Hírolvasó

Ubuntu Secutity Notices · 2020. szeptember 22.

USN-4533-1: LTSP Display Manager vulnerabilities

Veeti Veteläinen discovered that the LTSP Display Manager (ldm) incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges. (CVE-2019-20373)
US CERT: Current Activity · 2020. szeptember 22.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: September 22, 2020

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 81 and Firefox ESR 78.3 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US CERT: Current Activity · 2020. szeptember 22.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: September 22, 2020

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 81 and Firefox ESR 78.3 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

NVD: all CVE · 2020. szeptember 22.

CVE-2020-25514

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-25515

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-14022

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-14023

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-14024

Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-14025

Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-14026

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-14027

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-14028

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.
NVD: all CVE · 2020. szeptember 22.

CVE-2020-14031

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files).
NVD: all CVE · 2020. szeptember 22.

CVE-2020-15839

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
seclist.org · 2020. szeptember 22.

Google's osconfig agent - local privilege escalation

Posted by Imre Rad on Sep 22

Osconfig is a beta service by Google, a poll based "desired state
configuration" solution: "You can use the OS configuration management
service to deploy, query, and maintain consistent configurations
(desired state and software) for your VM instance (VM)."
VMs on the Compute Engine have a privileged agent process called
"google_osconfig_agent" running by default.

The agent was vulnerable to local privilege...
seclist.org · 2020. szeptember 22.

[CVE-2020-25203] Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading

Posted by Julien Ahrens (RCE Security) on Sep 22

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Framer Preview
Vendor URL: https://play.google.com/store/apps/details?id=com.framerjs.android
Type: Improper Export of Android Application Components [CWE-926]
Date found: 2020-09-06
Date published: 2020-09-22
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25203

2....
seclist.org · 2020. szeptember 22.

Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS

Posted by Ava Tester One on Sep 22

# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS
# Exploit Author: Rahul Ramkumar
# Date: 2020-09-16
# Vendor Homepage: https://projectworlds.in
# Software Link:
https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip
# Version: 1.0
# Tested On: Windows 10 Enterprise 1809 (x64_86) + XAMPP 7.2.33-1
# CVE: CVE-2020-25761
# Description: The file myform.php does not perform input validation...
seclist.org · 2020. szeptember 22.

Visitor Management System in PHP 1.0 - Authenticated SQL Injection

Posted by Ava Tester One on Sep 22

# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection
# Exploit Author: Rahul Ramkumar
# Date: 2020-09-16
# Vendor Homepage: https://projectworlds.in
# Software Link:
https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip
# Version: 1.0
# Tested On: Windows 10 Enterprise 1809 (x64_86) + XAMPP 7.2.33-1
# CVE: CVE-2020-25760
# Description
The file front.php does not perform input validation on...
seclist.org · 2020. szeptember 22.

Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)

Posted by Ava Tester One on Sep 22

# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection
# Exploit Author: Rahul Ramkumar
# Date: 2020-09-16
# Vendor Homepage: www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip
# Version: 1.0

# Description

The file admin_class.php does not perform input validation on the username
and password parameters. An attacker can send...
seclist.org · 2020. szeptember 22.

Seat Reservation System 1.0 Unauthenticated Remote Code Execution (CVE-2020-25763)

Posted by Ava Tester One on Sep 22

Seat Reservation System version 1.0 suffers from an Unauthenticated File
Upload Vulnerability allowing Remote Attackers to gain Remote Code
Execution (RCE) on the Hosting Webserver via uploading PHP files.

Vendor Homepage: www.sourcecodester.com
Software Link:
https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip

Author: Rahul Ramkumar

Date: 2020-09-16

CVE: CVE-2020-25763

PoC:
-------
#...