SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Daniel Owens via Fulldisclosure on Apr 26

Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks
(among other things) because the information system directly exposes the C# reflection used during the request-action
mapping process and fails to properly protect certain pathways. These are amplified by cross-site request forgery
vulnerabilities (CSRF) due to the application's failure to verify the HTTP request method...

Posted by Daniel Owens via Fulldisclosure on Apr 26

Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery
(CSRF) protections continue to be vulnerable to the same attacks as the 2022 implementation. Currently, Rails
generates "authenticity tokens" and "csrf tokens" using a random "one time pad" (OTP). This random value is then XORed
with the "raw token" (which can take one of two...

Posted by hyp3rlinx on Apr 26

[-] Microsoft ".library-ms" File / NTLM Information Disclosure
Spoofing (Resurrected 2025) / CVE-2025-24054

[+] John Page (aka hyp3rlinx)
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

Back in 2018, I reported a ".library-ms" File NTLM information
disclosure vulnerability to MSRC and was told "it was not severe
enough", that being said I post it anyways. Seven years passed, until
other researchers re-reported it....

Posted by Marco Ivaldi on Apr 23

Hi,

Please find attached a security advisory that describes some
vulnerabilities we discovered in the Zyxel uOS Linux-based operating
system.

* Title: Local privilege escalation via Zyxel fermion-wrapper
* Product: USG FLEX H Series
* OS: Zyxel uOS V1.31 (and potentially earlier versions)
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2025-04-23
* CVE ID: CVE-2025-1731 (see discussion in "5 - Remediation" below)...

Posted by Apple Product Security via Fulldisclosure on Apr 23

APPLE-SA-04-16-2025-4 visionOS 2.4.1

visionOS 2.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122402.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: Apple Vision Pro
Impact: Processing an audio stream in a maliciously crafted media file
may result in...

Posted by Apple Product Security via Fulldisclosure on Apr 23

APPLE-SA-04-16-2025-3 tvOS 18.4.1

tvOS 18.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122401.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing an audio stream in a maliciously crafted media file...

Posted by Apple Product Security via Fulldisclosure on Apr 23

APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1

macOS Sequoia 15.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122400.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: macOS Sequoia
Impact: Processing an audio stream in a maliciously crafted media file
may...

Posted by Apple Product Security via Fulldisclosure on Apr 23

APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1

iOS 18.4.1 and iPadOS 18.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122282.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch
3rd generation and...

Posted by Andrey Stoykov on Apr 23

# Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9
# Date: 04/2025
# Exploit Author: Andrey Stoykov
# Version: 1.2.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Business Logic Flaw: Price Manipulation #1:

Steps to Reproduce:

1. Visit the store and add a product
2. Intercept the HTTP GET request and add negative value to the "quantity"
parameter

// HTTP GET request

GET...

Posted by Andrey Stoykov on Apr 23

# Exploit Title: Stored XSS in "Message" Functionality - alegrocartv1.2.9
# Date: 04/2025
# Exploit Author: Andrey Stoykov
# Version: 1.2.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS #1:

Steps to Reproduce:

1. Login as demonstrator account and visit "Customers" > "Newsletter"
2. In "Message" use the following XSS payload

<iframe srcdoc="<img src=x...

Posted by Andrey Stoykov on Apr 23

# Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9
# Date: 04/2025
# Exploit Author: Andrey Stoykov
# Version: 1.2.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

XSS via SVG Image Upload:

Steps to Reproduce:

1. Visit http://192.168.58.129/alegrocart/administrator/?controller=download
2. Upload SVG image file with the contents below
3. Intercept the POST request and change the Content-Type to "Content-Type:...

Posted by Housma mardini on Apr 23

Hi Full Disclosure,

I'd like to share a local privilege escalation technique involving BBOT
(Bighuge BLS OSINT Tool) when misconfigured with sudo access.

---

Exploit Title: BBOT 2.1.0 - Local Privilege Escalation via Malicious Module
Execution
Date: 2025-04-16
Exploit Author: Huseyin Mardinli
Vendor Homepage: https://github.com/blacklanternsecurity/bbot
Version: 2.1.0.4939rc (tested)
Tested on: Kali Linux Rolling (2025.1)
CVE: N/A...