Debian Linux Security Advisory 5773-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5773-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonSeptember 19, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-8904 CVE-2024-8905 CVE-2024-8906 CVE-2024-8907                  CVE-2024-8908 CVE-2024-8909Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.58-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbsT+kACgkQZF0CR8NudjcBZxAAr/rpFak7qXGy0AqnX3BLhQEpL3h/hsb4sa4OvOVnsENKrGNgg6+3FNDH8kVjz/IPo6BNKoPa0WFZoq5ENwm9ZkpjToEWM5tRWwqxQyhuZ6n8WzNljc4p5d17k2e0VtPbBR6Z8ICoNhu8iEaX1r2rqqfUciMd6G42+sUPEUkj+We9YWrjt00+nPA9ZGdG9AYml5Zu5+jG5OJJtT9x2I9l1NPbPb8RB5VlGVSyn2lgbr5moLc4t7dbK8LZPQmtjvFpCtkAmcj+bedAGXBio03vJTQJpfednmAOzpZbl1oWoO4opDhRJxPc7MUG/1wWKK+k7e2NR/7TYwSMrKm7fM9tlNTx0Zvzi86Nlrqhx6y6PCdXB1RjaSqtAk732bSIAD/eULqRw0ZeJfUruzUAOmreX1E6JeLbsRUbc6R5pjn9GauVNKcfIxVqXqhf/XcrpUpEqrZ9K71zc2SFQUCC5qxW5rANdZhYm3FV4r9NfTPurEcdDSSr6wZTOfc1Rw1GN6VdX3YLPHEfRvX10RmipzaoMleeHAsSQUF9SpQ9O+m8Ckd1ReZAoJyGXU6wtEQ67sNKNYzkxHL4/H6CE6Fg/i610vXhydqd8Y6b7Sg0CiKjwD+UdaqggoiqMMg+32woZxugNYGC1FqYqoHmA/V2QCZq/pYqUS6x5qHjSUkmPvwLJrU==vXjE-----END PGP SIGNATURE-----

Debian Security Advisory 5773-1

Taskhub version 3.0.3 suffers from an ignored default credential vulnerability.

**Taskhub 3.0.3 Insecure Settings**

Posted Sep 20, 2024

Authored by indoushka

Taskhub version 3.0.3 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 7505071b9896db1b7f4f5cd911d9d07b06247bd94dbf46777a4481d4b83f1ddd

Download | Favorite | View

**Taskhub 3.0.3 Insecure Settings**

    =============================================================================================================================================| # Title     : Taskhub v3.0.3 Insecure Settings Vulnerability                                                                              || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874                                            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 12345678[+] https://www/127.0.0.1/tasks.octalfoxcom/auth/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,862)
*   Arbitrary (17,077)
*   BBS (2,859)
*   Bypass (1,923)
*   CGI (1,047)
*   Code Execution (7,902)
*   Conference (692)
*   Cracker (845)
*   CSRF (3,427)
*   DoS (25,263)
*   Encryption (2,395)
*   Exploit (54,266)
*   File Inclusion (4,274)
*   File Upload (1,017)
*   Firewall (822)
*   Info Disclosure (2,916)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,281)
*   Local (14,850)
*   Magazine (587)
*   Overflow (13,223)
*   Perl (1,435)
*   PHP (5,271)
*   Proof of Concept (2,411)
*   Protocol (3,749)
*   Python (1,660)
*   Remote (31,888)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (642)
*   Scanner (1,658)
*   Security Tool (8,048)
*   Shell (3,305)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,725)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,092)
*   Web (10,138)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,301)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,114)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,124)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (389)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,237)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,845)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,852)
*   UNIX (9,456)
*   UnixWare (188)
*   Windows (6,772)
*   Other

Taskhub 3.0.3 Insecure Settings

Debian Linux Security Advisory 5772-1 - Yufan You discovered that Libreoffice's handling of documents based on ZIP archives was susceptible to spoofing attacks when the repair mode attempts to address a malformed archive structure.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5772-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
September 17, 2024                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : libreoffice  
CVE ID         : CVE-2024-7788

Yufan You discovered that Libreoffice's handling of documents based on  
ZIP archives was suspectible to spoofing attacks when the repair mode  
attempts to address a malformed archive structure.

For additional information please refer to  
https://www.libreoffice.org/about-us/security/advisories/cve-2024-7788/

For the stable distribution (bookworm), this problem has been fixed in  
version 4:7.4.7-1+deb12u5.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp7VsACgkQEMKTtsN8  
TjY20RAAuJuPyqB0ViM2E/MxqoqTFSzbC9q7XH/5txXMdAQhpxv1HioaiITMFyai  
auAPQTPJcanGdEi2QUwyS8woKXbUJQfCvwKBfUcBD7F8urAB6xeCWV2tHwW1HnI5  
Af169qwqGQ1gU/pSEmatW5BmFB1fGtsaZGuCFWPOiZ8LUgm9RWRxjqZRqsM4N8Ie  
/TIGpHwhoi6gKi04Yq10i7uWeR9YAVSADCljKEIuwUfsV23QGxBnhmLjnSj+d7x1  
uh+CiZdRCS2Z8EYtVhkwS4C9D2vT1Tyj8WktQn2QUG85PAkjjvtuEOxhHY65TOkV  
RXZh7rW7hDF6AYL/wzFvIPFyXg76T5NSqxXiU+P+dqYlMPRgHJG6fLepRZ58V9JP  
LZ4FW13h16t6yeXLg5xiRxviZxczhA8zHZYXXSlyUzB1e+qn2UIg3/qydDiqKlH7  
e3HczIUEU3U+FJ5py9oadsRnZoMS7ZpLN91KYakV62yTcfLTDeBhOM4p04qNoluJ  
thd/egrNaOZNyUknxZHbvC/qcY3T5FIMQcwM3Yg0rlpSKUs69Yiqag8cOYI2JmLl  
peFr8i3xQcPyCsZl2NwkVLVXeiFS4gPYwmv00J+p7C3vnHMk1+MVyry3oZeXWL5X  
ffDlL/Y/6/Ht9hdwC1N79FmDbdNwZ+iEspZYTaeDhOCvfQ0bU9Q=  
=ZHJC  
-----END PGP SIGNATURE-----

Debian Security Advisory 5772-1

Debian Linux Security Advisory 5771-1 - Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5771-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 17, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php-twigCVE ID         : CVE-2024-45411Fabien Potencier discovered that under some conditions the sandboxmechanism of Twig, a template engine for PHP, could by bypassed.For the stable distribution (bookworm), this problem has been fixed inversion 3.5.1-1+deb12u1.We recommend that you upgrade your php-twig packages.For the detailed security status of php-twig please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php-twigFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6wEACgkQEMKTtsN8TjbMmw/9EQoKouvCA3UV7O8WQPnfbILtLGGR4ezpswEqDtV1BRJTtGsa0BL5P4RY7ut8k9pLs/yyUtAjzk5CwikchUFaOYyK8ZHlHugOj3QC2AtdyP8WEqeM226rIqUbTUdO1wcpzVTN4HTl4pKbHYRYNGa8O16sDQsiM805zdauLnbM+LJJpBmoaok6dcg9cNHQ0nUinMoFPU2f2Ap2tDzre+r1CJ8tNajEhD8FZFSXX+50hgooS6hSBA4yATNaMrOYuXetNgG+hF+7LI5zJnERLhzCFiqNc0Kx3G9YWhUNAsIkURB5PIyUQf1Oi4hriUfRGY1MuR7qhCZiDJF3PJxX99eRAijO8wx+pm0FqD8lhQE6X2yniCEY0Nv4ofWX5VAoG7MnZXbFnYGlmoAcqs3BjlYLCX9p11fkfZpOfFyuOyEYVMNJbf8wYB0PIyfzbcf9PiBkV2HdawCUmZEqo4MKJ1/4RpLMk28VZbbD4vGlldGSG9gjSG+r2gfqHKayVvfmp/N0gWaD3H0PQ8NZdXWidqrdy4SmeFLclNC0gYC9XqVe6Xa1PgDgRNw4mdqxuI68/orZeQC3eeXSEjhk41iXDRaWZMG5PFIXAubpFnRrnje+uIl1xNP99w8y/qLRFOWHOYo9//0j6/ohNxJEX44l9zbIphiO8ljPUYu4Ai2eozwdxFE==WH+j-----END PGP SIGNATURE-----

Debian Security Advisory 5771-1

Debian Linux Security Advisory 5770-1 - Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5770-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 17, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : expatCVE ID         : CVE-2024-45490 CVE-2024-45491 CVE-2024-45492Shang-Hung Wan discovered multiple vulnerabilities in the ExpatXML parsing C library, which could result in denial of service orpotentially the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 2.5.0-1+deb12u1.We recommend that you upgrade your expat packages.For the detailed security status of expat please refer toits security tracker page at:https://security-tracker.debian.org/tracker/expatFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6EIACgkQEMKTtsN8Tjb+0hAAsAHl9didzh1S8vHaLH8P8I1XT0302RGP1N6r4BKvjEozuTKml28F3NEK9IplBZXH8GM6tnF1/gRJf5Dp4YsL7H+nYUjbkZEdLM2TztRoy4wnITxUwqQ7q1ly/bWMuyaoUn9jZu6SA+yEL68DtbXpFbs8IAOE3kqPsbcWvJ7O7LU3Ajjw5aWYwxV0kdVyI67rBkfWAdyFRjlkxF62+ieR9sjpKNDKK1nmO+I8eEF5E/WOXsfPlzcKwax2mMhisTscEIvaBSKCaQICCojYbvju8KW8B+NsJMsyRbPoimTyzE2n4VBk0ZNHjv+wsIddwdgzXpWHHRbVtl6zjiZvzxUtphp6tHstxoW8YZQKkQiwqqlpONqXKWG1yR0opltUr7JjTylDo41M21yK/WizdxFkdrUJi4drKTONekvbhUEaTLaoR/ywYi0Za7T0sUguAJk25id2px3LdTvMhQywTNmL103LkFfq1WIXL9x+yzYdKos8P3qu9DIaIqmsR4dy2xMhiJwVyQXi74Tte9h5n6FXET1Z8MoyxFOVI6SQ5FBXJMmL48r6Uwhb09tHZL2VNUequSC2L4uGozFFaHvr3M606srokRbo18XvNTNUvApJjAFt/WTnOjKUDuJM08PjLw6brD/XBR6p/NKX8vMQmmXClyKwB97SG1MYu/MfdJK/7wQ==bEe8-----END PGP SIGNATURE-----

Debian Security Advisory 5770-1

Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5769-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoSeptember 13, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gitCVE ID         : CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2024-32002                 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465Debian Bug     : 1034835 1071160Multiple issues were found in Git, a fast, scalable, distributedrevision control system, which may result in file overwrites outside therepository, arbitrary configuration injection or arbitrary codeexecution.For the stable distribution (bookworm), these problems have been fixed inversion 1:2.39.5-0+deb12u1.We recommend that you upgrade your git packages.For the detailed security status of git please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/gitFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbklgFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QD9RAAiN4YarOU7lbe6MnW4vRpz1qJA4ph8WgtqRs5GKgMUBOPcLCCqDim/9Ylvib6iaH/8WW5Rh9TDXY5BuWZ/Ek5zU9oDcde2E3r4VUJDKdSICjyBpooc5iLsJpTjh8lHio+UjrNqBqoLAtyarCsj1muvO8l/f96O6qotP/wUJVqZfAyCpHFeeApzj7MdXWNt/j5YBSiu7dwZY+p0E1cKwGglJtZnUCcyJaelnLd6Igu2Lq+4OvuhqWhsmeEaDauOY43WA7Qwpu814XJG9lrMAyWZJFWnT/NEGYi0dm2vhbZzoS4V/WvCmtfyrCJlkXzKgG737YMpI99T7eP75BhSF6dw8aC5HCT6cG5Gv1apEhVC2hMIVot3ZVL/7ojml972rjltmMMgILStR7N9JWrDqXPpn8SWslwjMLfxHslZzG3YGJV5ihXtvefWafH7c0X7WVT1yTdE1FrTOnCIUfPc/J+jEXMWNd+vsV3aHdVVdZoHj8bDso47CZqMYwTa2Q0opuv+4CDnuG1wUZzv4ap1w21C36tSwIZ1u8CEMhyYzdZV7TUf/0XsDNsms2ewRNmEWXHGvxsw1+wdTpFeb9iahoGTfcDPq3gdr4W74yRn5ZryREu6G2C0zGMaPkfyjGcnDiHTGsET2qxX5Je0iTsLraWbLAB0iyHmABzsDCn/pJc7lE==iG6s-----END PGP SIGNATURE-----

Debian Security Advisory 5769-1

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

**IFSC Code Finder Portal 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4c8714f261d6bcdc7f5ee89b4f1473342ced816a03f174b9a8bc607a329616e0

Download | Favorite | View

**IFSC Code Finder Portal 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : IFSC Code Finder Portal v1.0 Insecure Settings Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/ifsc-code-finder-project-using-php/                                                                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = Test@123[+] http://127.0.0.1/ifscfinder/admin/login.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

IFSC Code Finder Portal 1.0 Insecure Settings

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

**GYM Management System 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 5ee11f413d4f6dbbb71c2d782424145f8284d96790518d7c0e3923c5bd409844

Download | Favorite | View

**GYM Management System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : GYM Management System 1.0 Insecure Settings Vulnerability                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/gym-management-system-using-php-and-mysql/                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin@gmail.com      Password: Test@123[+] http://127.0.0.1/agms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

GYM Management System 1.0 Insecure Settings

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

**Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling**

Posted Sep 13, 2024

Authored by indoushka

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

tags | exploit

SHA-256 | 4c0788f43b5ea94beac369a15563afe012375eb20121975b115510c93def998e

Download | Favorite | View

**Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling**

    ====================================================================================================================================| # Title     : Beauty Parlour & Saloon Management System 1.1 Insecure Cookie Handling Vulnerability                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The default username is admin & The chosen password is user123[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] Refresh the page http://127.0.0.1/studentms/admin/login.php or go to http://127.0.0.1/studentms/admin/dashboard.php Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,753)
*   Arbitrary (17,058)
*   BBS (2,859)
*   Bypass (1,912)
*   CGI (1,047)
*   Code Execution (7,889)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,422)
*   DoS (25,235)
*   Encryption (2,394)
*   Exploit (54,198)
*   File Inclusion (4,273)
*   File Upload (1,011)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,270)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,406)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,853)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,711)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,063)
*   Web (10,135)
*   Whitepaper (3,783)
*   x86 (970)
*   XSS (18,289)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,119)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,136)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,775)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling

Debian Linux Security Advisory 5768-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5768-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonSeptember 11, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-8636 CVE-2024-8637 CVE-2024-8638 CVE-2024-8639Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 128.0.6613.137-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbiEqwACgkQZF0CR8Nudjd2Pw/9F1tKhXrjmZYdVSLTqsp4FX9J/9cvJH9UP2SmHt3uvmc9cRWJhMNCFZ3mNz8R7Du5yamK+e1lQilcspA9JjEHdD57JWqKu4lk+gXgT3WNwf4QcOJESfcyh8rBoznoXLceYZQ0skK1Szf2QY8v/qOssnpdH815AcFyWrSxY4Jr6am7Ya+cLS9d9Yf5AgfcFmc3JNzL3Wdf8CZojp6VctSvpbc/fCLCVf3+i/x57DUuPFme00UYXSWO7Cm/ZxIyNvRoEF9h4/BEUt83l9bBhWjpbvAKQxSMdtFqhoY0DauThAOzcqadymnl40PgAZ+Re3Y0gxx3h8MFCTx+E/C6QaqLrSyySALxrZRt73Yh4kt2iZLc7N7hXiFz41SOJ8YQP+BlkLb4tLv0AMpTPFdrVA3iKRrHnIJAyfI3pd5FHcujd2e8BcEk582fEtQy8WCJt2KqZv56+Taz/YWKEnRG0hB40iqShcHwPj9SZCGU7eweT+/od/UPOazDeM1m2ecMgVWQieDhFTBIpmc2/m2F+N+DUz3lIK/7q1PzKrhQ5IQqDQsxlEzi914OZoKj8DN1tog4DcmHu4kdiD2kFVA4c3Vyer/KLlVC9vF1mDP52ZSDWfaPJJuD9yEkEHpHowj8giZZOCQ8nfiXPa+hEFgiWFi2OoTXbcIePifAfnDhT7tiZm0==AWwj-----END PGP SIGNATURE-----

Tag

#debian