CVE-2024-27524: Stored XSS in tickets Severity: High (Base Score 7.1 ) CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Mitigation: Upgrade to Chamilo LMS 1.11.28 and above. Patch: https://github.com/chamilo/chamilo-lms/commit/53275c152275958b33a1f87a21843daa52fb543a CVE-2024-27525: Self XSS in social network Base Score: Medium (Base Score 4.6 ) CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L Mitigation: Upgrade to Chamilo LMS 1.11.28 and above. Patch: https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c Overview This advisory covers the discovery of two vulnerabilities within Chamilo LMS, an open-source learning management system (LMS) widely used across educational institutions. These vulnerabilities—stored cross-site scripting (Stored XSS) and self-cross-site scripting (Self XSS)—pose different levels of security risks but highlight critical consideration...
Wi-Fi hacking is often synonymous with WPA/WPA2 PSK attacks, one of the most popular ways hackers attempt to compromise wireless networks. These attacks take advantage of weak pre-shared keys (passwords) by capturing a crucial piece of data known as the 4-way handshake during the network authentication process. Once captured, this data can be cracked using dictionary or brute-force attacks to reveal the network's password. The attack methodology involves several steps, starting from identifying the target network, capturing traffic, and forcing devices on the network to disconnect (using a deauthentication attack), all the way to cracking the captured handshake with tools like aircrack-ng . By generating custom wordlists with tools like CUPP and rsmangler , attackers can tailor their brute-force attempts to the specific target. This guide will walk you through the entire process, detailing the tools, techniques, and commands used, while also explaining how to secure your ow...