Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

Apple Security Advisory 05-13-2024-4

Apple Security Advisory 05-13-2024-4 - macOS Sonoma 14.5 addresses bypass and code execution vulnerabilities.

Packet Storm
Open in Source
#vulnerability#web#mac#apple#intel#auth#zero_day#webkit
Apple Security Advisory 05-13-2024-2

Apple Security Advisory 05-13-2024-2 - iOS 17.5 and iPadOS 17.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-1

Apple Security Advisory 05-13-2024-1 - Safari 17.5 addresses a bypass vulnerability.

GHSA-mxhq-xw3g-rphc: lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

### Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. ### Details * visit https://chat-preview.lobehub.com/settings/agent * you can attack all internal services by /api/proxy and get the echo in http response :) ![image](https://github.com/lobehub/lobe-chat/assets/55245002/c2894c34-7333-4ae1-864c-3b212b95eb21) ![image](https://github.com/lobehub/lobe-chat/assets/55245002/dd9ad696-7180-4700-8bff-1171a6a8ac91) ![image](https://github.com/lobehub/lobe-chat/assets/55245002/e2b97520-a6d5-4939-8313-46db8a1c4b75) ### PoC ```http POST /api/proxy HTTP/2 Host: xxxxxxxxxxxxxxxxx Cookie: LOBE_LOCALE=zh-CN; LOBE_THEME_PRIMARY_COLOR=undefined; LOBE_THEME_NEUTRAL_COLOR=undefined; _ga=GA1.1.86608329.1711346216; _ga_63LP1TV70T=GS1.1.1711346215.1.1.1711346846.0.0.0 Content-Length: 23 Sec-Ch-Ua: "Google Chrome";v=...

Debian Security Advisory 5684-1

Debian Linux Security Advisory 5684-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. SungKwon Lee discovered that processing web content may lead to a denial-of-service. Various other issues were also addressed.

GHSA-f8ch-w75v-c847: 1Panel arbitrary file write vulnerability

### Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol `>` to achieve arbitrary file writing ### PoC Dockerfile ``` FROM bash:latest COPY echo.sh /usr/local/bin/echo.sh RUN chmod +x /usr/local/bin/echo.sh CMD ["echo.sh"] ``` echo.sh ``` #!/usr/local/bin/bash echo "Hello, World!" ``` Build this image like this, upload it to dockerhub, and then 1panel pulls the image to build the container Send the following packet, taking care to change the containerID to the malicious container we constructed ``` GET /api/v1/containers/search/log?container=6e6308cb8e4734856189b65b3ce2d13a69e87d2717898d120dac23b13b6f1377%3E%2Ftmp%2F1&since=all&tail=100&follow=true HTTP/1.1 Host: xxxx:42713 Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, li...

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.

Ubuntu Security Notice USN-6732-1

Ubuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

WordPress WP Video Playlist plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

Kruxton 1.0 Shell Upload

Kruxton version 1.0 suffers from a remote shell upload vulnerability.