#web

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges. In that case, the module will automatically escalate privileges via CVE-2023-40315 or CVE-2023-0872 if necessary. This module has been successfully tested against OpenNMS version 31.0.7.

Ubuntu Security Notice 6702-2 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 6705-1 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2024-1444-03 - An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.

By Uzair Amir Your web browser serves as the gateway to the internet, but it also acts as a potential entry point for cybercriminals to access your computer and smartphone. This is a post from HackRead.com Read the original post: Why Browser Security Matters More Than You Think

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to read or modify a remote database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech WebAccess/SCADA, a bowser-based SCADA software, are affected: WebAccess/SCADA: Version 9.1.5U 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89: There is a SQL Injection vulnerability in Advantech's WebAccess/SCDA software that allows an authenticated attacker to remotely inject SQL code on the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. CVE-2024-2453 has been assigned to this vulnerability. A CVSS v3.1 base score of 6...

By Waqas About to pay your taxes? Watch out for tax return phishing and malware campaigns targeting individual taxpayers and businesses. This is a post from HackRead.com Read the original post: Microsoft Warns of New Tax Returns Phishing Scams Targeting You

Researchers scanned the internet for incorrectly configured Firebase instances and what they found was frightening.