Hírolvasó
USN-4533-1: LTSP Display Manager vulnerabilities
Veeti Veteläinen discovered that the LTSP Display Manager (ldm)
incorrectly handled user logins from unsupported shells. A local attacker
could possibly use this issue to gain root privileges. (CVE-2019-20373)
Mozilla Releases Security Updates for Firefox and Firefox ESR
Original release date: September 22, 2020
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 81 and Firefox ESR 78.3 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox and Firefox ESR
Original release date: September 22, 2020
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 81 and Firefox ESR 78.3 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CVE-2020-25514
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
CVE-2020-25515
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
CVE-2020-14022
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application.
CVE-2020-14023
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
CVE-2020-14024
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application.
CVE-2020-14025
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.
CVE-2020-14026
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.
CVE-2020-14027
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.
CVE-2020-14028
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.
CVE-2020-14031
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files).
CVE-2020-15839
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
Google's osconfig agent - local privilege escalation
Posted by Imre Rad on Sep 22
Osconfig is a beta service by Google, a poll based "desired stateconfiguration" solution: "You can use the OS configuration management
service to deploy, query, and maintain consistent configurations
(desired state and software) for your VM instance (VM)."
VMs on the Compute Engine have a privileged agent process called
"google_osconfig_agent" running by default.
The agent was vulnerable to local privilege...
[CVE-2020-25203] Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading
Posted by Julien Ahrens (RCE Security) on Sep 22
RCE Security Advisoryhttps://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Framer Preview
Vendor URL: https://play.google.com/store/apps/details?id=com.framerjs.android
Type: Improper Export of Android Application Components [CWE-926]
Date found: 2020-09-06
Date published: 2020-09-22
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25203
2....
Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS
Posted by Ava Tester One on Sep 22
# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS# Exploit Author: Rahul Ramkumar
# Date: 2020-09-16
# Vendor Homepage: https://projectworlds.in
# Software Link:
https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip
# Version: 1.0
# Tested On: Windows 10 Enterprise 1809 (x64_86) + XAMPP 7.2.33-1
# CVE: CVE-2020-25761
# Description: The file myform.php does not perform input validation...
Visitor Management System in PHP 1.0 - Authenticated SQL Injection
Posted by Ava Tester One on Sep 22
# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection# Exploit Author: Rahul Ramkumar
# Date: 2020-09-16
# Vendor Homepage: https://projectworlds.in
# Software Link:
https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip
# Version: 1.0
# Tested On: Windows 10 Enterprise 1809 (x64_86) + XAMPP 7.2.33-1
# CVE: CVE-2020-25760
# Description
The file front.php does not perform input validation on...
Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
Posted by Ava Tester One on Sep 22
# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection# Exploit Author: Rahul Ramkumar
# Date: 2020-09-16
# Vendor Homepage: www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip
# Version: 1.0
# Description
The file admin_class.php does not perform input validation on the username
and password parameters. An attacker can send...
Seat Reservation System 1.0 Unauthenticated Remote Code Execution (CVE-2020-25763)
Posted by Ava Tester One on Sep 22
Seat Reservation System version 1.0 suffers from an Unauthenticated FileUpload Vulnerability allowing Remote Attackers to gain Remote Code
Execution (RCE) on the Hosting Webserver via uploading PHP files.
Vendor Homepage: www.sourcecodester.com
Software Link:
https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip
Author: Rahul Ramkumar
Date: 2020-09-16
CVE: CVE-2020-25763
PoC:
-------
#...