#web

Categories: Business Tags: upload Tags: download Tags: share Tags: data Tags: intelligence Tags: google Tags: virustotal Tags: social media Tags: sharing Tags: document Tags: file Tags: files We take a look at reports of a document being accidentally shared to the VirusTotal service and potentially exposing names and email addresses in the security and intelligence community. (Read more...) The post Accidental VirusTotal upload is a valuable reminder to double check what you share appeared first on Malwarebytes Labs.

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.

Categories: News Tags: driver Tags: delivery Tags: amazon Tags: van Tags: camera Tags: recording Tags: footage Tags: online Tags: privacy In-van delivery driver footage is reportedly finding its way to the internet. Are privacy issues at play, or is a valuable safety tool? (Read more...) The post Amazon in-van delivery driver footage makes its way online appeared first on Malwarebytes Labs.

Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.

### Summary The fix for SSTI using `|map`, `|filter` and `|reduce` twigs implemented in the commit [71bbed1](https://github.com/getgrav/grav/commit/71bbed12f950de8335006d7f91112263d8504f1b) introduces bypass of the denylist due to incorrect return value from `isDangerousFunction()`, which allows to execute the payload prepending double backslash (`\\`) ### Details The `isDangerousFunction()` check in version 1.7.42 and onwards retuns `false` value instead of `true` when the `\` symbol is found in the `$name`. ```php ... if (strpos($name, "\\") !== false) { return false; } if (in_array($name, $commandExecutionFunctions)) { return true; } ... ``` Based on the code where the function is used, it is expected that any dangerous condition would return `true` ```php /** * @param Environment $env * @param array $array * @param callable|string $arrow * @return array|CallbackFilterIterator * @throws RuntimeE...

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.