#git

A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual `<script>` element. If an attacker injected an HTML element such as: ``` <img name="currentScript" src="https://malicious.example.com"> ``` it could clobber the document.currentScript property. This causes the script to resolve incorrectly to an <img> element instead of the <script> tag, leading to unexpected behavior or failure to load the script path correctly. This issue arises because in some browser environments, named DOM elements (e.g., name="currentScript") become properties on the global document object. ## Impact An attacker with control over the HTML could exploit this to change the CDN domain of tarteaucitron. ## Fix https://github.com/AmauriC/tarteaucitron.js/commit/230a3b69d363837acfa895823d841e0608826ba3 The issue was resolved by verifying that document.currentScript is an instance of HTMLScriptElement. If not, the script now fa...

### Summary eKuiper /config/uploads API supports accessing remote web URLs and saving files in the local upload directory, but there are no security restrictions, resulting in arbitrary file writing through ../. If run with root privileges, RCE can be achieved by writing crontab files or ssh keys. ### Details ```go func fileUploadHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { // Upload or overwrite a file case http.MethodPost: switch r.Header.Get("Content-Type") { case "application/json": fc := &fileContent{} defer r.Body.Close() err := json.NewDecoder(r.Body).Decode(fc) if err != nil { handleError(w, err, "Invalid body: Error decoding file json", logger) return } err = fc.Validate() if err != nil { handleError(w, err, "Invalid body: missing necessary field", logger) return } filePath := filepath.Join(uploadDir, fc.Name) err = upload(fc) ``` - The fc.Name parameter do not safely filtered. ### PoC ``` POST /co...

### Summary Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. In this case, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data or behavior, and ultimately take full control of the server. ### Details The file handler function trusts the filename provided by the user. This includes the cases when the user uses a path instead of the filename. This makes possible to write arbitrary files to the system and **replace** the files owned by _kuiper_ user on the filesystem. The vulnerable function is `fileUploadHandler` which is shown below: https://github.com/lf-edge/ekuiper/blob/1e6b6b6601445eb05316532f5fbef7f0a863ecfe/internal/server/rest.go#L329-L359 Exploitation of this vulnerability allows an attacker to rewrite the files owned by ekuiper including the main kuiper binaries as they are owned by _kuiper_ user: ![kuip...

## Summary Denial of Service vulnerability in `/rest/binary-data` endpoint when processing empty filesystem URIs (`filesystem://` or `filesystem-v2://`). ### Impact This is a Denial of Service (DoS) vulnerability that allows authenticated attackers to cause service unavailability through malformed filesystem URI requests. The vulnerability affects: - The `/rest/binary-data` endpoint - n8n.cloud instances (confirmed HTTP/2 524 timeout responses) Attackers can exploit this by sending GET requests with empty filesystem URIs (`filesystem://` or `filesystem-v2://`) to the `/rest/binary-data` endpoint, causing resource exhaustion and service disruption. ### Patches The issue has been patched in [1.99.0](https://github.com/n8n-io/n8n/releases/tag/n8n%401.99.0). All users should upgrade to this version or later. The fix introduces strict checking of URI patterns. Patch commit: https://github.com/n8n-io/n8n/pull/16229

Stalkerware app Catwatchful has been leaking customer and victim information. It is one in a long line of such apps to do this.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Overly Restrictive Account Lockout Mechanism 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition for legitimate users for a certain period by repeatedly attempting to log in with incorrect passwords. When the product repeatedly receives unauthorized logins from an attacker, legitimate users will be unable to be authenticated until a certain period has passed after the lockout or until the product is reset. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of MELSEC iQ-F Series is affected: FX5U-32MT/ES: All versions FX5U-32MT/DS: All versions FX5U-32MT/ESS: All versions FX5U-32MT/DSS: All versions FX5U-32MR/ES: All versions FX5U-32MR/DS: All versions FX5U-64MT/ES: All versions FX5U-64MT/DS: All versions FX5U-64MT/ESS: All versions FX5...

SentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data.

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox

Callback phishing scam emails are masquerading as messages from popular brands used for everyday tasks that put small businesses at risk.

LGBTIQ+ organizations in El Salvador are using technology to protect themselves and create a record of the country’s ongoing authoritarian escalations against their community. It’s not without risks.