Security
Headlines
HeadlinesLatestCVEs

Tag

#web

336K Prometheus Instances Exposed to DoS, 'Repojacking'

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

DARKReading
Open in Source
#web#mac#apple#amazon#dos#git#kubernetes#intel#rce#aws#auth#docker
IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack

Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.

Europol Cracks Down on Holiday DDoS Attacks

In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts.

GHSA-wh34-m772-5398: XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

### Impact In `getdocument.vm` ; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. It's possible to employ database backend dependent techniques of breaking out of HQL query context, described, for example, here: https://www.sonarsource.com/blog/exploiting-hibernate-injections. ### Patches This has been patched in 13.10.5 and 14.3-rc-1. ### Workarounds There is no known workaround, other than upgrading XWiki. ### References https://jira.xwiki.org/browse/XWIKI-17568 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org)

GHSA-7mj5-hjjj-8rgw: http4k has a potential XXE (XML External Entity Injection) vulnerability

### Summary _Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._ There is a potential XXE(XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. ### Details _Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._ https://github.com/http4k/http4k/blob/25696dff2d90206cc1da42f42a1a8dbcdbcdf18c/core/format/xml/src/main/kotlin/org/http4k/format/Xml.kt#L42-L46 XML contents is parsed with DocumentBuilder without security settings on or external entity enabled ### PoC _Complete instructions, including specific configuration details, to reproduce the vulnerability._ #### ...

GHSA-cwq6-mjmx-47p6: XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

### Impact Any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. ### Patches This has been patched in XWiki 15.10.9 and 16.3.0. ### Workarounds If you have subwikis where the Job Scheduler is enabled, you can edit the objects on `Scheduler.WebPreferences` to match https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331#diff-8e274bd0065e319a34090339de6dfe56193144d15fd71c52c1be7272254728b4. ### References * https://jira.xwiki.org/browse/XWIKI-21663 * https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) *...

GHSA-787v-v9vq-4rgv: Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable.  This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an unauthenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'portValue' HTTP GET parameter called by obtainPorts.php script.

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Configuration Manipulation

The obtainPorts.php script is accessible without authentication, allowing unauthorized users to retrieve and manipulate configuration parameters. This includes the ability to modify critical settings such as port values, potentially disrupting system functionality or enabling further exploitation.