A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

TP-Link Archer AX10(EU)\_V1.2\_230220 Buffer Overflow

Posted Jun 16, 2023

Authored by Giuseppe Compare

TP-Link Archer version AX10(EU)\_V1.2\_230220 suffers from a buffer overflow vulnerability.

tags | advisory, overflow

Download | Favorite | View

QuickJob Portal 6.1 Cross Site Scripting

Posted Jun 16, 2023

Authored by CraCkEr

QuickJob Portal version 6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

Download | Favorite | View

Quicklancer Freelance Marketplace 2.4 Cross Site Scripting

Posted Jun 16, 2023

Authored by CraCkEr

Quicklancer Freelance Marketplace version 2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss

Download | Favorite | View

QuickHomes Real Estate CMS 1.3 Cross Site Scripting

Posted Jun 16, 2023

Authored by CraCkEr

QuickHomes Real Estate CMS version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

Download | Favorite | View

Debian Security Advisory 5431-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5431-1 - Xu Biang discovered that missing input sanitizing in Sofia-SIP, a SIP User-Agent library could result in denial of service.

tags | advisory, denial of service

systems | linux, debian

Download | Favorite | View

Ubuntu Security Notice USN-6156-2

Posted Jun 16, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6156-2 - USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used. This update fixes the problem. It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.

tags | advisory, remote

systems | linux, ubuntu

Download | Favorite | View

Debian Security Advisory 5430-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5430-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.

tags | advisory, java, denial of service, vulnerability, info disclosure

systems | linux, debian

Download | Favorite | View

Red Hat Security Advisory 2023-3644-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

tags | advisory

systems | linux, redhat

Download | Favorite | View

Red Hat Security Advisory 2023-3645-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service

systems | linux, redhat

Download | Favorite | View

Ubuntu Security Notice USN-6169-1

Posted Jun 16, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6169-1 - It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information.

tags | advisory, remote, denial of service

systems | linux, ubuntu

Download | Favorite | View

Red Hat Security Advisory 2023-3641-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3641-01 - This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. Issues addressed include denial of service, deserialization, resource exhaustion, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability

systems | linux, redhat

Download | Favorite | View

Red Hat Security Advisory 2023-3642-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss

systems | linux, redhat

Download | Favorite | View

Debian Security Advisory 5429-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, protocol

systems | linux, debian

Download | Favorite | View

Ubuntu Security Notice USN-6168-1

Posted Jun 16, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6168-1 - Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

Download | Favorite | View

Debian Security Advisory 5428-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5428-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure

systems | linux, debian

Download | Favorite | View

Red Hat Security Advisory 2023-3622-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3622-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, denial of service, information leakage, insecure permissions, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, csrf

systems | linux, redhat

Download | Favorite | View

Red Hat Security Advisory 2023-3624-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service

systems | linux, redhat

Download | Favorite | View

Red Hat Security Advisory 2023-3623-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3623-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages include numerous enhancements and bug fixes. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss

systems | linux, redhat

Download | Favorite | View

Ubuntu Security Notice USN-6155-2

Posted Jun 16, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6155-2 - USN-6155-1 fixed a vulnerability in Requests. This update provides the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM. Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote

systems | linux, ubuntu

Download | Favorite | View

Suricata IDPE 6.0.13

Posted Jun 16, 2023

Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 1 security fix, 11 bug fixes, 1 task, and 2 documentation updates.

tags | tool, intrusion detection

systems | unix

Download | Favorite | View

Debian Security Advisory 5427-1

Posted Jun 16, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5427-1 - An anonymous researcher discovered that processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

tags | advisory, web, arbitrary, code execution

systems | linux, debian, apple

Download | Favorite | View

Red Hat Security Advisory 2023-3610-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3610-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf

systems | linux, redhat

Download | Favorite | View

Textpattern CMS 4.8.8 Command Injection

Posted Jun 16, 2023

Authored by tmrswrr

Textpattern CMS version 4.8.8 suffers from a command injection vulnerability.

tags | exploit

Download | Favorite | View

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Posted Jun 16, 2023

Authored by ayantaker | Site github.com

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below proof of concept authentication bypass exploit.

tags | exploit, proof of concept, bypass

Download | Favorite | View

Red Hat Security Advisory 2023-3609-01

Posted Jun 16, 2023

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory

systems | linux, redhat

Download | Favorite | View

CVE-2023-30223: Packet Storm

Debian Linux Security Advisory 5431-1 - Xu Biang discovered that missing input sanitizing in Sofia-SIP, a SIP User-Agent library could result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5431-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 16, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : sofia-sipCVE ID         : CVE-2023-32307Debian Bug     : 1036847Xu Biang discovered that missing input sanitising in Sofia-SIP, a SIPUser-Agent library could result in denial of service.For the oldstable distribution (bullseye), this problem has been fixedin version 1.12.11+20110422.1-2.1+deb11u2.We recommend that you upgrade your sofia-sip packages.For the detailed security status of sofia-sip please refer toits security tracker page at:https://security-tracker.debian.org/tracker/sofia-sipFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSMdDMACgkQEMKTtsN8TjYfkxAArFibANmIokupgYg4AFcFpZqsBQdg+eV2TeX3BRkTaj5UCimLyBZKPhmih/k27gp/F1Pn5GOVAltrNWUp83EENWDHcTlR6inmv2/IDFJZVbR8XIJhz+7FUfC2aGh8bfgDGYM0C+/2BQzK4TmPPNRjnxRsbrBB+upNEJ6PlqDlktHeT3ks0VbQbGuZgUoJMMrSQoztYfFbJJNr5hAOQUxkxz8avoVC66YXGtntj+PvXiPIZQiIOrjylF2aLdFvtbldjZXCeUn/7Iu+w8ekMM4skFmZ91JZ2AvMa1Mxmzp8MZ1KIpLnpLm34k7UZS9om0nBj5SschYywGmohPjyfAJUwtMhZmPp3h67UxdY3SrMYDnmrioX3+GJL6yPopkgbW4eVUNkgxX2AkfEMblwYgB/ysiwmxSmkqRiG4FetseZZJ8h85Wn9q/TZrf8yANBQbjmjXrjwv50fVuSApTV7lHsZWf79zOG8DZJikQ8/npdcDRFngZsH5NqD01G3JSrYEUnI+oH+/XfdY7YFsmgpOifKp+19aYvbiv1SFLs6jOBTWhwJn7Gd9kiW6IzTzu4ze2CmfzbOn9v4LdqMUodCO4/F77ahxHBblfKqNpy2bFWg/gyTtkY/MgG3PGB6pQmvTzADqtjNFErvP4wUpfqXHoa4x/sIcRND75hOH03UJ3gLf4=EZ/C-----END PGP SIGNATURE-----

Debian Security Advisory 5431-1

Ubuntu Security Notice 6169-1 - It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6169-1  
June 15, 2023

gsasl vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

gsasl could possibly be made crash or expose sensitive information  
over the network.

Software Description:  
- gsasl: GNU SASL command line utility

Details:

It was discovered that GNU SASL's GSSAPI server could make an  
out-of-bounds reads if given specially crafted GSS-API authentication  
data. A remote attacker could possibly use this issue to cause a  
denial of service or to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):  
gsasl 1.10.0-5ubuntu0.1~esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):  
gsasl 1.8.1-1ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
gsasl 1.8.0-8ubuntu3+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
gsasl 1.8.0-8ubuntu2+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
gsasl 1.8.0-2ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6169-1  
CVE-2022-2469

Ubuntu Security Notice USN-6169-1

Red Hat Security Advisory 2023-3623-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages include numerous enhancements and bug fixes. Issues addressed include cross site scripting and denial of service vulnerabilities.

Red Hat Security Advisory 2023-3623-01

Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.

During the month of May, an unknown threat group created a malicious GitHub repository that claimed to contain a zero-day exploit for a vulnerability in the Signal messaging app. The attackers supported the credibility of the exploit by creating a fake security company — High Sierra Cyber Security — linked to a number of made-up profiles of security researchers.

That's according to research conducted by threat intelligence firm VulnCheck, which found that the level of effort that the attacker put into create a social presence around the fake security company and the fake exploits is on a whole other level compared to what researchers have seen in the past.

"They put in a decent amount of effort into building personas, if you will, for each of these characters — these actors that who would advertise the GitHub repositories with the actual malware," VulnCheck security researcher William Vu tells Dark Reading. "So they put a lot of time and effort into building, really, a fake security company, and that, to me, is kind of new."

Targeting security researchers is rare, but has a long history. In 2021, for example, Google's Threat Analysis Group (TAG) warned that North Korea-backed hackers had created a faux research blog and multiple fake Twitter profiles. Researchers would then be asked to collaborate on vulnerability research, and those who agreed would be sent a Visual Studio project file that would run custom malware to infect the target's system, according to Google TAG's analysis. Three months later, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the campaign.

A similar attack — also by North Korea — targeted security researchers by using LinkedIn accounts and acting as recruiters, according to research released in March by Mandiant.

The latest attack also uses social engineering to target the supply chain, says Mike Parkin, a senior technical engineer at Vulcan Cyber, a provider of enterprise cyber-risk remediation services.

"One of the core defenses against malicious packages is for developers to actually vet the package before they download and use it, and part of that vetting process is determining if the package was created by a trustworthy source, whether commercial or otherwise," he says. "If threat actors can do a good job of faking that, they have a better chance of getting a victim to download their package and then not give it as close of an inspection as they should."

**GitHub, WhatsApp, What's Next?**

VulnCheck contacted GitHub about the project hosting the fake exploit, and the page was taken down. A day later, however, the same group created a similar page advertising a WhatsApp zero-day exploit, VulnCheck's researchers stated in the advisory. That pattern continued, and each time the company notified GitHub of a new page, it was removed but a new project page would appear. Pages offering a purported Microsoft Exchange remote code execution (RCE) bug, a Discord zero-day RCE, and others continued the cat-and-mouse game, the company stated.

In each case, instead of an exploit, a Python file in the repository would — if run by the target — download an operating-system-specific binary. While most antivirus programs detected the Windows malware that the Python script loaded, only three of the 62 Linux host-based scanners detected that binary, VulnCheck stated.

The threat actor used a variety of social media profiles to push out links to the pages. While the technique has been used as a way to convince software developers to download vulnerable or malicious components as a way of infecting the supply chain, this attack seems more likely to gain access to security professionals' own research, Vu says.

"Security researchers and testers usually have their own research, and if I were going after security researchers this way, I would be looking to obtain their cache of real zero-day exploits, and any kind of corporate IP that they might have access to," he says.

**Not the Sharpest Tool in the Toolbox**

While companies should always educate their developers about the risks that come with online code and how to best vet projects and unknown developers to determine if they are legitimate, researchers need to learn to be wary too, says Erich Kron, security awareness advocate at KnowBe4.

"Running code that others have written, especially when available in free and open websites such as GitHub, always carries some risk," he said. "In this case, researchers looking at the code may even assume that the malicious parts are simply a piece of these zero days being disclosed, when in fact it's designed to infect their own systems."

For most security researchers, a little due diligence will go a long way. A little research would likely discover that the company behind the "security research" has no track record, and that the researchers have no history in the industry, says Vulcan Cyber's Parkin.

"If a package just appeared out of nowhere, and the developers all seem to be new on the scene? Red flags," he says. "The sad thing is that this will have some negative impact on newly active researchers who may not have any history yet, but it's also easy to tell the difference between someone who doesn't have a history because they're just getting started and someone who has no history because they don't exist."

Attackers Create Synthetic Security Researchers to Steal IP

Purle Devloper Panel version 1.0 suffers from an insecure direct object reference vulnerability that allows an unauthenticated user to update passwords.

    ====================================================================================================================================| # Title     : Purle Devloper Panel ver 1.0 Unauthorized administrative access Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : http://www.njmweb.we.bs/Purple10/PURPLEV10.zip                                                                     |  | # Dork      : "Purle Devloper Panel"                                                                                             |====================================================================================================================================poc :[+] an unauthenticated access allow you to update password.[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /user_update.php[+] https://127.0.0.1/purple.iprebrandsapp/user_update.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Purle Devloper Panel 1.0 Insecure Direct Object Reference

Red Hat Security Advisory 2023-3565-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3565-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3565  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEk9zjgjWX9erEAQiIhA//XFsAGpWoG3HVGDfk5RrXIQ07z8vPDFC8  
Re4usAqE3m+v1CxbRi/5L8zBTtpo7JQXmImIR5+7o+a3YMG6Edgiw0o+tYhtVGaM  
PWSzuhSaR+ah6Rwa9EtnTxWfCSr71fi6AnJQKAV5IehfVYhulppd2okzHWtKp4mv  
KiwfbYInO/hQTajzJ05nSebCzU25KkhDi2ZvoXxb2l+9qtde0L0WCtVll7HeqXkI  
/nW4ex1Rn7bbZmbt9vYktD9+iPikri4+7QDcVmL17Bf5aJ8bKItvqBxyOz9j2Pwk  
ynXNurKagD4BI0eqwF/nDzX1N0FY0Iu8cZJB+N445MbpiUIpp0jVEp2ogNm6dzfV  
yuTgLuzPWQHEtPpD5j5P8Fvwd/XRgJXeanMZVeEoXrCfnLGQe2FR6bdLsUNzl5JP  
i6iCpNpgunkFUXVH0LmTQnAP3JHtLMRPfUA/rDrI5Vfz+/WdshWWV00a+VNIH1vu  
/JpQfpZdK/TM55vse5IRvPBnmdL2Bw9+Vpr2TbWSlVKMbyoEi6OCJ69ftyUAVbzo  
myI4a9b92EuFasfVARmnQAraPaEe/X87Ct5eYp7BFSfnkkhlvefIJ5erY7xXu1Ov  
xI46V207c6eeWNs5k19g16LB2fSORkk13RKED8ztiuv693gf8q35/HLSf1KC7vQX  
qT0uUNcoyZM=  
=SmEz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3565-01

Red Hat Security Advisory 2023-3564-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3564-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3564  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.12.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEkdzjgjWX9erEAQh2LQ/9ExmysHlF6ZaYlOozLC2neD48CLJINWUp  
A/1uMaP4Cxf4Lb5rjZgSo0kcJPborjnnzKnMeTGlD3WovGxKqVP5zz1Ez0dbIm7i  
TvFtXDtRrAXMUXmvJy2BYiN2JN7/HnOKxdTce7d0dTmBtOW/PnPF2lfC69XL5f1k  
du7Bdq/rC3913OUo3zFMmQwcS3035zZITvXTAUk26eW2cnF3gJbLOlMfO7crbvfJ  
fympJ/w2llpG4h1AzHc1OpVYyObneL9T6b1PFTx6xJMmkCrWhh3iiXKBpj+b5WXW  
FBx/k2usAjvS6S0GEC3rl6dQBtvKjekpfiDuQiaj/lyLMBt4K/RHl36S83/wpRGA  
Tvn2v9cw/FLXQefOCWRtkkUuMxgdQpRSxMWAM+zNCk6Y0Y5SAbZr1k7xJXcPQlI+  
8jzJ4nIP2i6oaDpIFcD3tDLWsxDg/1WOHyqfetQPTgAi5KNe7lRpHTdbXTDf483b  
UlEUrtnIPPHExXuu91bBcZWYEJKKDyFTUK4iHbk/raAh0p4qHI4kd+rjmR0zlfW7  
zkWVZow/F/P//S0d7XhLbwnU6lVHU5DzpLNnGIzRnrjcFJsoRJQP6Vs6sJNhH/IW  
4SQaIRRAJo694SIUf+aOJdoQrmklfFcG23otVJ6IthQXOCj7sPpc085znS7hBeVx  
gVZZeq1j/Pw=  
=4cSm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3564-01

projectSend version r1605 suffers from a persistent cross site scripting vulnerability.

    Exploit Title: projectSend r1605 - Stored XSSApplication: projectSendVersion: r1605Bugs:  Stored XssTechnology: PHPVendor URL: https://www.projectsend.org/Software Link: https://www.projectsend.org/Date of found: 11-06-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================1. Login as admin2. Go to Custom Html/Css/Js (http://localhost/custom-assets.php)3. Go to new JS (http://localhost/custom-assets-add.php?language=js)4. Set content as  alert("xss"); and set public 5. And Save6. Go to http://localhost (logout)payload: alert("xss")POST /custom-assets-add.php HTTP/1.1Host: localhostContent-Length: 171Cache-Control: max-age=0sec-ch-ua: "Chromium";v="113", "Not-A.Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.127 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/custom-assets-add.php?language=jsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: log_download_started=false; PHPSESSID=7j8g8u9t7khb259ci4fvareg2lConnection: closecsrf_token=222b49c5c4a1755c451637f17ef3e7ea8bb5b6ee616293bd73d15d0e608d9dab&language=js&title=test&content=alert%28%22XSS%22%29%3B&enabled=on&location=public&position=head

projectSend r1605 Cross Site Scripting

An updated version of an Android remote access trojan dubbed GravityRAT has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022.
"Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files," ESET researcher Lukáš Štefanko said in a new report published today.
"The

Mobile Security / Privacy

An updated version of an Android remote access trojan dubbed **GravityRAT** has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022.

"Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files," ESET researcher Lukáš Štefanko said in a new report published today.

"The malicious apps also provide legitimate chat functionality based on the open-source OMEMO Instant Messenger app."

GravityRAT is the name given to a cross-platform malware that's capable of targeting Windows, Android, and macOS devices. The Slovak cybersecurity firm is tracking the activity under the name SpaceCobra.

The threat actor is suspected to be based in Pakistan, with recent attacks involving GravityRAT targeting military personnel in India and among the Pakistan Air Force by camouflaging it as cloud storage and entertainment apps, as disclosed by Meta last month.

The use of chat apps as a lure to distribute the malware was previously highlighted in November 2021 by Cyble, which analyzed a sample named "SoSafe Chat" that was uploaded to the VirusTotal database from India.

The chat apps, while not available on Google Play, are distributed through rogue websites promoting free messaging services: bingechat\[.\]net and chatico\[.\]co\[.\]uk.

"This group used fictitious personas — posing as recruiters for both legitimate and fake defense companies and governments, military personnel, journalists, and women looking to make a romantic connection — in an attempt to build trust with the people they targeted," Meta said in its Quarterly Adversarial Threat Report.

The modus operandi suggests that potential targets are contacted on Facebook and Instagram with the goal of tricking them into clicking on the links and downloading the malicious apps.

GravityRAT, like most Android backdoors, requests for intrusive permissions under the garb of a seemingly legitimate app to harvest sensitive information such as contacts, SMSes, call logs, files, location data, and audio recordings without the victim's knowledge.

The captured data is ultimately exfiltrated to a remote server under the threat actor's control. It's worth noting that using the app is conditional on having an account.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

What makes the new version of GravityRAT stand out is its ability to steal WhatsApp backup files and receive instructions from the command-and-control (C2) server to delete call logs, contact lists, and files with particular extensions.

"These are very specific commands that are not typically seen in Android malware," Štefanko pointed out.

The development comes as Android users in Vietnam have been victimized by a new strain of banking cum stealer malware known as HelloTeacher that uses legitimate messaging apps like Viber or Kik as a cover to siphon sensitive data and carry out unauthorized fund transfers by abusing the accessibility services API.

Also discovered by Cyble is a cloud mining scam that "prompts users to download a malicious application to start mining," only to take advantage of its permissions to the accessibility services to gather sensitive information from cryptocurrency wallets and banking apps.

The financial trojan, codenamed Roamer, exemplifies the trend of utilizing phishing websites and Telegram channels as distribution vectors, thereby effectively widening the potential victim pool.

"Users must exercise caution and refrain from following suspicious cryptocurrency mining channels on platforms like Telegram, as these channels can lead to substantial financial losses and compromise sensitive personal data," Cyble said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#sap