Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 2 hours 56 min ago

APPLE-SA-03-07-2024-6 tvOS 17.4

13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-6 tvOS 17.4

tvOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214086.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A malicious app may be able to observe user data in log...

APPLE-SA-03-07-2024-5 watchOS 10.4

13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-5 watchOS 10.4

watchOS 10.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214088.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple Watch Series 4 and later
Impact: A malicious app may be able to observe user data in log...

APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

macOS Monterey 12.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214083.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Monterey
Impact: An app may be able to elevate privileges
Description: A...

APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

macOS Ventura 13.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214085.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Ventura
Impact: An app may be able to elevate privileges
Description: A...

APPLE-SA-03-07-2024-2 macOS Sonoma 14.4

13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-2 macOS Sonoma 14.4

macOS Sonoma 14.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214084.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: macOS Sonoma
Impact: A malicious app may be able to observe user data in log entries...

APPLE-SA-03-07-2024-1 Safari 17.4

13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-07-2024-1 Safari 17.4

Safari 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214089.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari Private Browsing
Available for: macOS Monterey and macOS Ventura
Impact: Private Browsing tabs may be accessed without...

APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

iOS 16.7.6 and iPadOS 16.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214082.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Kernel
Available for: iPhone 8, iPhone 8 Plus, iPhone X,...

APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

13 March, 2024 - 14:54

Posted by Apple Product Security via Fulldisclosure on Mar 13

APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

iOS 17.4 and iPadOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214081.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Accessibility
Available for: iPhone XS and later, iPad Pro...

Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution

13 March, 2024 - 14:53

Posted by malvuln on Mar 13

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Beastdoor.oq
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1332, makes outbound
connections to SMTP port 25 and executes a PE file named svchost.exe
dropped in...

StimulusReflex CVE-2024-28121

13 March, 2024 - 14:53

Posted by lixts via Fulldisclosure on Mar 13

StimulusReflex CVE-2024-28121

Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10.

## Vulnerable code excerpt

stimulus_reflex/lib/stimulus_reflex/reflex.rb
```
# Invoke the reflex action specified by `name` and run all callbacks
def process(name, *args)
run_callbacks(:process) { public_send(name, *args) }
end
```

stimulus_reflex/app/channels/stimulus_reflex/channel.rb...

KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated

5 March, 2024 - 13:31

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated

Title: Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Advisory ID: KL-001-2024-004
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.50
    ...

KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability

5 March, 2024 - 13:30

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability

Title: Artica Proxy Unauthenticated File Manager Vulnerability
Advisory ID: KL-001-2024-003
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.40 and 4.50
     Platform: Debian 10...

KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability

5 March, 2024 - 13:29

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Advisory ID: KL-001-2024-002
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.50
     Platform: Debian...

KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

5 March, 2024 - 13:29

Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05

KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
Advisory ID: KL-001-2024-001
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt

1. Vulnerability Details

     Affected Vendor: Artica
     Affected Product: Artica Proxy
     Affected Version: 4.40 and 4.50
    ...

SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer

2 March, 2024 - 19:54

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02

SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >
=======================================================================
title: Local Privilege Escalation via DLL Hijacking
product: Qognify VMS Client Viewer
vulnerable version: >=7.1
fixed version: see solution
CVE number: CVE-2023-49114
impact: medium
homepage: https://www.qognify.com/...

JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318

2 March, 2024 - 19:54

Posted by Shaikh Shahnawaz on Mar 02

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Tp-Link (http://tp-link.com)

[Product]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Vulnerability Type]
Improper Access Control

[Affected Product Code Base]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole

[CVE Reference]
CVE-2023-43318...

Multiple XSS Issues in boidcmsv2.0.1

2 March, 2024 - 19:53

Posted by Andrey Stoykov on Mar 02

# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1
# Date: 3/2024
# Exploit Author: Andrey Stoykov
# Version: 2.0.1
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

XSS via SVG File Upload

Steps to Reproduce:

1. Login with admin user
2. Visit "Media" page
3. Upload xss.svg
4. Click "View" and XSS payload will execute

// xss.svg contents

<?xml version="1.0" standalone="no"?>...

XAMPP 5.6.40 - Error Based SQL Injection

2 March, 2024 - 19:53

Posted by Andrey Stoykov on Mar 02

# Exploit Title: XAMPP - Error Based SQL Injection
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 5.6.40
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Steps to Reproduce:

1. Login to phpmyadmin
2. Visit Export > New Template > test > Create
3. Navigate to "Existing Templates"
4. Select template "test" and click "Update"
5. Trap HTTP POST request
6. Place single quote to...

BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass

2 March, 2024 - 19:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.amt
Vulnerability: Authentication Bypass
Description: The malware can run an FTP server which listens on TCP port
2121. Third-party attackers who can reach infected systems can logon using
any username/password...

Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials

2 March, 2024 - 19:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jeemp.c
Vulnerability: Cleartext Hardcoded Credentials
Description: The malware listens on three TCP ports which are randomized
e.g. 9719,7562,8687,8948,7376,8396 so forth. There is an ESMTP server
component...