Red Hat Security Advisory 2024-5533-03 - An update for python3.12-setuptools is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5533.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3.12-setuptools security updateAdvisory ID:        RHSA-2024:5533-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5533Issue date:         2024-08-19Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for python3.12-setuptools is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages.  This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources.Security Fix(es):* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-5533-03

Red Hat Security Advisory 2024-5481-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and server-side request forgery vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5481.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 8.0.3 Security update  
Advisory ID:        RHSA-2024:5481-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5481  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2024-28752  
====================================================================

Summary: 

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.2, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-8.0.z] (CVE-2024-28752)

* org.bouncycastle-bcprov-jdk18on: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) [eap-8.0.z] (CVE-2024-30171)

* netty-codec-http: Allocation of Resources Without Limits or Throttling [eap-8.0.z] (CVE-2024-29025)

* org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class [eap-8.0.z] (CVE-2024-30172)

* org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service [eap-8.0.z] (CVE-2024-29857)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2024-28752

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/8.0/  
https://bugzilla.redhat.com/show_bug.cgi?id=2270732  
https://bugzilla.redhat.com/show_bug.cgi?id=2272907  
https://bugzilla.redhat.com/show_bug.cgi?id=2276360  
https://bugzilla.redhat.com/show_bug.cgi?id=2293025  
https://bugzilla.redhat.com/show_bug.cgi?id=2293028  
https://issues.redhat.com/browse/JBEAP-25224  
https://issues.redhat.com/browse/JBEAP-26018  
https://issues.redhat.com/browse/JBEAP-26696  
https://issues.redhat.com/browse/JBEAP-26790  
https://issues.redhat.com/browse/JBEAP-26791  
https://issues.redhat.com/browse/JBEAP-26793  
https://issues.redhat.com/browse/JBEAP-26802  
https://issues.redhat.com/browse/JBEAP-26816  
https://issues.redhat.com/browse/JBEAP-26823  
https://issues.redhat.com/browse/JBEAP-26843  
https://issues.redhat.com/browse/JBEAP-26886  
https://issues.redhat.com/browse/JBEAP-26932  
https://issues.redhat.com/browse/JBEAP-26948  
https://issues.redhat.com/browse/JBEAP-26961  
https://issues.redhat.com/browse/JBEAP-26962  
https://issues.redhat.com/browse/JBEAP-26966  
https://issues.redhat.com/browse/JBEAP-26986  
https://issues.redhat.com/browse/JBEAP-27002  
https://issues.redhat.com/browse/JBEAP-27019  
https://issues.redhat.com/browse/JBEAP-27055  
https://issues.redhat.com/browse/JBEAP-27090  
https://issues.redhat.com/browse/JBEAP-27192  
https://issues.redhat.com/browse/JBEAP-27194  
https://issues.redhat.com/browse/JBEAP-27261  
https://issues.redhat.com/browse/JBEAP-27262  
https://issues.redhat.com/browse/JBEAP-27327  
https://issues.redhat.com/browse/JBEAP-27356

Red Hat Security Advisory 2024-5481-03

Red Hat Security Advisory 2024-5479-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and server-side request forgery vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5479.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 8.0.3 Security update  
Advisory ID:        RHSA-2024:5479-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5479  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2024-28752  
====================================================================

Summary: 

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.2, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-8.0.z] (CVE-2024-28752)

* org.bouncycastle-bcprov-jdk18on: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) [eap-8.0.z] (CVE-2024-30171)

* netty-codec-http: Allocation of Resources Without Limits or Throttling [eap-8.0.z] (CVE-2024-29025)

* org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class [eap-8.0.z] (CVE-2024-30172)

* org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service [eap-8.0.z] (CVE-2024-29857)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2024-28752

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/8.0/  
https://bugzilla.redhat.com/show_bug.cgi?id=2270732  
https://bugzilla.redhat.com/show_bug.cgi?id=2272907  
https://bugzilla.redhat.com/show_bug.cgi?id=2276360  
https://bugzilla.redhat.com/show_bug.cgi?id=2293025  
https://bugzilla.redhat.com/show_bug.cgi?id=2293028  
https://issues.redhat.com/browse/JBEAP-25224  
https://issues.redhat.com/browse/JBEAP-26018  
https://issues.redhat.com/browse/JBEAP-26696  
https://issues.redhat.com/browse/JBEAP-26790  
https://issues.redhat.com/browse/JBEAP-26791  
https://issues.redhat.com/browse/JBEAP-26792  
https://issues.redhat.com/browse/JBEAP-26802  
https://issues.redhat.com/browse/JBEAP-26816  
https://issues.redhat.com/browse/JBEAP-26823  
https://issues.redhat.com/browse/JBEAP-26843  
https://issues.redhat.com/browse/JBEAP-26886  
https://issues.redhat.com/browse/JBEAP-26932  
https://issues.redhat.com/browse/JBEAP-26948  
https://issues.redhat.com/browse/JBEAP-26961  
https://issues.redhat.com/browse/JBEAP-26962  
https://issues.redhat.com/browse/JBEAP-26966  
https://issues.redhat.com/browse/JBEAP-26986  
https://issues.redhat.com/browse/JBEAP-27002  
https://issues.redhat.com/browse/JBEAP-27019  
https://issues.redhat.com/browse/JBEAP-27055  
https://issues.redhat.com/browse/JBEAP-27090  
https://issues.redhat.com/browse/JBEAP-27192  
https://issues.redhat.com/browse/JBEAP-27194  
https://issues.redhat.com/browse/JBEAP-27261  
https://issues.redhat.com/browse/JBEAP-27262  
https://issues.redhat.com/browse/JBEAP-27327  
https://issues.redhat.com/browse/JBEAP-27356

Red Hat Security Advisory 2024-5479-03

Red Hat Security Advisory 2024-5363-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5363.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:5363-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5363  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2021-47606  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Errata Tool Automation could not update the description because it is longer (4803) than ET limit of 4000 characters. (OSCI-6058)  
Please update the description manually.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47606

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265838  
https://bugzilla.redhat.com/show_bug.cgi?id=2273405  
https://bugzilla.redhat.com/show_bug.cgi?id=2275600  
https://bugzilla.redhat.com/show_bug.cgi?id=2275655  
https://bugzilla.redhat.com/show_bug.cgi?id=2275715  
https://bugzilla.redhat.com/show_bug.cgi?id=2275748  
https://bugzilla.redhat.com/show_bug.cgi?id=2278380  
https://bugzilla.redhat.com/show_bug.cgi?id=2278417  
https://bugzilla.redhat.com/show_bug.cgi?id=2278429  
https://bugzilla.redhat.com/show_bug.cgi?id=2278519  
https://bugzilla.redhat.com/show_bug.cgi?id=2278989  
https://bugzilla.redhat.com/show_bug.cgi?id=2281057  
https://bugzilla.redhat.com/show_bug.cgi?id=2281097  
https://bugzilla.redhat.com/show_bug.cgi?id=2281133  
https://bugzilla.redhat.com/show_bug.cgi?id=2281190  
https://bugzilla.redhat.com/show_bug.cgi?id=2281237  
https://bugzilla.redhat.com/show_bug.cgi?id=2281257  
https://bugzilla.redhat.com/show_bug.cgi?id=2281265  
https://bugzilla.redhat.com/show_bug.cgi?id=2281272  
https://bugzilla.redhat.com/show_bug.cgi?id=2281639  
https://bugzilla.redhat.com/show_bug.cgi?id=2281667  
https://bugzilla.redhat.com/show_bug.cgi?id=2281821  
https://bugzilla.redhat.com/show_bug.cgi?id=2281900  
https://bugzilla.redhat.com/show_bug.cgi?id=2281949  
https://bugzilla.redhat.com/show_bug.cgi?id=2282719  
https://bugzilla.redhat.com/show_bug.cgi?id=2284400  
https://bugzilla.redhat.com/show_bug.cgi?id=2284417  
https://bugzilla.redhat.com/show_bug.cgi?id=2284474  
https://bugzilla.redhat.com/show_bug.cgi?id=2284496  
https://bugzilla.redhat.com/show_bug.cgi?id=2284511  
https://bugzilla.redhat.com/show_bug.cgi?id=2284513  
https://bugzilla.redhat.com/show_bug.cgi?id=2284543  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2293208  
https://bugzilla.redhat.com/show_bug.cgi?id=2293418  
https://bugzilla.redhat.com/show_bug.cgi?id=2293441  
https://bugzilla.redhat.com/show_bug.cgi?id=2293657  
https://bugzilla.redhat.com/show_bug.cgi?id=2293658  
https://bugzilla.redhat.com/show_bug.cgi?id=2293686  
https://bugzilla.redhat.com/show_bug.cgi?id=2293687  
https://bugzilla.redhat.com/show_bug.cgi?id=2293688  
https://bugzilla.redhat.com/show_bug.cgi?id=2297056  
https://bugzilla.redhat.com/show_bug.cgi?id=2297512  
https://bugzilla.redhat.com/show_bug.cgi?id=2297538  
https://bugzilla.redhat.com/show_bug.cgi?id=2297542  
https://bugzilla.redhat.com/show_bug.cgi?id=2297545

Red Hat Security Advisory 2024-5363-03

Red Hat Security Advisory 2024-5334-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5334.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:5334-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5334Issue date:         2024-08-16Revision:           03CVE Names:          CVE-2024-38167====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.108 and .NET Runtime 8.0.8.Security Fix(es):* dotnet: Information disclosure vulnerability in TlsStream (CVE-2024-38167)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):* EMBARGOED CVE-2024-38167 dotnet8.0: Information disclosure vulnerability in TlsStream (CVE-2024-38167)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38167References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2302428

Red Hat Security Advisory 2024-5334-03

Red Hat Security Advisory 2024-5322-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5322.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:5322-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5322  
Issue date:         2024-08-15  
Revision:           03  
CVE Names:          CVE-2024-7518  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* Firefox: 115.14/128.1 ESR ()

* mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

* mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

* mozilla: Type confusion in WebAssembly (CVE-2024-7520)

* mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

* mozilla: Out of bounds read in editor component (CVE-2024-7522)

* mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)

* mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

* mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

* mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

* mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

* mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7518

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-5322-03

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

**Home Owners Collection Management System 1.0 Insecure Settings**

Posted Aug 16, 2024

Authored by indoushka

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 94fb8d8c82f8132953cb67c97a9b682c8e63a436a475a575173b89ddf54daa9f

Download | Favorite | View

**Home Owners Collection Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Home Owners Collection Management System v1.0 Insecure Settings Vulnerability                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Home Owners Collection Management System 1.0 Insecure Settings

Red Hat Security Advisory 2024-5279-03 - An update for python3.11-setuptools is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5279.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3.11-setuptools security updateAdvisory ID:        RHSA-2024:5279-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5279Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for python3.11-setuptools is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages.  This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources.Security Fix(es):* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-5279-03

Red Hat Security Advisory 2024-5231-03 - An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5231.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: bind and bind-dyndb-ldap security update  
Advisory ID:        RHSA-2024:5231-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5231  
Issue date:         2024-08-15  
Revision:           03  
CVE Names:          CVE-2024-1737  
====================================================================

Summary: 

An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam (CVE-2024-1737)

* bind9: bind: SIG(0) can be used to exhaust CPU resources (CVE-2024-1975)

* bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content (CVE-2024-4076)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1737

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2298893  
https://bugzilla.redhat.com/show_bug.cgi?id=2298901  
https://bugzilla.redhat.com/show_bug.cgi?id=2298904

Red Hat Security Advisory 2024-5231-03

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

Posted Aug 16, 2024

Authored by indoushka

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 98c12c7a5556d4399b71f053e8f21eaf5c59e49e15d4bf7f6b1980de56fec3c2

Download | Favorite | View

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Bhojon restaurant management system v3.0 IDOR Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/restaurant-management-system.php#live_demo                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Tag

#linux