Category: Alert Feeds

0

Certified Asterisk Security Release certified-18.9-cert13  – Full Disclosure

  Posted by Asterisk Development Team via Fulldisclosure on Jan 15 The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert13. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert13 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-18.9-cert13 ## Change Log for Release asterisk-certified-18.9-cert13 ###… – Read More  – Full Disclosure 

0

Certified Asterisk Security Release certified-20.7-cert4  – Full Disclosure

  Posted by Asterisk Development Team via Fulldisclosure on Jan 15 The Asterisk Development Team would like to announce security release Certified Asterisk 20.7-cert4. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert4 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-20.7-cert4 ## Change Log for Release asterisk-certified-20.7-cert4 ###… – Read More  – Full Disclosure 

0

CyberDanube Security Research 20250107-0 | Multiple Vulnerabilities in ABB AC500v3  – Full Disclosure

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Jan 15 CyberDanube Security Research 20250107-0 ——————————————————————————- title| Multiple Vulnerabilities in ABB AC500v3 product| ABB AC500v3 vulnerable version| <=3.7.0.569 fixed version| 3.8.0 CVE number| CVE-2024-12429, CVE-2024-12430 impact| High homepage| https://global.abb found| 2024-09-03… – Read More  – Full Disclosure 

0

CVE-2024-48463  – Full Disclosure

  Posted by Rodolfo Tavares via Fulldisclosure on Jan 15 =====[ Tempest Security Intelligence – ADV-10/2024 ]========================== Bruno IDE Desktop prior to 1.29.0 Author: Rodolfo Tavares Tempest Security Intelligence – Recife, Pernambuco – Brazil =====[ Table of Contents ]================================================== Overview Detailed Description Timeline of Disclosure Thanks & Acknowledgements References =====[ Vulnerability Information… – Read More  – Full Disclosure 

0

[asterisk-dev] Asterisk Security Release 20.11.1  – Full Disclosure

  Posted by Asterisk Development Team on Jan 15 The Asterisk Development Team would like to announce security release Asterisk 20.11.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.11.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.11.1 ## Change Log for Release asterisk-20.11.1 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

0

[asterisk-dev] Asterisk Security Release 21.6.1  – Full Disclosure

  Posted by Asterisk Development Team on Jan 15 The Asterisk Development Team would like to announce security release Asterisk 21.6.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.6.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.6.1 ## Change Log for Release asterisk-21.6.1 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

0

Asterisk Security Release 18.26.1  – Full Disclosure

  Posted by Asterisk Development Team via Fulldisclosure on Jan 15 The Asterisk Development Team would like to announce security release Asterisk 18.26.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.26.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 18.26.1 ## Change Log for Release asterisk-18.26.1 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

0

Asterisk Security Release 22.1.1  – Full Disclosure

  Posted by Asterisk Development Team via Fulldisclosure on Jan 15 The Asterisk Development Team would like to announce security release Asterisk 22.1.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/22.1.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 22.1.1 ## Change Log for Release asterisk-22.1.1 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

0

IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass –

– [[{“value”:” Posted by hyp3rlinx on Dec 30 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor]www.ibm.com [Product] Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i. IBM Navigator for i supports the vast majority of tasks that were…“}]] – Read More ...

0

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF) –

– [[{“value”:” Posted by hyp3rlinx on Dec 30 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_Server_Side_Request_Forgery_CVE-2024-51463.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor]www.ibm.com [Product] Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i. IBM Navigator for i supports the vast majority of tasks that…“}]] – Read More  –...

0

Multiple vulnerabilities in CTFd versions <= 3.7.4 –

– [[{“value”:” Posted by Blazej Adamczyk on Dec 30 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Multiple vulnerabilities in CTFd versions <= 3.7.4 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1 General information ═════════════════════…“}]] – Read More  – Full Disclosure 

0

CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205 –

– [[{“value”:” Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ——————————————————————————- title| Authenticated Remote Code Execution product| Ewon Flexy 205 vulnerable version| <= v14.8s0 (#2633) fixed version| – CVE number| CVE-2024-9154 impact| High homepage| https://www.hms-networks.com/ found| 2024-09-03…“}]] – Read More  – Full Disclosure 

0

Stored XSS with Filter Bypass – blogenginev3.3.8 –

– [[{“value”:” Posted by Andrey Stoykov on Dec 18 # Exploit Title: Stored XSS with Filter Bypass – blogenginev3.3.8 # Date: 12/2024 # Exploit Author: Andrey Stoykov # Version: 3.3.8 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html Stored XSS Filter Bypass #1: Steps to Reproduce: 1. Login as admin and go to “Content” > “Posts” 2. On the right side...

0

[SYSS-2024-085]: Broadcom CA Client Automation – Improper Privilege Management (CWE-269) –

– [[{“value”:” Posted by Matthias Deeg via Fulldisclosure on Dec 18 Advisory ID: SYSS-2024-085 Product: CA Client Automation (CA DSM) Manufacturer: Broadcom Affected Version(s): 14.5.0.15 Tested Version(s): 14.5.0.15 Vulnerability Type: Improper Privilege Management (CWE-269) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-10-18 Solution Date: 2024-12-17 Public Disclosure:…“}]] – Read More  – Full Disclosure 

0

RansomLordNG – anti-ransomware exploit tool –

– [[{“value”:” Posted by malvuln on Dec 16 This next generation version dumps process memory of the targeted Malware prior to termination The process memory dump file MalDump.dmp varies in size and can be 50 MB plus RansomLord now intercepts and terminates ransomware from 54 different threat groups Adding GPCode, DarkRace, Snocry, Hydra and Sage to the ever growing victim list....

0

[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities –

– [[{“value”:” Posted by Egidio Romano on Dec 16 ————————————————————————— GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities ————————————————————————— [-] Software Links: https://gfi.ai/products-and-solutions/network-security-solutions/keriocontrol http://download.kerio.com [-] Affected Versions: All versions from 9.2.5 to 9.4.5. [-] Vulnerabilities Description:…“}]] – Read More  – Full Disclosure 

0

APPLE-SA-12-11-2024-9 Safari 18.2 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-9 Safari 18.2 Safari 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121846. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Ventura and macOS Sonoma Impact: On a device with Private...

0

APPLE-SA-12-11-2024-6 watchOS 11.2 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-6 watchOS 11.2 watchOS 11.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121843. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Watch Series 6 and later Impact: A malicious app may...

0

APPLE-SA-12-11-2024-8 visionOS 2.2 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-8 visionOS 2.2 visionOS 2.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121845. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Crash Reporter Available for: Apple Vision Pro Impact: An app may be able to...

0

APPLE-SA-12-11-2024-7 tvOS 18.2 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-7 tvOS 18.2 tvOS 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121844. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple TV HD and Apple TV 4K (all models) Impact: A...

0

APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2 macOS Sonoma 14.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121840. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Sonoma Impact: An app may be...

0

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-3 macOS Sequoia 15.2 macOS Sequoia 15.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121839. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Sequoia Impact: An app may be...

0

APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2 macOS Ventura 13.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121842. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Ventura Impact: An app may be...

0

APPLE-SA-12-11-2024-2 iPadOS 17.7.3 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-2 iPadOS 17.7.3 iPadOS 17.7.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/121838. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th...

0

SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login –

– [[{“value”:” Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 12 SEC Consult Vulnerability Lab Security Advisory < 20241211-0 > ======================================================================= title: Reflected Cross-Site Scripting product: Numerix License Server Administration System Login vulnerable version: 1.1_596 fixed version: – CVE number: CVE-2024-50585 impact: medium homepage: https://connect.numerix.com/nlslogin.jsp…“}]] – Read More  – Full Disclosure 

0

St. Poelten UAS | Multiple Vulnerabilities in ORing IAP –

– [[{“value”:” Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 12 St. Pölten UAS 20241209-0 ——————————————————————————- title| Multiple Vulnerabilities in ORing IAP product| ORing IAP-420 vulnerable version| 2.01e fixed version| – CVE number| CVE-2024-55544, CVE-2024-55545, CVE-2024-55546, | CVE-2024-55547, CVE-2024-55548 impact| High homepage|…“}]] – Read More  – Full Disclosure 

0

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2 –

– [[{“value”:” Posted by Apple Product Security via Fulldisclosure on Dec 12 APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2 iOS 18.2 and iPadOS 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121837. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: iPhone XS and later, iPad...

0

SEC Consult SA-20241204-0 :: Multiple Critical Vulnerabilities in Image Access Scan2Net (14 CVE) –

– [[{“value”:” Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 04 SEC Consult Vulnerability Lab Security Advisory < 20241204-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: Image Access Scan2Net vulnerable version: Firmware <=7.40, <=7.42, <7.42B (depending on the vulnerability) fixed version: mostly fixed in v7.42B CVE number: CVE-2024-28138,…“}]] – Read More  – Full Disclosure 

0

Asterisk AMI Originate Authenticated Remote Code Execution –

– On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Writing a new extension can be created which performs a system command to achieve RCE as the asterisk service user (typically asterisk). Default parking lot in FreePBX is called “Default lot”...

0

Acronis Cyber Protect/Backup Remote Code Execution –

– The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the appliance. As the management web console is running on the same port as the API for the agents, this bearer token is also valid...

0

Fortinet FortiManager Unauthenticated Remote Code Execution –

– This Metasploit module exploits a missing authentication vulnerability affecting FortiManager and FortiManager Cloud devices to achieve unauthenticated RCE with root privileges. The vulnerable FortiManager versions are 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, and 6.2.0 through 6.2.12. The vulnerable FortiManager Cloud versions are 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, 7.0.1 through 7.0.12, and 6.4...

0

Microsoft Warbird and PMP security research – technical doc –

– [[{“value”:” Posted by Security Explorations on Dec 03 Hello All, We have released a technical document pertaining to our Warbird / PMP security research. It is available for download from this location: https://security-explorations.com/materials/wbpmp_doc.md.txt The document provides a more in-depth technical explanation, illustration and verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64 and pertaining to the following...

0

Access Control in Paxton Net2 software –

– [[{“value”:” Posted by Jeroen Hermans via Fulldisclosure on Dec 02 CloudAware Security Advisory [CVE pending]: Potential PII leak and incorrect access control in Paxton Net2 software ======================================================================== Summary ======================================================================== Insecure backend database in the Paxton Net2 software. Possible leaking of PII incorrect access control. No physical access to computer running Paxton Net2 is required….“}]] – Read More  – Full Disclosure 

0

Debian Security Advisory 5821-1 –

– Debian Linux Security Advisory 5821-1 – Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. – Read More  – Packet Storm 

0

Debian Security Advisory 5822-1 –

– Debian Linux Security Advisory 5822-1 – It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, is prone to a XXE vulnerability when loading an (untrusted) XML document. – Read More  – Packet Storm 

0

ABB Cylon Aspect 3.08.01 mstpstatus.php Information Disclosure –

– ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose various BACnet MS/TP statistics running on the device. – Read More  – Packet Storm 

0

Siemens Unlocked JTAG Interface / Buffer Overflow –

– Various Siemens products suffer from vulnerabilities. There is an unlocked JTAG Interface for Zynq-7000 on SM-2558 and a buffer overflow on the webserver of the SM-2558, CP-2016, and CP-2019 systems. – Read More  – Packet Storm 

0

ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service –

– ABB Cylon Aspect version 3.08.00 suffers from a vulnerability in the fileSystemUpdate.php endpoint of the ABB BEMS controller due to improper handling of uploaded files. The endpoint lacks restrictions on file size and type, allowing attackers to upload excessively large or malicious files. This flaw could be exploited to cause denial of service (DoS) attacks, memory leaks, or buffer overflows,...

0

Omada Identity Cross Site Scripting –

– Omada Identity versions prior to 15U1 and 14.14 hotfix #309 suffer from a persistent cross site scripting vulnerability. – Read More  – Packet Storm