Latest News

Proof of concept automation code to exploit a template injection vulnerability in GitHub repository sqlpad/sqlpad version prior to 6.10.1 that can result in remote code execution.

Proof of concept exploit for Spring Cloud Data Flow versions prior to 2.11.4 that achieves remote code execution through a malicious upload.

The array ppsPMR in DEVMEMXINT_RESERVATION holds references to PMR structures (using PMRRefPMR2()), intending to prevent the PMRs' physical memory from being released. However, PMRs with PVRSRV_MEMALLOCFLAG_NO_OSPAGES_ON_ALLOC (which for OSMem PMRs internally translates to FLAG_ONDEMAND) can release their backing physical pages while references to the PMR still exist; PMRLockSysPhysAddresses() must be used to prevent a PMR's backing pages from disappearing, like in DevmemIntMapPMR2(). Therefore, it is currently possible to free a PMR's backing pages while the PMR is mapped into a DEVMEMXINT_RESERVATION, leading to physical page use-after-free.

Ubuntu Security Notice 6997-1 - It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service.

### Impact The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing `/xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history`, if this shows the history of the main page then the installation is vulnerable. ### Patches This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1. ### Workarounds There aren't any known workarounds apart from upgrading to a fixed version. ### References * https://jira.xwiki.org/browse/XWIKI-22052 * https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8

### Summary Unescaped entity property enables Javascript injection. ### Details I think this is possible because %source_label% in twig macro is not escaped. Therefore script tags can be inserted and are executed. ### PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create author with FullName <script>alert()</script> - delete author - view audit of authors - alert is displayed ### Impact persistent XSS. JS can be injected and executed.

### Impact body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. ### Patches this issue is patched in 1.20.3 ### References

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. "CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved," ESET researcher Jakub

A fresh wave of attacks on APAC government entities involves both self-propagating malware spreading via removable drives and a spear-phishing campaign.

Payment gateway provider Slim CD has notified 1.7 million users that their credit card information may have been leaked.