A list of topics we covered in the week of August 5 to August 11 of 2024

August 9, 2024 - Home surveillance provider ADT just announced they suffered a data breach and cybercriminals are already leaking the data

August 6, 2024 - Google has issued security updates for 46 vulnerabilities, including a patch for a remote code execution flaw which has been used in limited targeted attacks.

August 6, 2024 - Men face more pressure—and threats—from significant others to grant access to their personal devices, online accounts, and locations.

August 6, 2024 - Home users are being targeted by a ransomware called Magniber which locks up files and demands money for the key.

August 5, 2024 - A list of topics we covered in the week of July 29 to August 4 of 2024

 A week in security (August 5 &#8211; August 11) 

Security researcher Bill Demirkapi found more than 15,000 hardcoded secrets and 66,000 vulnerable websites—all by searching overlooked data sources.

If you know where to look, plenty of secrets can be found online. Since the fall of 2021, independent security researcher Bill Demirkapi has been building ways to tap into huge data sources, which are often overlooked by researchers, to find masses of security problems. This includes automatically finding developer secrets—such as passwords, API keys, and authentication tokens—that could give cybercriminals access to company systems and the ability to steal data.

Today, at the Defcon security conference in Las Vegas, Demirkapi is unveiling the results of this work, detailing a massive trove of leaked secrets and wider website vulnerabilities. Among at least 15,000 developer secrets hard-coded into software, he found hundreds of username and password details linked to Nebraska’s Supreme Court and its IT systems; the details needed to access Stanford University’s Slack channels; and more than a thousand API keys belonging to OpenAI customers.

A major smartphone manufacturer, customers of a fintech company, and a multibillion-dollar cybersecurity company are counted among the thousands of organizations that inadvertently exposed secrets. As part of his efforts to stem the tide, Demirkapi hacked together a way to automatically get the details revoked, making them useless to any hackers.

In a second strand to the research, Demirkapi also scanned data sources to find 66,000 websites with dangling subdomain issues, making them vulnerable to various attacks including hijacking. Some of the world’s biggest websites, including a development domain owned by The New York Times, had the weaknesses.

While the two security issues he looked into are well-known among researchers, Demirkapi says that turning to unconventional datasets, which are usually reserved for other purposes, allowed thousands of issues to be identified en masse and, if expanded, offers the potential to help protect the web at large. “The goal has been to find ways to discover trivial vulnerability classes at scale,” Demirkapi tells WIRED. “I think that there’s a gap for creative solutions.”

**Spilled Secrets; Vulnerable Websites**

It is relatively trivial for a developer to accidentally include their company’s secrets in software or code. Alon Schindel, the vice president of AI and threat research at the cloud security company Wiz, says there’s a huge variety of secrets that developers can inadvertently hard-code, or expose, throughout the software development pipeline. These can include passwords, encryption keys, API access tokens, cloud provider secrets, and TLS certificates.

“The most acute risk of leaving secrets hard-coded is that if digital authentication credentials and secrets are exposed, they can grant adversaries unauthorized access to a company’s code bases, databases, and other sensitive digital infrastructure,” Schindel says.

The risks are high: Exposed secrets can result in data breaches, hackers breaking into networks, and supply chain attacks, Schindel adds. Previous research in 2019 found thousands of secrets were being leaked on GitHub every day. And while various secret scanning tools exist, these largely are focused on specific targets and not the wider web, Demirkapi says.

During his research, Demirkapi, who first found prominence for his teenage school-hacking exploits five years ago, hunted for these secret keys at scale—as opposed to selecting a company and looking specifically for its secrets. To do this, he turned to VirusTotal, the Google-owned website, which allows developers to upload files—such as apps—and have them scanned for potential malware.

Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All

As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed.
"The Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices,"

Vulnerability / Mobile Security

As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed.

"The Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices," SafeBreach Labs researchers Or Yair and Shmuel Cohen said in a technical report shared with The Hacker News.

"By investigating how the protocol works, we were able to fuzz and identify logic within the Quick Share application for Windows that we could manipulate or bypass."

The result is the discovery of 10 vulnerabilities – nine affecting Quick Share for Windows and one impacting Android – that could be fashioned into an "innovative and unconventional" RCE attack chain to run arbitrary code on Windows hosts. The RCE attack chain has been codenamed **QuickShell**.

The shortcomings span six remote denial-of-service (DoS) flaws, two unauthorized files write bugs each identified in Android and Windows versions of the software, one directory traversal, and one case of forced Wi-Fi connection.

The issues have been addressed in Quick Share version 1.0.1724.0 and later. Google is collectively tracking the flaws under the below two CVE identifiers -

*   **CVE-2024-38271** (CVSS score: 5.9) - A vulnerability that forces a victim to stay connected to a temporary Wi-Fi connection created for sharing

*   **CVE-2024-38272** (CVSS score: 7.1) - A vulnerability that allows an attacker to bypass the accept file dialog on Windows

Quick Share, formerly Nearby Share, is a peer-to-peer file-sharing utility that allows users to transfer photos, videos, documents, audio files or entire folders between Android devices, Chromebooks, and Windows desktops and laptops in close proximity. Both devices must be within 5 m (16 feet) of each other with Bluetooth and Wi-Fi enabled.

In a nutshell, the identified shortcomings could be used to remotely write files into devices without approval, force the Windows app to crash, redirect its traffic to a Wi-Fi access point under an attacker's control, and traverse paths to the user's folder.

But more importantly, the researchers found that the ability to force the target device into connecting to a different Wi-Fi network and create files in the Downloads folder could be combined to initiate a chain of steps that ultimately lead to remote code execution.

The findings, first presented at DEF CON 32 today, are a culmination of a deeper analysis of the Protobuf-based proprietary protocol and the logic that undergirds the system. They are significant not least because they highlight how seemingly harmless known issues could open the door to a successful compromise and could pose serious risks when combined with other flaws.

"This research reveals the security challenges introduced by the complexity of a data-transfer utility attempting to support so many communication protocols and devices," SafeBreach Labs said in a statement. "It also underscores the critical security risks that can be created by chaining seemingly low-risk, known, or unfixed vulnerabilities together."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software.
"The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data

Browser Security / Online Fraud

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software.

"The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands," the ReasonLabs research team said in an analysis.

"This trojan malware, existing since 2021, originates from imitations of download websites with add-ons to online games and videos."

The malware and the extensions have a combined reach of at least 300,000 users of Google Chrome and Microsoft Edge, indicating that the activity has a broad impact.

At the heart of the campaign is the use of malvertising to push lookalike websites promoting known software like Roblox FPS Unlocker, YouTube, VLC media player, Steam, or KeePass to trick users searching for these programs into downloading a trojan, which serves as a conduit for installing the browser extensions.

The digitally signed malicious installers register a scheduled task that, in turn, is configured to execute a PowerShell script responsible for downloading and executing the next-stage payload fetched from a remote server.

This includes modifying the Windows Registry to force the installation of extensions from Chrome Web Store and Microsoft Edge Add-ons that are capable of hijacking search queries on Google and Microsoft Bing and redirecting them through attacker-controlled servers.

"The extension cannot be disabled by the user, even with Developer Mode 'ON,'" ReasonLabs said. "Newer versions of the script remove browser updates."

It also launches a local extension that is downloaded directly from a command-and-control (C2) server, and comes with extensive capabilities to intercept all web requests and send them to the server, receive commands and encrypted scripts, and inject and load scripts into all pages.

On top of that, it hijacks search queries from Ask.com, Bing, and Google, and funnels them through its servers and then on to other search engines.

This is not the first time similar campaigns have been observed in the wild. In December 2023, the cybersecurity company detailed another Trojan installer delivered through torrents that installs malicious web extensions masquerading as VPN apps but are actually designed to run a "cashback activity hack."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions

The vulnerabilities, which have been patched, may have novel appeal to attackers as an avenue to compromising phones.

Demand for graphics processing units or GPUs has exploded in recent years as video rendering and artificial intelligence systems have expanded the need for processing power. And while most of the most visible shortages (and soaring stock prices) relate to top-tier PC and server chips, mobile graphics processors are the version that everyone with a smartphone is using everyday. So vulnerabilities in these chips or how they're implemented can have real-world consequences. That's exactly why Google's Android vulnerability hunting red team set its sights on open-source software from the chip giant Qualcomm that's widely used to implement mobile GPUs.

At the Defcon security conference in Las Vegas on Friday, three Google researchers presented more than nine vulnerabilities—now patched—that they discovered in Qualcomm's Adreno GPU, a suite of software used to coordinate between GPUs and an operating system like Android on Qualcomm-powered phones. Such “drivers” are crucial to how any computer is designed and have deep privileges in the kernel of an operating system to coordinate between hardware peripherals and software. Attackers could exploit the flaws the researchers found to take full control of a device.

For years, engineers and attackers alike have been most focused on potential vulnerabilities in a computer's central processing unit (CPU) and have optimized for efficiency on GPUs, leaning on them for raw processing power. But as GPUs become more central to everything a device does all the time, hackers on both ends of the spectrum are looking at how GPU infrastructure could be exploited.

“We are a small team compared to the big Android ecosystem—the scope is too big for us to cover everything, so we have to figure out what will have the most impact,” says Xuan Xing, manager of Google's Android Red Team. “So why did we focus on a GPU driver for this case? It's because there’s no permission required for untrusted apps to access GPU drivers. This is very important, and I think will attract lots of attackers’ attention.”

Xing is referring to the fact that applications on Android phones can talk to the Adreno GPU driver directly with “no sandboxing, no additional permission checks,” as he puts it. This doesn't in itself give applications the ability to go rogue, but it does make GPU drivers a bridge between the regular parts of the operating system (where data and access are carefully controlled), and the system kernel, which has full control over the entire device including its memory. “GPU drivers have all sorts of powerful functions,” Xing says. “That mapping in memory is a powerful primitive attackers want to have.”

The researchers say the vulnerabilities they uncovered are all flaws that come out of the intricacies and complicated interconnections that GPU drivers must navigate to coordinate everything. To exploit the flaws, attackers would need to first establish access to a target device, perhaps by tricking victims into side-loading malicious apps.

“There are a lot of moving parts and no access restrictions, so GPU drivers are readily accessible to pretty much every application,” says Eugene Rodionov, technical leader of the Android Red Team. “What really makes things problematic here is complexity of the implementation—that is one item which accounts for a number of vulnerabilities.”

Qualcomm released patches for the flaws to “original equipment manufacturers” (OEMs) that use Qualcomm chips and software in the Android phones they make. “Regarding the GPU issues disclosed by Android Security Red Team, patches were made available to OEMs in May 2024,” a Qualcomm Spokesperson tells WIRED. “We encourage end users to apply security updates from device makers as they become available.”

The Android ecosystem is complex, and patches must move from a vendor like Qualcomm to OEMs and then get packaged by each individual device maker and delivered to users' phones. This trickle-down process sometimes means that devices can be left exposed, but Google has spent years investing to improve these pipelines and streamline communication.

Still, the findings are yet another reminder that GPUs themselves and the software supporting them have the potential to become a critical battleground in computer security.

As Rodionov puts it, “combining high complexity of the implementation with wide accessibility makes it a very interesting target for attackers.”

Google Researchers Found Nearly a Dozen Flaws in Popular Qualcomm Software for Mobile GPUs

Ubuntu Security Notice 6951-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6951-1August 08, 2024linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop,linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm,linux-raspi, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-iot: Linux kernel for IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - M68K architecture;   - User-Mode Linux (UML);   - x86 architecture;   - Accessibility subsystem;   - Character device driver;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Hardware crypto device drivers;   - Buffer Sharing and Synchronization framework;   - FireWire subsystem;   - GPU drivers;   - HW tracing;   - Macintosh device drivers;   - Multiple devices driver;   - Media drivers;   - Network drivers;   - Pin controllers subsystem;   - S/390 drivers;   - SCSI drivers;   - SoundWire subsystem;   - Greybus lights staging drivers;   - TTY drivers;   - Framebuffer layer;   - Virtio drivers;   - 9P distributed file system;   - eCrypt file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - JFFS2 file system;   - Network file system client;   - NILFS2 file system;   - SMB network file system;   - Kernel debugger infrastructure;   - IRQ subsystem;   - Tracing infrastructure;   - Dynamic debug library;   - 9P file system network protocol;   - Bluetooth subsystem;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Netfilter;   - NET/ROM layer;   - NFC subsystem;   - NSH protocol;   - Open vSwitch;   - Phonet protocol;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - eXpress Data Path;   - XFRM subsystem;   - ALSA framework;(CVE-2024-36934, CVE-2024-38578, CVE-2024-38600, CVE-2024-27399,CVE-2024-39276, CVE-2024-38596, CVE-2024-36933, CVE-2024-36919,CVE-2024-35976, CVE-2024-37356, CVE-2023-52585, CVE-2024-38558,CVE-2024-38560, CVE-2024-38634, CVE-2024-36959, CVE-2024-38633,CVE-2024-36886, CVE-2024-27398, CVE-2024-39493, CVE-2024-26886,CVE-2024-31076, CVE-2024-38559, CVE-2024-38615, CVE-2024-36971,CVE-2024-38627, CVE-2024-36964, CVE-2024-38780, CVE-2024-37353,CVE-2024-38621, CVE-2024-36883, CVE-2024-39488, CVE-2024-38661,CVE-2024-36939, CVE-2024-38589, CVE-2024-38565, CVE-2024-38381,CVE-2024-35947, CVE-2024-36905, CVE-2022-48772, CVE-2024-36017,CVE-2024-36946, CVE-2024-27401, CVE-2024-38579, CVE-2024-38612,CVE-2024-38598, CVE-2024-38635, CVE-2024-38587, CVE-2024-38567,CVE-2024-38549, CVE-2024-36960, CVE-2023-52752, CVE-2024-27019,CVE-2024-38601, CVE-2024-39489, CVE-2024-39467, CVE-2023-52882,CVE-2024-38583, CVE-2024-39480, CVE-2024-38607, CVE-2024-36940,CVE-2024-38659, CVE-2023-52434, CVE-2024-36015, CVE-2024-38582,CVE-2024-36950, CVE-2024-38552, CVE-2024-33621, CVE-2024-36954,CVE-2024-39475, CVE-2024-39301, CVE-2024-38599, CVE-2024-36902,CVE-2024-36286, CVE-2024-38613, CVE-2024-38637, CVE-2024-36941,CVE-2024-36014, CVE-2024-38618, CVE-2024-36904, CVE-2024-36270,CVE-2024-39292, CVE-2024-39471, CVE-2022-48674)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.4.0-1042-iot      5.4.0-1042.43   linux-image-5.4.0-1049-xilinx-zynqmp  5.4.0-1049.53   linux-image-5.4.0-1077-ibm      5.4.0-1077.82   linux-image-5.4.0-1097-gkeop    5.4.0-1097.101   linux-image-5.4.0-1114-raspi    5.4.0-1114.126   linux-image-5.4.0-1118-kvm      5.4.0-1118.125   linux-image-5.4.0-1130-aws      5.4.0-1130.140   linux-image-5.4.0-1134-gcp      5.4.0-1134.143   linux-image-5.4.0-192-generic   5.4.0-192.212   linux-image-5.4.0-192-generic-lpae  5.4.0-192.212   linux-image-5.4.0-192-lowlatency  5.4.0-192.212   linux-image-aws-lts-20.04       5.4.0.1130.127   linux-image-gcp-lts-20.04       5.4.0.1134.136   linux-image-generic             5.4.0.192.190   linux-image-generic-lpae        5.4.0.192.190   linux-image-gkeop               5.4.0.1097.95   linux-image-gkeop-5.4           5.4.0.1097.95   linux-image-ibm-lts-20.04       5.4.0.1077.106   linux-image-kvm                 5.4.0.1118.114   linux-image-lowlatency          5.4.0.192.190   linux-image-oem                 5.4.0.192.190   linux-image-oem-osp1            5.4.0.192.190   linux-image-raspi               5.4.0.1114.144   linux-image-raspi2              5.4.0.1114.144   linux-image-virtual             5.4.0.192.190   linux-image-xilinx-zynqmp       5.4.0.1049.49Ubuntu 18.04 LTS   linux-image-5.4.0-1077-ibm      5.4.0-1077.82~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1130-aws      5.4.0-1130.140~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1134-gcp      5.4.0-1134.143~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-192-generic   5.4.0-192.212~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-192-lowlatency  5.4.0-192.212~18.04.1                                   Available with Ubuntu Pro   linux-image-aws                 5.4.0.1130.140~18.04.1                                   Available with Ubuntu Pro   linux-image-gcp                 5.4.0.1134.143~18.04.1                                   Available with Ubuntu Pro   linux-image-generic-hwe-18.04   5.4.0.192.212~18.04.1                                   Available with Ubuntu Pro   linux-image-ibm                 5.4.0.1077.82~18.04.1                                   Available with Ubuntu Pro   linux-image-lowlatency-hwe-18.04  5.4.0.192.212~18.04.1                                   Available with Ubuntu Pro   linux-image-oem                 5.4.0.192.212~18.04.1                                   Available with Ubuntu Pro   linux-image-oem-osp1            5.4.0.192.212~18.04.1                                   Available with Ubuntu Pro   linux-image-snapdragon-hwe-18.04  5.4.0.192.212~18.04.1                                   Available with Ubuntu Pro   linux-image-virtual-hwe-18.04   5.4.0.192.212~18.04.1                                   Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6951-1   CVE-2022-48674, CVE-2022-48772, CVE-2023-52434, CVE-2023-52585,   CVE-2023-52752, CVE-2023-52882, CVE-2024-26886, CVE-2024-27019,   CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-31076,   CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014,   CVE-2024-36015, CVE-2024-36017, CVE-2024-36270, CVE-2024-36286,   CVE-2024-36883, CVE-2024-36886, CVE-2024-36902, CVE-2024-36904,   CVE-2024-36905, CVE-2024-36919, CVE-2024-36933, CVE-2024-36934,   CVE-2024-36939, CVE-2024-36940, CVE-2024-36941, CVE-2024-36946,   CVE-2024-36950, CVE-2024-36954, CVE-2024-36959, CVE-2024-36960,   CVE-2024-36964, CVE-2024-36971, CVE-2024-37353, CVE-2024-37356,   CVE-2024-38381, CVE-2024-38549, CVE-2024-38552, CVE-2024-38558,   CVE-2024-38559, CVE-2024-38560, CVE-2024-38565, CVE-2024-38567,   CVE-2024-38578, CVE-2024-38579, CVE-2024-38582, CVE-2024-38583,   CVE-2024-38587, CVE-2024-38589, CVE-2024-38596, CVE-2024-38598,   CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38607,   CVE-2024-38612, CVE-2024-38613, CVE-2024-38615, CVE-2024-38618,   CVE-2024-38621, CVE-2024-38627, CVE-2024-38633, CVE-2024-38634,   CVE-2024-38635, CVE-2024-38637, CVE-2024-38659, CVE-2024-38661,   CVE-2024-38780, CVE-2024-39276, CVE-2024-39292, CVE-2024-39301,   CVE-2024-39467, CVE-2024-39471, CVE-2024-39475, CVE-2024-39480,   CVE-2024-39488, CVE-2024-39489, CVE-2024-39493Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-192.212   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1130.140   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1134.143   https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1097.101   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1077.82   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1042.43   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1118.125   https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1114.126   https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1049.53

Ubuntu Security Notice USN-6951-1

Ubuntu Security Notice 6950-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6950-1August 08, 2024linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency,linux-lowlatency-hwe-5.15, linux-nvidia vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms- linux-lowlatency-hwe-5.15: Linux low latency kernelDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - ARM64 architecture;   - Block layer subsystem;   - Bluetooth drivers;   - Clock framework and drivers;   - FireWire subsystem;   - GPU drivers;   - InfiniBand drivers;   - Multiple devices driver;   - EEPROM drivers;   - Network drivers;   - Pin controllers subsystem;   - Remote Processor subsystem;   - S/390 drivers;   - SCSI drivers;   - 9P distributed file system;   - Network file system client;   - SMB network file system;   - Socket messages infrastructure;   - Dynamic debug library;   - Bluetooth subsystem;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Multipath TCP;   - NSH protocol;   - Phonet protocol;   - TIPC protocol;   - Wireless networking;   - Key management;   - ALSA framework;   - HD-audio driver;(CVE-2024-36883, CVE-2024-36940, CVE-2024-36902, CVE-2024-36975,CVE-2024-36964, CVE-2024-36938, CVE-2024-36931, CVE-2024-35848,CVE-2024-26900, CVE-2024-36967, CVE-2024-36904, CVE-2024-27398,CVE-2024-36031, CVE-2023-52585, CVE-2024-36886, CVE-2024-36937,CVE-2024-36954, CVE-2024-36916, CVE-2024-36905, CVE-2024-36959,CVE-2024-26980, CVE-2024-26936, CVE-2024-36928, CVE-2024-36889,CVE-2024-36929, CVE-2024-36933, CVE-2024-27399, CVE-2024-36946,CVE-2024-36906, CVE-2024-36965, CVE-2024-36957, CVE-2024-36941,CVE-2024-36897, CVE-2024-36952, CVE-2024-36947, CVE-2024-36950,CVE-2024-36880, CVE-2024-36017, CVE-2023-52882, CVE-2024-36969,CVE-2024-38600, CVE-2024-36955, CVE-2024-36960, CVE-2024-27401,CVE-2024-36919, CVE-2024-36934, CVE-2024-35947, CVE-2024-36953,CVE-2024-36944, CVE-2024-36939)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-5.15.0-1050-gkeop   5.15.0-1050.57   linux-image-5.15.0-1062-intel-iotg  5.15.0-1062.68   linux-image-5.15.0-1062-nvidia  5.15.0-1062.63   linux-image-5.15.0-1062-nvidia-lowlatency  5.15.0-1062.63   linux-image-5.15.0-1064-gke     5.15.0-1064.70   linux-image-5.15.0-1064-kvm     5.15.0-1064.69   linux-image-5.15.0-1066-gcp     5.15.0-1066.74   linux-image-5.15.0-1067-aws     5.15.0-1067.73   linux-image-5.15.0-118-generic  5.15.0-118.128   linux-image-5.15.0-118-generic-64k  5.15.0-118.128   linux-image-5.15.0-118-generic-lpae  5.15.0-118.128   linux-image-5.15.0-118-lowlatency  5.15.0-118.128   linux-image-5.15.0-118-lowlatency-64k  5.15.0-118.128   linux-image-aws-lts-22.04       5.15.0.1067.67   linux-image-gcp-lts-22.04       5.15.0.1066.62   linux-image-generic             5.15.0.118.118   linux-image-generic-64k         5.15.0.118.118   linux-image-generic-lpae        5.15.0.118.118   linux-image-gke                 5.15.0.1064.63   linux-image-gke-5.15            5.15.0.1064.63   linux-image-gkeop               5.15.0.1050.49   linux-image-gkeop-5.15          5.15.0.1050.49   linux-image-intel-iotg          5.15.0.1062.62   linux-image-kvm                 5.15.0.1064.60   linux-image-lowlatency          5.15.0.118.108   linux-image-lowlatency-64k      5.15.0.118.108   linux-image-nvidia              5.15.0.1062.62   linux-image-nvidia-lowlatency   5.15.0.1062.62   linux-image-virtual             5.15.0.118.118Ubuntu 20.04 LTS   linux-image-5.15.0-1062-intel-iotg  5.15.0-1062.68~20.04.1   linux-image-5.15.0-1066-gcp     5.15.0-1066.74~20.04.1   linux-image-5.15.0-118-lowlatency  5.15.0-118.128~20.04.1   linux-image-5.15.0-118-lowlatency-64k  5.15.0-118.128~20.04.1   linux-image-gcp                 5.15.0.1066.74~20.04.1   linux-image-intel               5.15.0.1062.68~20.04.1   linux-image-intel-iotg          5.15.0.1062.68~20.04.1   linux-image-lowlatency-64k-hwe-20.04  5.15.0.118.128~20.04.1   linux-image-lowlatency-hwe-20.04  5.15.0.118.128~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6950-1   CVE-2023-52585, CVE-2023-52882, CVE-2024-26900, CVE-2024-26936,   CVE-2024-26980, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401,   CVE-2024-35848, CVE-2024-35947, CVE-2024-36017, CVE-2024-36031,   CVE-2024-36880, CVE-2024-36883, CVE-2024-36886, CVE-2024-36889,   CVE-2024-36897, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905,   CVE-2024-36906, CVE-2024-36916, CVE-2024-36919, CVE-2024-36928,   CVE-2024-36929, CVE-2024-36931, CVE-2024-36933, CVE-2024-36934,   CVE-2024-36937, CVE-2024-36938, CVE-2024-36939, CVE-2024-36940,   CVE-2024-36941, CVE-2024-36944, CVE-2024-36946, CVE-2024-36947,   CVE-2024-36950, CVE-2024-36952, CVE-2024-36953, CVE-2024-36954,   CVE-2024-36955, CVE-2024-36957, CVE-2024-36959, CVE-2024-36960,   CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969,   CVE-2024-36975, CVE-2024-38600Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-118.128   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1067.73   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1066.74   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1064.70   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1050.57   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1062.68   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1064.69   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-118.128   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1062.63   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1066.74~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1062.68~20.04.1  https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-118.128~20.04.1

Ubuntu Security Notice USN-6950-1

Gaati Track version 1.0-2023 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : Gaati track v1.0-2023 IDOR Vulnerability                                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /new_user.php                 /branch_list.php         /parcel_list.php         /reports.php         /sidebar.php         /staff_list.php[+] https://www/127.0.0.1/ks50.karnataka.govin/sidebar.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Gaati Track 1.0-2023 Insecure Direct Object Reference

Ubuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6949-1August 08, 2024linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia,linux-nvidia-6.8, linux-oem-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-nvidia: Linux kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - ARM64 architecture;   - M68K architecture;   - OpenRISC architecture;   - PowerPC architecture;   - RISC-V architecture;   - x86 architecture;   - Block layer subsystem;   - Accessibility subsystem;   - Bluetooth drivers;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Hardware crypto device drivers;   - DMA engine subsystem;   - DPLL subsystem;   - FireWire subsystem;   - EFI core;   - Qualcomm firmware drivers;   - GPIO subsystem;   - GPU drivers;   - Microsoft Hyper-V drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - IRQ chip drivers;   - Macintosh device drivers;   - Multiple devices driver;   - Media drivers;   - EEPROM drivers;   - MMC subsystem;   - Network drivers;   - STMicroelectronics network drivers;   - Device tree and open firmware driver;   - HiSilicon SoC PMU drivers;   - PHY drivers;   - Pin controllers subsystem;   - Remote Processor subsystem;   - S/390 drivers;   - SCSI drivers;   - SPI subsystem;   - Media staging drivers;   - Thermal drivers;   - Userspace I/O drivers;   - USB subsystem;   - DesignWare USB3 driver;   - ACRN Hypervisor Service Module driver;   - Virtio drivers;   - 9P distributed file system;   - BTRFS file system;   - eCrypt file system;   - EROFS file system;   - File systems infrastructure;   - GFS2 file system;   - JFFS2 file system;   - Network file systems library;   - Network file system client;   - Network file system server daemon;   - NILFS2 file system;   - Proc file system;   - SMB network file system;   - Tracing file system;   - Mellanox drivers;   - Memory management;   - Socket messages infrastructure;   - Slab allocator;   - Tracing infrastructure;   - User-space API (UAPI);   - Core kernel;   - BPF subsystem;   - DMA mapping infrastructure;   - RCU subsystem;   - Dynamic debug library;   - KUnit library;   - Maple Tree data structure library;   - Heterogeneous memory management;   - Amateur Radio drivers;   - Bluetooth subsystem;   - Ethernet bridge;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Multipath TCP;   - Netfilter;   - NET/ROM layer;   - NFC subsystem;   - NSH protocol;   - Open vSwitch;   - Phonet protocol;   - SMC sockets;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - Key management;   - ALSA framework;   - HD-audio driver;   - Kirkwood ASoC drivers;   - MediaTek ASoC drivers;(CVE-2024-36006, CVE-2024-36922, CVE-2024-38567, CVE-2024-38584,CVE-2024-36923, CVE-2024-36892, CVE-2024-35855, CVE-2024-35853,CVE-2024-38562, CVE-2024-36920, CVE-2024-38543, CVE-2024-38576,CVE-2024-38572, CVE-2024-36898, CVE-2024-38560, CVE-2024-36004,CVE-2024-36956, CVE-2024-36881, CVE-2024-36977, CVE-2024-36955,CVE-2024-36906, CVE-2024-36013, CVE-2024-36884, CVE-2024-38563,CVE-2024-36966, CVE-2024-38547, CVE-2024-38594, CVE-2024-36926,CVE-2024-38587, CVE-2024-38566, CVE-2024-27400, CVE-2024-36941,CVE-2024-36017, CVE-2024-38544, CVE-2024-36899, CVE-2024-35851,CVE-2024-38577, CVE-2024-38590, CVE-2024-38568, CVE-2024-38559,CVE-2024-38611, CVE-2024-36887, CVE-2024-36886, CVE-2024-35996,CVE-2024-38612, CVE-2024-36925, CVE-2024-38586, CVE-2024-38596,CVE-2024-36932, CVE-2024-39482, CVE-2024-38585, CVE-2024-36033,CVE-2024-38614, CVE-2024-35852, CVE-2024-36908, CVE-2024-36939,CVE-2024-36963, CVE-2024-27401, CVE-2024-36029, CVE-2024-38540,CVE-2024-38565, CVE-2024-36927, CVE-2024-36910, CVE-2024-42134,CVE-2024-36888, CVE-2024-35859, CVE-2024-36911, CVE-2024-35947,CVE-2024-36940, CVE-2024-36921, CVE-2024-36913, CVE-2024-36943,CVE-2024-35986, CVE-2024-38616, CVE-2024-36900, CVE-2024-36954,CVE-2024-36915, CVE-2024-38602, CVE-2024-41011, CVE-2024-35991,CVE-2024-36909, CVE-2024-38603, CVE-2023-52882, CVE-2024-36953,CVE-2024-38599, CVE-2024-38574, CVE-2024-36967, CVE-2024-36895,CVE-2024-36003, CVE-2024-36961, CVE-2024-38545, CVE-2024-38538,CVE-2024-36001, CVE-2024-36912, CVE-2024-36952, CVE-2024-38550,CVE-2024-38570, CVE-2024-36969, CVE-2024-38595, CVE-2024-35849,CVE-2024-36936, CVE-2024-35949, CVE-2024-36009, CVE-2024-35987,CVE-2024-38541, CVE-2024-38564, CVE-2024-36032, CVE-2024-38615,CVE-2024-36960, CVE-2024-36934, CVE-2024-36951, CVE-2024-35999,CVE-2024-38551, CVE-2024-36903, CVE-2024-36931, CVE-2024-38593,CVE-2024-36938, CVE-2024-38607, CVE-2024-36928, CVE-2024-38552,CVE-2024-36002, CVE-2024-38605, CVE-2024-38582, CVE-2024-36933,CVE-2024-38620, CVE-2024-27395, CVE-2024-27396, CVE-2024-36012,CVE-2024-38591, CVE-2024-38597, CVE-2024-36889, CVE-2024-36964,CVE-2024-38606, CVE-2024-38553, CVE-2024-36945, CVE-2024-35848,CVE-2024-36962, CVE-2024-36947, CVE-2024-27399, CVE-2024-38546,CVE-2024-38583, CVE-2024-38573, CVE-2024-35850, CVE-2024-38549,CVE-2024-38588, CVE-2024-38610, CVE-2024-36917, CVE-2024-36957,CVE-2024-35846, CVE-2024-38579, CVE-2024-36965, CVE-2024-35857,CVE-2024-38548, CVE-2024-36975, CVE-2024-36919, CVE-2024-38542,CVE-2024-36948, CVE-2024-36011, CVE-2024-38556, CVE-2024-36897,CVE-2024-38557, CVE-2024-36890, CVE-2024-36882, CVE-2024-38613,CVE-2024-36914, CVE-2024-35998, CVE-2024-36958, CVE-2024-38580,CVE-2024-36896, CVE-2024-36891, CVE-2024-36924, CVE-2024-38589,CVE-2024-38592, CVE-2024-36904, CVE-2024-36894, CVE-2024-36028,CVE-2024-36014, CVE-2024-36880, CVE-2024-36944, CVE-2024-38598,CVE-2024-36929, CVE-2024-36883, CVE-2024-35858, CVE-2024-38555,CVE-2024-36005, CVE-2024-38539, CVE-2024-35994, CVE-2024-36030,CVE-2024-27394, CVE-2024-36930, CVE-2024-36937, CVE-2024-38561,CVE-2024-38578, CVE-2024-36959, CVE-2024-36935, CVE-2024-36916,CVE-2024-36902, CVE-2024-38604, CVE-2024-38554, CVE-2024-38575,CVE-2024-36918, CVE-2024-36979, CVE-2024-35854, CVE-2024-36968,CVE-2024-38558, CVE-2024-36000, CVE-2024-27398, CVE-2024-35983,CVE-2024-36949, CVE-2024-38600, CVE-2024-36950, CVE-2024-36946,CVE-2024-36031, CVE-2024-35847, CVE-2024-36905, CVE-2024-38571,CVE-2024-36007, CVE-2024-35856, CVE-2024-38601, CVE-2024-38569,CVE-2024-38617, CVE-2024-35988, CVE-2024-35989, CVE-2024-35993,CVE-2024-36893, CVE-2024-36901)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   linux-image-6.8.0-1008-gke      6.8.0-1008.11   linux-image-6.8.0-1010-ibm      6.8.0-1010.10   linux-image-6.8.0-1010-oem      6.8.0-1010.10   linux-image-6.8.0-1011-nvidia   6.8.0-1011.11   linux-image-6.8.0-1011-nvidia-64k  6.8.0-1011.11   linux-image-6.8.0-1012-gcp      6.8.0-1012.13   linux-image-6.8.0-1013-aws      6.8.0-1013.14   linux-image-6.8.0-40-generic    6.8.0-40.40   linux-image-6.8.0-40-generic-64k  6.8.0-40.40   linux-image-aws                 6.8.0-1013.14   linux-image-gcp                 6.8.0-1012.13   linux-image-generic             6.8.0-40.40   linux-image-generic-64k         6.8.0-40.40   linux-image-generic-64k-hwe-24.04  6.8.0-40.40   linux-image-generic-hwe-24.04   6.8.0-40.40   linux-image-generic-lpae        6.8.0-40.40   linux-image-gke                 6.8.0-1008.11   linux-image-ibm                 6.8.0-1010.10   linux-image-ibm-classic         6.8.0-1010.10   linux-image-ibm-lts-24.04       6.8.0-1010.10   linux-image-kvm                 6.8.0-40.40   linux-image-nvidia              6.8.0-1011.11   linux-image-nvidia-64k          6.8.0-1011.11   linux-image-oem-24.04           6.8.0-1010.10   linux-image-oem-24.04a          6.8.0-1010.10   linux-image-virtual             6.8.0-40.40   linux-image-virtual-hwe-24.04   6.8.0-40.40Ubuntu 22.04 LTS   linux-image-6.8.0-1011-nvidia   6.8.0-1011.11~22.04.1   linux-image-6.8.0-1011-nvidia-64k  6.8.0-1011.11~22.04.1   linux-image-nvidia-6.8          6.8.0-1011.11~22.04.1   linux-image-nvidia-64k-6.8      6.8.0-1011.11~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6949-1   CVE-2023-52882, CVE-2024-27394, CVE-2024-27395, CVE-2024-27396,   CVE-2024-27398, CVE-2024-27399, CVE-2024-27400, CVE-2024-27401,   CVE-2024-35846, CVE-2024-35847, CVE-2024-35848, CVE-2024-35849,   CVE-2024-35850, CVE-2024-35851, CVE-2024-35852, CVE-2024-35853,   CVE-2024-35854, CVE-2024-35855, CVE-2024-35856, CVE-2024-35857,   CVE-2024-35858, CVE-2024-35859, CVE-2024-35947, CVE-2024-35949,   CVE-2024-35983, CVE-2024-35986, CVE-2024-35987, CVE-2024-35988,   CVE-2024-35989, CVE-2024-35991, CVE-2024-35993, CVE-2024-35994,   CVE-2024-35996, CVE-2024-35998, CVE-2024-35999, CVE-2024-36000,   CVE-2024-36001, CVE-2024-36002, CVE-2024-36003, CVE-2024-36004,   CVE-2024-36005, CVE-2024-36006, CVE-2024-36007, CVE-2024-36009,   CVE-2024-36011, CVE-2024-36012, CVE-2024-36013, CVE-2024-36014,   CVE-2024-36017, CVE-2024-36028, CVE-2024-36029, CVE-2024-36030,   CVE-2024-36031, CVE-2024-36032, CVE-2024-36033, CVE-2024-36880,   CVE-2024-36881, CVE-2024-36882, CVE-2024-36883, CVE-2024-36884,   CVE-2024-36886, CVE-2024-36887, CVE-2024-36888, CVE-2024-36889,   CVE-2024-36890, CVE-2024-36891, CVE-2024-36892, CVE-2024-36893,   CVE-2024-36894, CVE-2024-36895, CVE-2024-36896, CVE-2024-36897,   CVE-2024-36898, CVE-2024-36899, CVE-2024-36900, CVE-2024-36901,   CVE-2024-36902, CVE-2024-36903, CVE-2024-36904, CVE-2024-36905,   CVE-2024-36906, CVE-2024-36908, CVE-2024-36909, CVE-2024-36910,   CVE-2024-36911, CVE-2024-36912, CVE-2024-36913, CVE-2024-36914,   CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36918,   CVE-2024-36919, CVE-2024-36920, CVE-2024-36921, CVE-2024-36922,   CVE-2024-36923, CVE-2024-36924, CVE-2024-36925, CVE-2024-36926,   CVE-2024-36927, CVE-2024-36928, CVE-2024-36929, CVE-2024-36930,   CVE-2024-36931, CVE-2024-36932, CVE-2024-36933, CVE-2024-36934,   CVE-2024-36935, CVE-2024-36936, CVE-2024-36937, CVE-2024-36938,   CVE-2024-36939, CVE-2024-36940, CVE-2024-36941, CVE-2024-36943,   CVE-2024-36944, CVE-2024-36945, CVE-2024-36946, CVE-2024-36947,   CVE-2024-36948, CVE-2024-36949, CVE-2024-36950, CVE-2024-36951,   CVE-2024-36952, CVE-2024-36953, CVE-2024-36954, CVE-2024-36955,   CVE-2024-36956, CVE-2024-36957, CVE-2024-36958, CVE-2024-36959,   CVE-2024-36960, CVE-2024-36961, CVE-2024-36962, CVE-2024-36963,   CVE-2024-36964, CVE-2024-36965, CVE-2024-36966, CVE-2024-36967,   CVE-2024-36968, CVE-2024-36969, CVE-2024-36975, CVE-2024-36977,   CVE-2024-36979, CVE-2024-38538, CVE-2024-38539, CVE-2024-38540,   CVE-2024-38541, CVE-2024-38542, CVE-2024-38543, CVE-2024-38544,   CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548,   CVE-2024-38549, CVE-2024-38550, CVE-2024-38551, CVE-2024-38552,   CVE-2024-38553, CVE-2024-38554, CVE-2024-38555, CVE-2024-38556,   CVE-2024-38557, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560,   CVE-2024-38561, CVE-2024-38562, CVE-2024-38563, CVE-2024-38564,   CVE-2024-38565, CVE-2024-38566, CVE-2024-38567, CVE-2024-38568,   CVE-2024-38569, CVE-2024-38570, CVE-2024-38571, CVE-2024-38572,   CVE-2024-38573, CVE-2024-38574, CVE-2024-38575, CVE-2024-38576,   CVE-2024-38577, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580,   CVE-2024-38582, CVE-2024-38583, CVE-2024-38584, CVE-2024-38585,   CVE-2024-38586, CVE-2024-38587, CVE-2024-38588, CVE-2024-38589,   CVE-2024-38590, CVE-2024-38591, CVE-2024-38592, CVE-2024-38593,   CVE-2024-38594, CVE-2024-38595, CVE-2024-38596, CVE-2024-38597,   CVE-2024-38598, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601,   CVE-2024-38602, CVE-2024-38603, CVE-2024-38604, CVE-2024-38605,   CVE-2024-38606, CVE-2024-38607, CVE-2024-38610, CVE-2024-38611,   CVE-2024-38612, CVE-2024-38613, CVE-2024-38614, CVE-2024-38615,   CVE-2024-38616, CVE-2024-38617, CVE-2024-38620, CVE-2024-39482,   CVE-2024-41011, CVE-2024-42134Package Information:   https://launchpad.net/ubuntu/+source/linux/6.8.0-40.40   https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1013.14   https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1012.13   https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1008.11   https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1010.10   https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1011.11   https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1010.10   https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1011.11~22.04.1

Ubuntu Security Notice USN-6949-1

Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 File inclusion Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /main.php?id=1&pg=[+] http://127.0.0.1/farmacia-master/main.php?id=1&pg=http://127.0.0.1/phpMyAdmin/themes/pmahomme/img/logo_left.pngGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tag

#google