Debian Linux Security Advisory 5783-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5783-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
October 04, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2024-9392 CVE-2024-9393 CVE-2024-9394 CVE-2024-9401

Multiple security issues have been found in the Mozilla Firefox  
web browser, which could potentially result in the execution  
of arbitrary code.

Debian follows the extended support releases (ESR) of Firefox.  
Starting with this update we're now following the 128.x releases.

Between 115.x and 128.x, Firefox has seen a number of feature  
updates. For more information please refer to  
https://www.mozilla.org/en-US/firefox/128.0esr/releasenotes/

For the stable distribution (bookworm), these problems have been fixed in  
version 128.3.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcANaYACgkQEMKTtsN8  
TjbVTxAAiGB8YD+VvINzF3/vvN1QMf5RT0QqmEtawGI+SWCWClfzT1zqPTvKDNId  
vAo5r/h1GsGNP+GwEqQu3GTn6GUsX6lzXidxtt3OCleWDzPIZCcFEJLRkvyzus0n  
cERDOEw77EQ63gQcduJvCt0ZClOVzaOgY+9m8IdkZK+n7WPKse/Ey6dI/A+//d5J  
gszktzRrIYNs+09X3yfmeJB1yn3oELNLGiL0KMmJ0Ck2+QToPKIz5wh0jMtirNuV  
pKMdM8sWkqPyKElTvoRvcDMpXW+cySaQyZlDWy2P9JdYJlm6HBHzLNE0TQbtrJmq  
IGK2XABgBn4QtDie+7OJk/QYm3sRpJotIWUrrYp5h3ZYK8p3nBpGKE/OBqNLlERQ  
TJCm8jT+pkHRhk1dJtbH3q30qjv5J0WY58a9GWGshh8JG+itPf/NHyMLE9aKoX+2  
/iDfjU8ENJcGXWBDxW2qu6KX4pkSKEkq5g/3M9Z6GG5Iucnw30On+DWxsTSGT6Ur  
8oIpRkrLL2nTx1FPUSz8cYH0GK7yDWRf4v+uEr93wDZhKkqIEiF+grRvom1s9bti  
ptgA7Thwm3r8dJvDQM01RCeNwRMRrkGBP1l/cWHZ0CBEJqEq3JS93pE7M9PDd/Jr  
MEm86whIZWHq6N3ql0fC1ATrALfvyVvQZFdjXFF5VUu1WbMRpDI=  
=0Mtj  
-----END PGP SIGNATURE-----

Debian Security Advisory 5783-1

Debian Linux Security Advisory 5782-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5782-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 03, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-31083 CVE-2024-27017 CVE-2024-35937 CVE-2024-35943  
                 CVE-2024-35966 CVE-2024-40972 CVE-2024-41016 CVE-2024-41096  
                 CVE-2024-41098 CVE-2024-42228 CVE-2024-42314 CVE-2024-43835  
                 CVE-2024-43859 CVE-2024-43884 CVE-2024-43892 CVE-2024-44931  
                 CVE-2024-44938 CVE-2024-44939 CVE-2024-44940 CVE-2024-44946  
                 CVE-2024-44947 CVE-2024-44974 CVE-2024-44977 CVE-2024-44982  
                 CVE-2024-44983 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987  
                 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991  
                 CVE-2024-44995 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000  
                 CVE-2024-45002 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007  
                 CVE-2024-45008 CVE-2024-45009 CVE-2024-45010 CVE-2024-45011  
                 CVE-2024-45016 CVE-2024-45018 CVE-2024-45019 CVE-2024-45021  
                 CVE-2024-45022 CVE-2024-45025 CVE-2024-45026 CVE-2024-45028  
                 CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675  
                 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685  
                 CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702  
                 CVE-2024-46707 CVE-2024-46711 CVE-2024-46713 CVE-2024-46714  
                 CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719  
                 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723  
                 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46731  
                 CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737  
                 CVE-2024-46738 CVE-2024-46739 CVE-2024-46740 CVE-2024-46743  
                 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747  
                 CVE-2024-46750 CVE-2024-46752 CVE-2024-46755 CVE-2024-46756  
                 CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761  
                 CVE-2024-46763 CVE-2024-46770 CVE-2024-46771 CVE-2024-46773  
                 CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46782  
                 CVE-2024-46783 CVE-2024-46784 CVE-2024-46791 CVE-2024-46794  
                 CVE-2024-46795 CVE-2024-46798 CVE-2024-46800 CVE-2024-46802  
                 CVE-2024-46804 CVE-2024-46805 CVE-2024-46807 CVE-2024-46810  
                 CVE-2024-46812 CVE-2024-46814 CVE-2024-46815 CVE-2024-46817  
                 CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46822  
                 CVE-2024-46826 CVE-2024-46828 CVE-2024-46829 CVE-2024-46830  
                 CVE-2024-46832 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840  
                 CVE-2024-46844 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849  
                 CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855  
                 CVE-2024-46857 CVE-2024-46858 CVE-2024-46859 CVE-2024-46865

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.112-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmb+5rNfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Qe8Q/+NKIdMggBJxg+LefsFD2RDncuEOQMKMIpBMFmm7VsrGln85jOptgfZNgY  
6ytef8apSEw4MvwJ4TwlRDtNmAkwTauWd9cDx49BlDupZpdBGidWUW7RbombbihU  
UXSpRMsm/lsXyPF2Llgmo18DeEOfyrGyQfXHWYxRjjNNPRZvxpgXZnntENijYy0y  
e7ngYxVR6VwT2SDndICNLgJTZ+WGOHOD6DcrXvpwcHbcpCgFYrP1Iqe3gjbTX0VV  
Vcv417x40HfBBPxLtAFYZNDo6/Zgfxugeo/LQVMmXXFjLCJFswxukQt9CWSSKNzV  
0EsmgAn0C1xyq76sgCo49wKyfRlsoC4sH5sjRdod2bisY7PJK/DqKMK3nKg+zN0w  
GMbgb6a8Th93QuOkBuAm5gEclsPB0m35ZxSKNKZD+CKMBVYLB1OexI9v1dkTzRM/  
TP76yVltGmbECnI1ip+JSKYAgHwLgMfxEu2XNwFeVgIcES2CreD8LMXq3MstKyLB  
pwN6VRJ4n9vpW/xUxJcdFOpgvsYLs7xOcoXk6TEInwx0NhQBNj7eC4J2dbtN+g0c  
m349ryE+rZlPscH2vP0fzwXNfZemLb/KlZhhxraBW7dKOuHSJ+UHV3Hul9QTXzmD  
HtZRwbU6DfqqzS/1JKxfLA1oVLI98JiDicOJyBwdtKjJu9M1CRY=  
=J2U0  
-----END PGP SIGNATURE-----

Debian Security Advisory 5782-1

Debian Linux Security Advisory 5781-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5781-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 03, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-7025 CVE-2024-9369 CVE-2024-9370Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.89-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmb+VpEACgkQZF0CR8NudjcrIBAAvzzNE73GYxK9O94ezzRCwoQ9+63+b//jaehANfSl4yhHdZfGpg2WuR2SBjtFUMc92gFUzrvtgKe/+gg5kY4r02YZkyZNEHsh5b5VjLBKjfMk4f+RnnEujqEFB1EDeBMbyRfMoi3dHlij4Gb4x+gpuxBJkoBa5DCnu3RD/KGWVMNw7AdDH2XUprGZ56qxzIdXIggj23baFwd3ms6aPpKVufB+RYvyj8qr+uIo1pyRdHZGjeZmbxwGLGA7R8VOfBJ4hj7bn63aNANYbgm5nzSYz7onmLhHIxlmGonDU2lsr34Kl9dViHz5peoMtlSfv9/zLaHXmJUEmXXL8Vf3jm975hcYSaWWggvnMVysWljSAbPuLloLISATzdLGDeHPtJDqX+Y9XjN2UZ1sJHRGRog5iZBPwj6H4QN8quGoGY9JxBlL3FOmgmMafZkUncEAKitpahtEMEsmayMl3iePHIulOUdOCVpnrGgaa1Lc0yAkR1VomlMrjrE2FB28y+dh4MiaERxMnO7EfSSRQ0nTD55iBzpdn3dRIDErqfMFyWSAfCDvPGhcRYU0vQaKysujrg+pUldkpIMPLnZvyytQFH6A9lYth9NBdAgMc1IN86BEyUXGcUTIO4FdQE+9QsWC3p7Iji/XK0WvEmXNjYe1M7zDFELRFxdhW6qVX9Xx2N+pTpM==V9OV-----END PGP SIGNATURE-----

Debian Security Advisory 5781-1

dizqueTV version 1.5.3 suffers from a remote code execution vulnerability.

**dizqueTV 1.5.3 Remote Code Execution**

Posted Oct 3, 2024

Authored by Ahmed Said Saud Al-Busaidi

dizqueTV version 1.5.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution

SHA-256 | b18cb14167c97952ef1684789d6a48b83e5c1338a0677edc0b3eaef195497b45

Download | Favorite | View

**dizqueTV 1.5.3 Remote Code Execution**

    # Exploit Title: dizqueTV 1.5.3 - Remote Code Execution (RCE)# Date: 9/21/2024# Exploit Author: Ahmed Said Saud Al-Busaidi# Vendor Homepage: https://github.com/vexorian/dizquetv# Version: 1.5.3# Tested on: linuxPOC:## Vulnerability DescriptiondizqueTV 1.5.3 is vulnerable to unauthorized remote code execution from attackers.## STEPS TO REPRODUCE1. go to http://localhost/#!/settings 2. now go to ffmpeg settings and change the FFMPEG Executable Path to: "; cat /etc/passwd && echo 'poc'"3. click on update4. now visit http://localhost/#!/version or click on version and you should see the content of /etc/passwd

**File Tags**

*   ActiveX (933)
*   Advisory (87,037)
*   Arbitrary (17,123)
*   BBS (2,859)
*   Bypass (1,932)
*   CGI (1,049)
*   Code Execution (7,927)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,438)
*   DoS (25,312)
*   Encryption (2,395)
*   Exploit (54,379)
*   File Inclusion (4,278)
*   File Upload (1,026)
*   Firewall (822)
*   Info Disclosure (2,927)
*   Intrusion Detection (921)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,313)
*   Local (14,866)
*   Magazine (587)
*   Overflow (13,229)
*   Perl (1,435)
*   PHP (5,293)
*   Proof of Concept (2,415)
*   Protocol (3,753)
*   Python (1,664)
*   Remote (31,931)
*   Root (3,674)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,660)
*   Security Tool (8,055)
*   Shell (3,310)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,739)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,135)
*   Web (10,147)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,308)
*   Other

**File Archives**

*   October 2024
*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,132)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,599)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,415)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,936)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,896)
*   UNIX (9,464)
*   UnixWare (188)
*   Windows (6,782)
*   Other

dizqueTV 1.5.3 Remote Code Execution

Debian Linux Security Advisory 5780-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5780-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 02, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php8.2CVE ID         : CVE-2024-8925 CVE-2024-8926 CVE-2024-8927Multiple security issues were found in PHP, a widely-used open sourcegeneral purpose scripting language which could result in incorrectparsing of multipart/form-data, bypass of the cgi.force_direct directiveor incorrect logging.For the stable distribution (bookworm), these problems have been fixed inversion 8.2.24-1~deb12u1.We recommend that you upgrade your php8.2 packages.For the detailed security status of php8.2 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php8.2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmb9q3oACgkQEMKTtsN8TjZ4oA/+Nl36uyLTq/85ouNISRwFOBJ66HUlPr/wkb8OQHNjHZiWFRfinFlR3nzwtIl8P8Te8NthAc/N8S87Qjq/mgtpSioVJyXQ+e+oILAubxP5BTwAMdiwPcBbeWdMKJNMNTWdgUJvt6ds8AZm2+Cvr/utWe6R0FzxKEiHDk5EhnYZxyrh9rPYAtzq12padBmy2d8PFMyCnBhdniK/vz6Icnx+qmRKChwau9YRXLh5gxxR19bTRw6yfq0xwtbGg3Cg/0XnsB03/5iKq4QS9bsP8q9rmqjb9E1DQNBxKyneCC7iDWOpQBo7UgPJKCyVQ+R4wu0s0I5Jz7aCMFq75FLjy1MwnhSxJ4hMPx+ouWj7J7hWGZxv+nVPzBHrB9N9IGLeisKIMw6mH9H3rZlPZvUgirSJG/wmy5OkWgJA0hN85Xg0nheJ32ohvvvqDTdO+eV7w89eufOB+WehBCLKCtHYtMpQ8f3FVunGKW2xZO811p3+dqgYmb8FmBb53il/Wt7C/RLq2H+QuMjUcQZyHKJyKMmFnd4vW8Z7Jy6uJrFt/WqzvwBv56g3sZ5r+YobHSNuiz6h//WOG+VzKNYvuPVpQzC+KEMSFdi8CE2ldG1OAdCv+rheUj5PxkcwwPnMOjS/JPu+5jwg6Nt59w0HiSIJBIyHjfOG+/O+F8AD1khUIFRi5CM==f6sC-----END PGP SIGNATURE-----

Debian Security Advisory 5780-1

Debian Linux Security Advisory 5779-1 - Simone Margaritelli reported that cups, the Common UNIX Printing System, does not properly sanitize IPP attributes when creating PPD files, which may result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5779-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoSeptember 29, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : cupsCVE ID         : CVE-2024-47175Simone Margaritelli reported that cups, the Common UNIX Printing System,does not properly sanitize IPP attributes when creating PPD files, whichmay result in the execution of arbitrary code.For the stable distribution (bookworm), this problem has been fixed inversion 2.4.2-3+deb12u8.We recommend that you upgrade your cups packages.For the detailed security status of cups please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/cupsFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmb5cQJfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QspA//fRq1YZHhn9UlhgfupxmpK3MHf7XjBl3cttiSkw7mZA+y1CGgUEr4Jxvd8PjkIpsN2xUuKt1Y1iLw79jOU7Vn2VOfJlUSp8ub2aT/wPHt5WnKv4/77xqS/aa+mTa2wHQWWeDssfeF67Z1rYnPk9s6cYvXhKLyAuLTLLOWq+6NWQ6ZmuXqBzmxD7rrOxBBU9rNZsp07AE6jvYmrpvDMYT0Lsy3GvBP/M6BAUF8iMJA38K3J6sR73Zh80TMDOAa8Yp/Svk12kxbjuzWxgPr2sQ/Mb/lpTH+xxxPRVIm9WWUFumPn7j+FqAfIDOieX6/nSMd1kWbSuZyKzLXz2gpVMpU8ge3ypsT9Fa3CdZbXqW6DtrOuCRyQxBKVj0qOhv/qZDIv2eYtGj2wVEphtMWGe8TfW0pFaJPK/WTNdH3xcqyo/OScv0OucW02RjEEGEjD/ErUkRorPkDmTlRIQ4W2e6lcyBYrOkFu2JGHPtnugvohQ3Xc/eEDvdABQp5xZI20F0jl+qljMFFK36qI75eIPQnPEqVfvAG9xmoBgHS4hqIYLi4p14ZaYOci8yW2FHlof2t3TgjH6TJFdH8sp3dGOHCTnKfB+3mq97oipjm6Xoqb8mW2Z0RygvUIS94NFGaFzFKzAlkIssL3Y2VoC9kfrrCe2zhMJ6zRrO5JuXdWapA51E==6Gtg-----END PGP SIGNATURE-----

Debian Security Advisory 5779-1

Debian Linux Security Advisory 5778-1 - Simone Margaritelli reported several vulnerabilities in cups-filters. Missing validation of IPP attributes returned from an IPP server and multiple bugs in the cups-browsed component can result in the execution of arbitrary commands without authentication when a print job is started.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5778-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
September 29, 2024                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : cups-filters  
CVE ID         : CVE-2024-47076 CVE-2024-47176  
Debian Bug     : 1082820 1082827

Simone Margaritelli reported several vulnerabilities in cups-filters.  
Missing validation of IPP attributes returned from an IPP server and  
multiple bugs in the cups-browsed component can result in the execution  
of arbitrary commands without authentication when a print job is  
started.

For the stable distribution (bookworm), these problems have been fixed in  
version 1.28.17-3+deb12u1.

We recommend that you upgrade your cups-filters packages.

For the detailed security status of cups-filters please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/cups-filters

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmb5b6BfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RqGA//VfGe41guaMVg8lIgwu9s3atSUeoUDZRf83XWQ0S6gvpTCG/Bko1KSgj0  
xmzHlmjwFA2Sly5PhiWcqDp59txdXZymdojTXFebuE5MFqxcSLoIpn/vxZT6f3ky  
BdfK4oTXfJ5Au+KgRF+jC9zGiKgkMJfaCaf2PPFwan/4nXLYw/GIkvnYAecjGgEQ  
KjuzUgkItBVaGVeaInMISwfSISQFrMK80P7MJyX8ET2b71ijjpReAbfsuOQRaizj  
5dnBXxCAE8l8A5VsZFUT1EK4m3Z7BgKKImnLqDdk61Mz+T7eC4R+Kv+rb5lLBMYK  
pPuBmYlH80U7bK4/TaivuWrX6FdHvtKGFUmQd+YO6rWofwrCTn/8+SlO8ZWOrjKx  
r7UDU7+XTnCu4DI87+7PBcqHEyQTG3CrK/RKblsfw0PP0DFtwJMiipuSjzBmNRZx  
nZppuug7Ks5dljAYGWFrBx2I29Qtj6MD4HeI4JKWoB3r3Xi1gX5vvsav4/r++s9Z  
GvINaqBBIytLjATxLYElCxA74MEmVFNPxUEeEq8xFyPGdnYquJ6xZ6wsy6x+O6Z2  
T4ikIV5+FUA4v/c9JFdMj04dJXXaIfTcxBvYA4CoykdHmMGAw1/rCuucL4zoPMUl  
G03rz0k3/QziqZ6EM/Firbd++RrCo86wBiA10Anmhy7+0kS3TCE=  
=fH4o  
-----END PGP SIGNATURE-----

Debian Security Advisory 5778-1

Debian Linux Security Advisory 5777-1 - It was discovered that the Booth cluster ticket manager failed to correctly validate some authentication hashes.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5777-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
September 27, 2024                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : booth  
CVE ID         : CVE-2024-3049

It was discovered that the Booth cluster ticket manager failed to  
correctly validate some authentication hashes.

For the stable distribution (bookworm), this problem has been fixed in  
version 1.0-283-g9d4029a-2+deb12u1.

We recommend that you upgrade your booth packages.

For the detailed security status of booth please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/booth

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmb22HgACgkQEMKTtsN8  
TjZI6Q//QX5bGCCAzOJDo9KTp8iixUenBrznfyctVZ0pFVKAIP3ENACkW0rMH+Sw  
GBIsIJRCQwdBbSYV1Jn3F2i7wvMby2HUhabMsnorM49lC0ptoz6HZ6iKWcIvZwRF  
vDmFPnCEfVVbGZy+6NkQMNDQb0PzbKtGT70L/E3Iss3Dtpknd97tNu4urJTleSG8  
ZkrM3QkXs/4IPluEYTrnoJHXR7sJ5GyqPBRZnLn7Lwx3bPesN7E7Zz5UClyMr6iO  
teExKLY/Vfjh507818eaVHRcoEDSElZjb//93RzyOuGpUNnwCNKLkwsGIlmsFfmC  
0ikzeO9eDe1y6EvpY7/xAWneoxGnX9CKjcwUVD0Kqq7hHnpxP/506Alp38D07tWn  
s+Yz7SeK4RSIDIzwb0gCLmt22eE6t/3cZxR1RE9qk1hWwuV/YdB8WyYqPz410myN  
JO2IFWg9NzGP5zOWtuyytzOZTEHkLvNp5i4ktIU16Y4tLvstgSnNUoSHImr6YXrC  
hOVWmqvqif3UurHCctHfmZVkjMFmFcKPjOFOQ3TNEuDAT3PtUNGs5aSEVMhtMvUp  
oPYLRVxRYKSqP61rwUoyPlaOB39vtraKdMiTvjm8VNUS655lPB/VOZibVhI8+ym4  
/H7mXtJXBN8LsdVx4+Nnr2wc4ZFtVXUGdyChER8+VmfLDtfwkZk=  
=futv  
-----END PGP SIGNATURE-----

Debian Security Advisory 5777-1

Debian Linux Security Advisory 5776-1 - Albert Cervera discovered two missing authorisation checks in the Tryton application platform.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5776-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 27, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : tryton-serverCVE ID         : not yet availableAlbert Cervera discovered two missing authorisation checks in the Trytonapplication platform.For the stable distribution (bookworm), this problem has been fixed inversion 6.0.29-2+deb12u3.We recommend that you upgrade your tryton-server packages.For the detailed security status of tryton-server please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tryton-serverFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmb22HYACgkQEMKTtsN8TjYf8xAAoc8InqgoBx9Bi6v5l6aDgE/H7d5AukdJFN3Z4Wurua9O/7G1uE7WlFsm6PdTOey1aeFy6EpGIWev98ehGYLJOHDyK270eEgQVAXVVsjnpXtq9L/6lW/5+yEUPJ1jhG21XcDpuuh8QMtBgdCO6NQ/tk7lTbc+4OLsfNayZ6+UBDQMZ0cWnn2YShEVeZlZBm8dMFJYbGyG9Vgqzw1xA4Z9QkYJRqkQfgx+0fdszVHnxmtKBmoSBUOPCIYYRXvn8HG+/qWWf5D9f4q+iYDOcX1gEyieTqayqaeni0Q4vf8XtEt5gqpnou2OIs9EAoRrnyKJt3ZT4hptXlv6jFaK1sIgiBL+myARN535L/BZFQav+QMT5jpClZWglfZF7J29IOkY3uy/eHv+Dd0XUbfqKDVfPVnOkDaHYcBUhyuUkYJ20J7C1Sk41VJGUK9rgL3YkIX9PxZFlx9LUh2NMO+NhqLAPN1E7V2CXLcS34a41NlsEpOGkJ3W+2tuLBvFVYbs9ArnNCAS324J++VPOnL7D3ZH3oa3bqh9VyTban75UgPkkOjY6A53412W3xh1Wig7ZJkYgzLr1LueSTQtzG7dHXPbGaiIZA+oIVhygYJAFkm3nHMOK8vIbL1qzKcdZfRRQGZRPiD9SRoz41IyBwL/55uNCNYQHVEBFaKjqHNp1L+yp/o==a8Sz-----END PGP SIGNATURE-----

Debian Security Advisory 5776-1

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

**Student Management System 1.0 Insecure Cookie Handling**

Posted Sep 30, 2024

Authored by indoushka

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling

SHA-256 | d658fbfc8c6a719141fdd1f2794283b78eab23b21c7970420e8965f026849eba

Download | Favorite | View

**Student Management System 1.0 Insecure Cookie Handling**

    ====================================================================================================================================| # Title     : Student Management System 1.0 Insecure Cookie Handling Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/student-management-system-using-php-and-mysql/                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] The default username is admin & The chosen password is user123[+] http://127.0.0.1/studentms/admin/dashboard.php Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,997)
*   Arbitrary (17,113)
*   BBS (2,859)
*   Bypass (1,932)
*   CGI (1,047)
*   Code Execution (7,925)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,434)
*   DoS (25,304)
*   Encryption (2,395)
*   Exploit (54,342)
*   File Inclusion (4,278)
*   File Upload (1,022)
*   Firewall (822)
*   Info Disclosure (2,924)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,310)
*   Local (14,864)
*   Magazine (587)
*   Overflow (13,228)
*   Perl (1,435)
*   PHP (5,284)
*   Proof of Concept (2,413)
*   Protocol (3,751)
*   Python (1,662)
*   Remote (31,922)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,660)
*   Security Tool (8,052)
*   Shell (3,308)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,738)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,133)
*   Web (10,144)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,306)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,130)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,599)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,374)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,912)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,882)
*   UNIX (9,461)
*   UnixWare (188)
*   Windows (6,780)
*   Other

Tag

#debian