Japan Air Self Defense Force, Ministry Of Defense Security Vulnerabilities

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...

U.S. Dept Of Defense: [CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (█████████.mil)

Description I discovered previously unidentified instance https://████/ (██████.mil) in ███ network, vulnerable to the CVE-2018-0296 (https://vulners.com/cve/CVE-2018-0296) POC curl -i -k "https://█████████/+CSCOU+/../+CSCOE+/files/file_list.json" --path-as-is ██████ We can disclose user sessions.....

TYPO3 Brute Force Protection Bypass in backend login

The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...

TYPO3 Brute Force Protection Bypass in backend login

The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint

Description We were able to identify endpoint which prints request headers into the page. This included sensitive HTTPOnly session cookies which shouldn't be accessible in the DOM. POC https://█████████/csstest ███████ There will be JSESSIONID cookie reflected. Suggested fix Remove the page, it's.....

CVE-2010-1297

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted...

Silverstripe Brute force bypass on default admin

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and...

Silverstripe Brute force bypass on default admin

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and...

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin...

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...

How to Configure an Air-Gapped Veeam Kasten for Kubernetes Deployment Using JFrog Artifactory

This article provides a step-by-step approach to configuring a JFrog Artifactory server and installing Veeam Kasten for Kubernetes. This allows for creating an air-gapped installation using a private container registry to install Veeam Kasten for Kubernetes. While this can always be done manually,....

defense-and-society.org Cross Site Scripting vulnerability OBB-3864950

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

WP Force SSL & HTTPS SSL Redirect < 1.67 - Missing Authorization to Settings Update

Description The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers,...

CVE-2024-26606 binder: signal epoll threads of self-work

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read...

U.S. Dept Of Defense: IDOR leading unauthenticated attacker to download documents discloses PII of users and soldiers via https://www.█████████/Download.aspx?id= [HtUS]

Summary: Hey team, I have found this API endpoint leads to leaking attachments and documents of users. The attachments leaked are banks taxes, contracts, PII such as full address and mobile number, emails, etc. The vulnerable URL is at [https://www.████████/Download.aspx?id=4675] Steps To...

Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

CVE-2024-26606 binder: signal epoll threads of self-work

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read...

U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)

Description Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11542 - Post-auth Stack Buffer Overflow CVE-2019-11539 - Post-auth...

WhatsApp able to use microphone even after permissions revoked & app force stop in Android 13 Pixel 6

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for...

U.S. Dept Of Defense: Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak

Description During poking around ██████.00/24 range - ██████████ looking for the Cisco devices, I came across ███ which resolved to the https://███████.edu/ While it's a not .mil host, it's likely related to the DoD since it hosted in the DoD-controlled ASN. I discovered few critical...

Cisco ASA - Local File Inclusion

Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

GlassFish Brute Force Utility

This module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, GlassFish 4.0 requires HTTPS, which.....

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

ThemeBleed Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

Weakness: CWE-367:...

Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx

Description We identified XSS via cookie name on the https://www2.███████/nssi/core/dot_stu_reg/Registration.aspx endpoint. The first cookie name is getting reflected on the page without sanitization: █████ POC (you can use Chrome Incognito mode for clear experiment) To trigger XSS on the...

Denial Of Service

JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0 being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory...

Cisco ASA/FTD Software - Cross-Site Scripting

Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities...

CVE-2023-1486

A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is...

XML Entity Expansion (XEE)

symfony/dependency-injection is vulnerable to XML Entity Expansion (XEE) . The vulnerability is due to XML Entity Expansion (XEE) attacks, where the use of libxml2 lacks defense against XEE Quadratic Blowup Attacks (QBA), allowing long entities to create a memory sink for Denial of Service attacks....

XML Entity Expansion

symfony/symfony is vulnerable to XML Entity Expansion. The vulnerability is due to all extensions that use libxml2 having no defense against Quadratic Blowup Attacks, which involve defining a long entity that is repeatedly referenced within the XML document, thus creating a potential memory sink...

Zabbix Server Brute Force Utility

This module attempts to login to Zabbix server instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also test for the Zabbix default login (Admin:zabbix) and guest...

Apache Axis2 Brute Force Utility

This module attempts to login to an Apache Axis2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It has been verified to work on at least versions 1.4.1 and...

Granting access of protected ContentProviders on behalf of Launcher

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Password brute force attack in github.com/IceWhaleTech/CasaOS-UserService

The CasaOS web application does not have protection against password brute force attacks. An attacker can use a password brute force attack to find and gain full access to the server. This vulnerability allows attackers to get super user-level access over the...

DB2 Authentication Brute Force Utility

This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE...

Denial Of Service (DoS)

Libraries that implement HTTP/2 are vulnerable to Denial Of Service (DoS). The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...

Denial Of Service (DoS)

ASP.NET and .NET are vulnerable to Denial of Service. The vulnerability is due to the Kestrel web server detecting a malicious client but failing to disconnect, resulting in Denial of...

Mattermost leaks details of AD/LDAP groups of a teams

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member...

Denial Of Service

libexpat is vulnerable of Denial of service. The vulnerability due to many full reparsings are required in the case of a large token for which multiple buffer fills are needed. It leads to the exhaustion of available...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....

Denial Of Service (DoS)

samba is vulnerable to Denial of Service (DoS) attacks. This vulnerability occurs when Samba parses a specially crafted RPC request. If the request is valid, Samba will enter an infinite loop. This could cause Samba to consume excessive CPU resources and eventually...

OpenFGA denial of service

Overview OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an "out of memory" error and terminate....

Denial Of Service (DoS)

langchain is vulnerable to a Denial-of-Service (DoS). The vulnerability is due to infinite recursion in the parse_sitemap method, which results in an infinite loop that exceeds the maximum recursion depth in...

Denial Of Service (DoS)

ZenML is vulnerable to a Denial Of Service (DoS). The vulnerability is due to improper handling of line feed (\n) characters in component names, allowing an attacker to cause uncontrolled resource consumption by adding a component through an API endpoint...

Denial Of Service (DoS)

eventlet and dnspython are vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of enforcing the preferred behavior of waiting for a valid packet during DNS name resolution, allowing remote attackers to interfere with the resolution process by quickly sending an invalid packet....

Denial Of Service (DoS)

org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service (DoS). The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold...

Denial Of Service (DoS)

Magick is vulnerable to Denial of Service (DoS) attacks. Applications using the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() methods to check a DH key or DH parameters may encounter lengthy delays. If the key or parameters being verified have come from an unreliable source, this might...