#!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google
Dork: "Social network for niche communities"# Exploit Author: The Joker# Vendor
Homepage: https://www.phpfox.com# Version: <= 5.1.8import jsonimport
requestsimport sysif len(sys.argv) != 4: sys.exit("Usage: %s " % sys.a
SEC Consult Vulnerability Lab Security Advisory < 20240307-0 >
===
title: Local Privilege Escalation via writable files
product: Checkmk Agent
vulnerable version: 2.0.0, 2.1.0, 2.2.0
fixed versi
Hi,
Please find attached a security advisory that describes multiple
vulnerabilities we discovered in RT-Thread RTOS.
* Title: Multiple vulnerabilities in RT-Thread RTOS
* OS: RT-Thread <= 5.0.2
* Author: Marco Ivaldi
* Date: 2024-03-05
* CVE IDs and advisory URLs:
* CVE-2024-24334 - https://g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-12-2024-1 GarageBand 10.4.11
GarageBand 10.4.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214090.
Apple maintains a Security Updates page at
https://support.a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-07-2024-7 visionOS 1.1
visionOS 1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214087.
Apple maintains a Security Releases page at
https://support.apple.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-07-2024-6 tvOS 17.4
tvOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214086.
Apple maintains a Security Releases page at
https://support.apple.com/HT201
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-07-2024-5 watchOS 10.4
watchOS 10.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214088.
Apple maintains a Security Releases page at
https://support.apple.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4
macOS Monterey 12.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214083.
Apple maintains a Security Releases page at
https:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5
macOS Ventura 13.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214085.
Apple maintains a Security Releases page at
https://s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
macOS Sonoma 14.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214084.
Apple maintains a Security Releases page at
https://support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-07-2024-1 Safari 17.4
Safari 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214089.
Apple maintains a Security Releases page at
https://support.apple.com/H
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6
iOS 16.7.6 and iPadOS 16.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214082.
Apple maintains a Security Releases p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4
iOS 17.4 and iPadOS 17.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214081.
Apple maintains a Security Releases page at
h
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Beastdoor.oq
Vulnerability: Unauthenticated Remote Command Execution
Des
StimulusReflex CVE-2024-28121
Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to
and including 3.5.0.rc2 and v3.5.0.pre10.
## Vulnerable code excerpt
stimulus_reflex/lib/stimulus_reflex/reflex.rb
```
# Invoke the reflex action specified by `name` and run all callback
CVE ID: CVE-2024-25228
Title: Authenticated Command Injection Vulnerability in
ManoeuvreHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier
Description:
A critical security vulnerability has been discovered in the
`getVerifydiyResult` function within the `ManoeuvreHandler.cl
16 matches
Mail list logo