ### Impact This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. ### Mitigation The ability to reference an external URL location is defined by the WMS standard GetMap, GetFeatureInfo and GetLegendGraphic operations. These operations are defined by an Industry and International standard and cannot be redefined...

By Deeba Ahmed The critical API security flaws in the social sign-in and OAuth (Open Authentication) implementations affected high-profile companies like… This is a post from HackRead.com Read the original post: Social Login Flaws in Popular Websites Risked Billions of User Accounts

Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: hong kong Tags: malware Tags: whatsapp Tags: telegram Ads on Google for popular communication apps are used as a lure to compromise the devices of people from Hong Kong. (Read more...) The post Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram appeared first on Malwarebytes Labs.

By Owais Sultan Looking for a SaaS SEO consultant? We’ve rounded up the top 15 SaaS SEO experts you need to… This is a post from HackRead.com Read the original post: 15 Best SaaS SEO Experts That Will Help You Dominate Online

Creating a new regulatory framework to better secure Oman's banking system against future attacks.

WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.