Cybersecurity information flow

Hundreds of companies’ internal data exposed — Part 2: The FreshService misconfiguration
One misconfiguration, hundreds of companies, thousands of dollars in bounties… again.
Note: This is NOT a vulnerability in Freshservice. This is a misconfiguration affecting a subset of companies using Freshservice, and is caused by a misconfiguration on part of the company using Freshservice for ITSM, not Freshworks.
Introduction:
About a year ago, I found a misconfiguration in Atlassian Cloud instances, which affected hundreds of companies worldwide. The misconfiguration allowed attackers to view internal and sensitive information of the affected company, with no authentication whatsoever. You can read my article on this misconfiguration here.
This finding of mine prompted me to research other such IT service management platforms, which are widely used by teams to coordinate internal IT tickets, share help articles with employees, and request services from the company. That was when I first stumbled across Freshservice.

Hundreds of companies’ internal data exposed — Part 2: The FreshService misconfiguration
One misconfiguration, hundreds of companies, thousands of dollars in bounties… again.
Note: This is NOT a vulnerability in Freshservice. This is a misconfiguration affecting a subset of companies using Freshservice, and is caused by a misconfiguration on part of the company using Freshservice for ITSM, not Freshworks.
Introduction:
About a year ago, I found a misconfiguration in Atlassian Cloud instances, which affected hundreds of companies worldwide. The misconfiguration allowed attackers to view internal and sensitive information of the affected company, with no authentication whatsoever. You can read my article on this misconfiguration here.
This finding of mine prompted me to research other such IT service management platforms, which are widely used by teams to coordinate internal IT tickets, share help articles with employees, and request services from the company. That was when I first stumbled across Freshservice.

Topic: Prison Management System SQL Injection Authentication Bypass Risk: Medium Text:# Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass # Date: 15/03/2024 # Exploit Author: Sanj...

Topic: Esteghlal F.C. Cross Site Scripting Risk: Low Text:EXPLOIT XSS Esteghlal F.C. (باشگاه فوتبال استقلال تهران) Site https://fcesteghlal.ir suffers from ...

Topic: Panel.SmokeLoader / Cross Site Request Forgery (CSRF) - Persistent XSS Risk: Medium Text:Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f3...

" 主题：Panel.SmokeLoader / 跨站请求伪造（CSRF）- 持续性XSS风险：中等\n文本：发现/鸣谢：Malvuln（John Page 又名 hyp3rlinx）（版权所有）2024\n原始来源：https://malvuln.com/advisory/4b5fc3a2489985f3...\n\n译文：\n主题：Panel.SmokeLoader / 跨站请求伪造（CSRF）- 中等持续性XSS风险\n文本：发现/鸣谢：Malvuln（John Page 又名 hyp3rlinx）（版权所有）2024\n原始来源：https://malvuln.com/advisory/4b5fc3a2489985f3..."

The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel. The Police of Finland is investigating a data breach suffered by the City of Helsinki, the security breach occurred during the night of 30 April 2024. The data breach impacted the City’s Education Division’s computer network. The […]

" 芬兰赫尔辛基市发生了一起数据泄露事件，影响了数以万计的学生、监护人和工作人员。芬兰警方正在调查赫尔辛基市遭受的数据泄露，安全漏洞发生在2024年4月30日夜间。数据泄露影响了该市教育部门的计算机网络。 […]"

Topic: Kemp LoadMaster Local sudo Privilege Escalation Risk: Medium Text:# This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-fram...

" 主题：Kemp LoadMaster本地sudo权限提升风险：中等\n文本：# 本模块需要Metasploit：https://metasploit.com/download\n# 当前来源：https://github.com/rapid7/metasploit-framework..."

tools for sandboxing your dependency graph

Evading MDI (@yaumn_), TAP->NTLM (@_dirkjan), ELF verifier (@kev169), Kerberos delegation + 🦀 in beacons (@_RastaMouse), and more!

" 规避MDI（@yaumn_），TAP->NTLM（@_dirkjan），ELF验证器（@kev169），Kerberos委派+🦀在信标中（《_RastaMouse》），等等！"

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
[GitHub]A version of the PoC for CVE-2021-31630 from https://github.com/Hunt3r0x/CVE-2021-31630-HTB but without the political messages, because they are unneccessary.

" 开放PLC Web服务器v3中的命令注入漏洞允许远程攻击者通过应用程序\"/hardware\"页面的\"硬件层代码框\"组件执行任意代码。\n[GitHub]这是一个针对CVE-2021-31630的证明概念（PoC），来源于https://github.com/Hunt3r0x/CVE-2021-31630-HTB，但去除了政治性信息，因为它们并非必要。"

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
[GitHub]That's a PoC of cve-2023-40000. Wordpress LiteSpeed Cache exploit.

" 在生成网页过程中对输入的不正确中和（跨站脚本攻击）漏洞在LiteSpeed Technologies的LiteSpeed Cache中允许存储XSS。此问题影响了LiteSpeed Cache：从n/a到5.7。\n[GitHub]这是cve-2023-40000的证明。Wordpress LiteSpeed Cache漏洞利用。"

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
[GitHub]Update python3 exploit for CVE-2018-10583 (LibreOffice/Open Office - '.odt' Information Disclosure )

" 当LibreOffice 6.0.3和Apache OpenOffice Writer 4.1.5在恶意文件中自动处理并启动一个嵌入式SMB连接时，就会发生信息泄露漏洞，这在.odt XML文档中的office:document-content元素内的xlink:href=file://192.168.0.2/test.jpg中得到了演示。\n[GitHub] 更新针对CVE-2018-10583（LibreOffice/Open Office - '.odt' 信息泄露）的python3漏洞利用。"

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
[GitHub]A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

" VFS沙箱逃逸在所有版本小于10.7.1和11.1.0的CrushFTP中，以及在所有平台上，允许具有低权限的远程攻击者从VFS沙箱之外的文件系统读取文件。\n[GitHub] CrushFTP在所有版本小于10.7.1和11.1.0的所有平台上，存在服务器端模板注入漏洞，允许未授权的远程攻击者从VFS沙箱之外的文件系统读取文件，绕过认证获得管理员权限，并在服务器上执行远程代码。"

My 8th week in a row doing my weekly retro, this week I setup an air quality sensor in my office, went AFK for some driving and much needed exercise, and reflect on being addicted to working.
You are not your work
This week I had a bit of a realization that I have been far too invested in my work. Since I began working in security as a hobby, as a passion project, when I switched to working in it full time I never really stopped spending my spare time also working on security related things. I’ve been all tech all day for like the last 6 years, and mostly tech most days for like 10 years before that. This has been helpful for my career progression, but it has come at a cost.
I used to participate in a local martial arts school before I moved to the Bay Area, and that was a good way to get out and get active and I felt like there was another pillar to my identity. But when I moved to the Bay, I never took the steps needed to find a new school, and I shifted into just being all work all the time. It turns out t

Prison Management System - SQL Injection Authentication Bypass

PyroCMS v3.0.1 - Stored XSS

CE Phoenix Version 1.0.8.20 - Stored XSS

Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)

Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)

CrushFTP < 11.1.0 - Directory Traversal

Plantronics Hub 3.25.1 - Arbitrary File Read

Apache mod_proxy_cluster - Stored XSS

There are two things from our announcement today I wanted to highlight.
First, a key part of our mission is to put very capable AI tools in the hands of people for free (or at a great price). I am very proud that we’ve the best model in the world available for free in ChatGPT, without ads or anything like that.
Our initial conception when we started OpenAI was that we’d create AI and use it to create all sorts of benefits for the world. Instead, it now looks like we’ll create AI and then other people will use it to create all sorts of amazing things that we all benefit from.
We are a business and will find plenty of things to charge for, and that will help us provide free, outstanding AI service to (hopefully) billions of people.
Second, the new voice (and video) mode is the best compute interface I’ve ever used. It feels like AI from the movies; and it’s still a bit surprising to me that it’s real. Getting to human-level response times and expressiveness turns out to be a big change
The original ChatGPT show

In mmu_insert_pages_no_flush(), when a HUGE_HEAD page is mapped to a 2M aligned GPU address, this is done by creating an Address Translation Entry (ATE) at MIDGARD_MMU_LEVEL(2) (in other words, an ATE covering 2M of memory is created). This is wrong because it assumes that at least 2M of memory should be mapped. mmu_insert_pages_no_flush() can be called in cases where less than that should be mapped, for example when creating a short alias of a big native allocation. Later, when kbase_mmu_teardown_pgd_pages() tries to tear down this region, it will detect that unmapping a subsection of a 2M ATE is not possible and write a log message complaining about this, but then proceed as if everything was fine while leaving the ATE intact. This means the higher-level code will proceed to free the referenced physical memory while the ATE still points to it.

" 在 mmu_insert_pages_no_flush() 函数中，当一个 HUGE_HEAD 页面映射到 2M 对齐的 GPU 地址时，是通过在 MIDGARD_MMU_LEVEL（2）创建一个地址转换条目（ATE）来实现的（换句话说，创建一个覆盖 2M 内存的 ATE）。这是错误的，因为它假设至少应该映射 2M 的内存。

Red Hat Security Advisory 2024-2815-03 - An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

" 红帽安全公告2024-2815-03 - Red Hat OpenShift GitOps v1.11.4的Argo CD UI和Console插件现已提供更新。红帽产品安全已将此更新评估为具有重要安全影响。在“参考”部分中的CVE链接提供了每个漏洞的通用漏洞评分系统基础分，该基础分提供了详细的严重性评级。"

Red Hat Security Advisory 2024-2816-03 - An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

" 红帽安全公告2024-2816-03 - Red Hat OpenShift GitOps v1.12.2的Argo CD UI和Console插件现已提供更新。红帽产品安全已将此更新评估为具有重要安全影响。在“参考”部分中的CVE链接中，您可以找到每个漏洞的通用漏洞评分系统基础分，该分数提供了详细的严重性评级。"