#debian

Debian Linux Security Advisory 5734-2 - The security update announced as DSA 5734-1 caused a regression on configurations using the Samba DLZ module. Updated packages are now available to correct this issue.

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

Pharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.

Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.

Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.

### Summary The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. ### PoC 0. Start a fresh Debian container: ```sh docker run --workdir /repro --rm -it debian:bookworm-slim ``` 1. Install twisted and its dependencies: ```sh apt -y update && apt -y install ncat git python3 python3-pip \ && git clone --recurse-submodules https://github.com/twisted/twisted \ && cd twisted \ && pip3 install --break-system-packages . ``` 2. Run a twisted.web HTTP server that echos received requests' methods. e.g., the following: ```python from twisted.web import server, resource from twisted.internet import reactor class TheResource(resource.Resource): isLeaf = True def render_GET(self, request) -> bytes: return b"GET" def render_POST(self, request) -> bytes: return b"POST" site = server.Site(TheResource()) reactor.listenTCP(80, site) reactor.run() ``` 3. Send it a PO...

Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

Webdenim AppUI version 1.0 suffers from an insecure direct object reference vulnerability.