Clobbering DOM Attributes to Bypass HTML Filters and Trigger DOM-Based XSS
This article demonstrates a unique form of DOM-based Cross-Site Scripting (XSS) by exploiting property collisions in the Document Object Model (DOM). The application filters user comments for restricted HTML but overlooks unsafe assumptions about specific DOM properties. By intentionally clobbering an existing property (onclick), the researcher overwrites its original value with malicious code, effectively bypassing filtering mechanisms that should have removed it. Although event handlers such as onclick and onfocus were supposed to be removed, the clobber attack allowed their retention. This vulnerability can result in sensitive data exposure or account takeover. The researcher did not disclose a bounty amount, but the article serves as a valuable lesson for security researchers to scrutinize assumptions about DOM properties during sanitization. Key lesson: Carefully examine all DOM properties when implementing HTML filtering to avoid clobber attacks. #BugBounty #Cybersecurity #DOMXSS #InformationDisclosure

https://meetcyber.net/clobbering-dom-attributes-to-bypass-html-filters-and-trigger-dom-based-xss-cc2afb437bde

Here's something that wasn't on your bingo card. Secrets, like API keys were gobbled up in a huge dataset used to train most GenAI models. People leave them in GitHub, then the model absorbs the code, and bobs your uncle.

https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html?m=1

#genai #informationdisclosure

Check Point Vulnerability Report: CVE-2024-24919

Date: May 29, 2024

CVE: CVE-2024-24919

Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

CWE: [[CWE-22]], [[CWE-425]]

Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

Synopsis

A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

Issue Summary

The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

Technical Key Findings

The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

Vulnerable Products

• Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

Impact Assessment

Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

Patches or Workaround

Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

Tags

#CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence

VMware Patches Severe Security Flaws in Workstation and Fusion Products

Date: May 2024
CVE: CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, CVE-2024-22270
Vulnerability Type: Use-After-Free, Heap Buffer Overflow, Information Disclosure
CWE: [[CWE-416]], [[CWE-122]], [[CWE-200]]
Sources: The Hacker News, Broadcom advisory

Issue Summary

Multiple severe security vulnerabilities have been identified in VMware Workstation and Fusion products. These vulnerabilities could potentially allow threat actors to execute arbitrary code, access sensitive information, and trigger denial-of-service (DoS) conditions. The affected versions include Workstation 17.x and Fusion 13.x.

Technical Key Findings

The vulnerabilities include a use-after-free issue in the Bluetooth device (CVE-2024-22267), a heap buffer overflow in the shader functionality (CVE-2024-22268), and two information disclosure flaws (CVE-2024-22269 and CVE-2024-22270). Exploiting these vulnerabilities requires local administrative privileges on a virtual machine, potentially allowing attackers to manipulate the VM's VMX process.

• CVE-2024-22267 (CVSS score: 9.3) - A use-after-free vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host

|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22267|9.3|Critical|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22267|9.3|Critical|13.5.2|KB91760|None|

• CVE-2024-22268 (CVSS score: 7.1) - A heap buffer-overflow vulnerability in the Shader functionality that could be exploited by a malicious actor with non-administrative access to a virtual machine with 3D graphics enabled to create a DoS condition

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ------------------------------------------------ | ------------------------ |
| Workstation | 17.x | Windows | CVE-2024-22268 | 7.1 | Important | 17.5.2 | KB59146 | None |
| Fusion | 13.x | OS X | CVE-2024-22268 | 7.1 | Important | 13.5.2 | KB59146 | None |

• CVE-2024-22269 (CVSS score: 7.1) - An information disclosure vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine== to read privileged information contained in hypervisor memory== from a virtual machine

|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22269|7.1|Important|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22269|7.1|Important|13.5.2|KB91760|None|

• CVE-2024-22270 (CVSS score: 7.1) - An information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality that could be exploited by a malicious actor with local administrative privileges on a virtual machine to read privileged information contained in hypervisor memory from a virtual machine

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ----------- | ------------------------ |
| Workstation | 17.x | Any | CVE-2024-22270 | 7.1 | Important | 17.5.2 | None | None |
| Fusion | 13.x | OS X | CVE-2024-22270 | 7.1 | Important | 13.5.2 | None | None |

Vulnerable Products

• VMware Workstation versions 17.x
• VMware Fusion versions 13.x

Impact Assessment

Exploiting these vulnerabilities could lead to significant security breaches, including arbitrary code execution on the host machine, sensitive data exposure, and system crashes. The critical nature of these flaws underscores the need for immediate remediation to prevent potential attacks.

Patches or Workarounds

VMware has released patches for these vulnerabilities in versions 17.5.2 (Workstation) and 13.5.2 (Fusion). As temporary measures, users are advised to disable Bluetooth support and 3D acceleration features on virtual machines. However, there is no workaround for CVE-2024-22270.

Tags

#VMware #CVE-2024-22267 #CVE-2024-22268 #CVE-2024-22269 #CVE-2024-22270 #UseAfterFree #HeapBufferOverflow #InformationDisclosure #Virtualization #Workstation #Fusion #SecurityPatch

Wall-Escape Vulnerability Analysis: Implications and Mitigation Strategies

Date: February 27, 2024
CVE: CVE-2024-28085
Vulnerability Type: [[Command Injection]]
CWE: [[CWE-77]], [[CWE-78]], [[CWE-88]]
Sources: [SANS Wall-Escape (CVE-2024-28085)](https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt

Issue Summary

Wall-Escape (CVE-2024-28085) unveils a critical flaw in the wall command from the util-linux package, allowing unprivileged users to execute command-line arguments without proper escape sequence filtering. This vulnerability has existed since 2013, posing a significant risk on systems where wall is setgid and mesg is set to 'y', notably Ubuntu 22.04 and Debian Bookworm.

Technical Key findings

The flaw arises from the mishandling of command-line arguments (argv), which are not sanitized for escape sequences. This oversight enables attackers to inject arbitrary text onto terminals of other users, potentially leading to information leakage or clipboard alteration. The vulnerability is exploitable through crafted wall command executions, leveraging system features to extract sensitive information such as user passwords.

Vulnerable products

• All versions of util-linux since 2013
• Specifically impactful on:
  • Ubuntu 22.04
  • Debian Bookworm

Impact assessment

Successful exploitation can lead to unauthorized information disclosure and manipulation of terminal sessions. On Ubuntu 22.04, attackers can deceive users into revealing passwords. The vulnerability also enables clipboard content alteration on certain terminal emulators.

Patches or workaround

No specific patches were mentioned for CVE-2024-28085. Users are advised to restrict access to the wall command and monitor systems for unusual terminal behavior indicative of exploitation attempts.

Tags

#CVE-2024-28085 #CommandInjection #Ubuntu #Debian #InformationDisclosure #util-linux #TerminalSecurity

My home office window faces my neighbor’s house, and their external dryer vent is right at my eye level.

As it flaps, I know they are drying a load of laundry.

I am not sure what to do with this #InformationDisclosure

#PointlessOpsec

#infosec

"🚨 Exim Mail Servers Under Siege: New Critical Flaws Unearthed 🚨"

A recent disclosure has unveiled multiple security vulnerabilities in the Exim mail transfer agent, posing a significant threat to information disclosure and remote code execution. The flaws, reported anonymously in June 2022, include:

• CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2023-42115 (CVSS score: 9.8) - Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
• CVE-2023-42116 (CVSS score: 8.1) - Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
• CVE-2023-42117 (CVSS score: 8.1) - Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
• CVE-2023-42118 (CVSS score: 7.5) - Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
• CVE-2023-42119 (CVSS score: 3.1) - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability

The most severe among these is CVE-2023-42115, enabling remote, unauthenticated attackers to execute arbitrary code on affected Exim installations. The Exim maintainers have already provided fixes for some of these vulnerabilities, while discussions are ongoing regarding the remaining issues.

This disclosure follows a history of security flaws in Exim, including the notorious 21Nails vulnerabilities and a critical Exim vulnerability (CVE-2019-10149, CVSS score: 9.8) exploited by the state-sponsored Sandworm group from Russia.

Source: The Hacker News

Tags: #Exim #CyberSecurity #Vulnerabilities #RemoteCodeExecution #InformationDisclosure #CVE202342115 #CVE202342116 #CVE202342117 #CVE202342118 #CVE202342119 #CVE202342114 🛡️💻🔓