#git

### Impact _What kind of vulnerability is it? Who is impacted?_ Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. ### Patches _Has the problem been patched? What versions should users upgrade to?_ The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users **should** update **all** their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher, if using Microsoft.IdentityModel.Protocols.SignedHttpRequest. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ No, users must upgrade. ### References _Are there any links users can visit to find out more?_ https://aka.ms/IdentityModel/Jan2024/jku

SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies, identifying to what extent a network can be compromised using SSH and SSH private keys starting from a particular system. SSH-Snake can automatically reveal the relationship between systems which are connected via SSH, which would normally take a tremendous amount of time and effort to perform manually.suffers from bypass and traversal vulnerabilities.

### Summary Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. ### Details This seems to also affect other functions that calls `Parse` internally, like `jws.Verify`. My understanding of these functions from the docs is that they are supposed to fail gracefully on invalid input and don't require any prior validation. Based on the stack trace in the PoC, the issue seems to be that the processing done in `jws/message.go:UnmarshalJSON()` assumes that if a `signature` field is present, then a `protected` field is also present. If this is not the case, then the subsequent call to `getB64Value(sig.protected)` will dereference `sig.protected`, which is `nil`. ### PoC Reproducer: ```go package poc import ( "testing" "github.com/lestrrat-go/jwx/v2/jws" ) func TestPOC(t *testing.T) { _, _ = jws.Parse([]byte(`{"signature": ""}`)) } ``` Result: ``` $ go tes...

OX App Suite version 7.10.6-rev50 suffers from remote code execution and LDAP injection vulnerabilities. Version 7.10.6-rev33 suffers from a cross site scripting vulnerability.

Intrasrv Simple Web Server version 1.0 suffers from a denial of service vulnerability.

### Summary As of `fonttools>=4.28.2` the subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. ### PoC The vulnerability can be reproduced following the bellow steps on a unix based system. 1. Build a OT-SVG font which includes a external entity in the SVG table which resolves a local file. In our testing we utilised `/etc/passwd` for our POC file to include and modified an existing subset integration test to build the POC font - see bellow. ```python from string import ascii_letters from fontTools.fontBuilder import FontBuilder from fontTools.pens.ttGlyphPen import TTGlyphPen from fontTools.ttLib import newTable XXE_SVG = """\ <?xml version="1.0"?> <!DOCTYPE svg [<!ENTITY test SYSTEM 'file...

A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot’s operators ran phishing campaigns, targeting victims via its two components — a loader and a core module — which enabled unauthorized remote access and allowed the execution of arbitrary commands through an established connection with

By Deeba Ahmed Can You Trust Your Ears? Deepfakes Run Amok, but McAfee Says Relax, We've Got Mockingbird. This is a post from HackRead.com Read the original post: McAfee’s Mockingbird AI Tool Detects Deepfake Audio with 90% accuracy

Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either the selling of ‘access’ to the compromised host, or the ultimate delivery of ransomware payloads,” Securonix researchers

By Owais Sultan AI data marketplace Ta-da has announced the completion of a $3.5M funding round. A number of leading blockchain… This is a post from HackRead.com Read the original post: Ta-da Raises $3.5M to Build Out Its AI Data Marketplace