techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.7K
active users

#vulnerability

140 posts46 participants2 posts today

FortiWeb взломан изнутри: SQL-инъекция 9.6/10 позволяет писать код в БД

#CVE #vulnerability #FortiWeb

В компоненте Fabric Connector (интеграция продуктов Fortinet) обнаружена (fortiguard.fortinet.com/psirt/) критическая уязвимость CVE-2025-25257 (9.6/10 CVSS). Атакующий без авторизации мог:
→ Выполнять произвольные SQL-запросы через поддельный Bearer-токен в заголовке Authorization;
→ Использовать SELECT... INTO OUTFILE для записи вредоносного кода на диск;
→ Запускать код через Python, получая полный контроль над системой (от имени пользователя mysql).

Уязвимые версии:
FortiWeb 7.6.0–7.6.3, 7.4.0–7.4.7, 7.2.0–7.2.10, 7.0.0–7.0.10.
Решение: Срочно обновиться до 7.6.4, 7.4.8, 7.2.11 или 7.0.11. До патча — отключить веб-интерфейсы HTTP/HTTPS.

Как починили?
Fortinet заменила небезопасные форматные строки на подготовленные выражения (prepared statements), блокирующие SQL-инъекции. Уязвимость нашёл Кентаро Кавана (GMO Cybersecurity) — эксперт по взлому Cisco.

FortiGuard LabsPSIRT | FortiGuard LabsNone

If you’re using #Immich, a self-hosted photo and video management solution check for an update if you’re not running on the latest version, because prior to 1.132.0, Immich is vulnerable to account hijacking through oauth2.
github.com/immich-app/immich/s
CVSSv4:7.3
CVE-2025-43856, CWE-303
#security #cybersecurity #vulnerability

### Summary
immich is vulnerable to account hijacking through oauth2, because the `state` parameter is not being checked. 

### Details
the oauth2 state parameter is similar to a csrf token, so...
GitHubAccount hijacking through oauth2### Summary immich is vulnerable to account hijacking through oauth2, because the `state` parameter is not being checked. ### Details the oauth2 state parameter is similar to a csrf token, so...

Critical buffer overflow flaw reported in D-Link DIR-825 routers

Security researchers have discovered a critical stack-based buffer overflow vulnerability in D-Link DIR-825 Rev.
When the router processes subsequent requests to ASP pages containing specific script tags, the stored language value is retrieved and processed through multiple functions, ultimately leading to a stack overflow condition.
js”></script> is requested, the router attempts to process the stored language value, leading to a stack overflow in the sub_40bFC4 function.
The researcher provided a detailed proof of concept demonstrating the vulnerability’s exploitation.
cgi with a carefully crafted payload containing an extremely long language parameter value.

**If you have a D-Link DIR-825 router, isolate its web interface from any public networks and block external access since this model is no longer supported with security updates. Consider replacing the router since it won't be getting any patches. And other flaws will be found.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical buffer overflow flaw reported in D-Link DIR-825 routersSecurity researchers have discovered a critical stack-based buffer overflow vulnerability in D-Link DIR-825 Rev. When the router processes subsequent requests to ASP pages containing specific script tags, the stored language value is retrieved and processed through multiple functions, ultimately leading to a stack overflow condition. js”></script> is requested, the router attempts to process the stored language value, leading to a stack overflow in the sub_40bFC4 function. The researcher provided a detailed proof of concept demonstrating the vulnerability’s exploitation. cgi with a carefully crafted payload containing an extremely long language parameter value.