Gentoo Linux Security Advisory 202407-27 - Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 12.42 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: ExifTool: Multiple vulnerabilities  
     Date: July 24, 2024  
     Bugs: #785667, #791397, #803317, #832033  
       ID: 202407-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in ExifTool, the worst of  
which could lead to arbitrary code execution.

Background  
==========

ExifTool is a platform-independent Perl library plus a command-line  
application for reading, writing and editing meta information in a wide  
variety of files.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-libs/exiftool  < 12.42       >= 12.42

Description  
===========

Multiple vulnerabilities have been discovered in ExifTool. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All ExifTool users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/exiftool-12.42"

References  
==========

[ 1 ] CVE-2021-22204  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22204  
[ 2 ] CVE-2022-23935  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23935

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-27

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-27

Ubuntu Security Notice 6906-1 - It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6906-1  
July 24, 2024

python-zipp vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

python-zipp could be made to crash if certain zip files are used.

Software Description:  
- python-zipp: pathlib-compatible Zipfile object wrapper - Python 3.x

Details:

It was discovered that python-zipp did not properly handle the zip files  
with malformed names. An attacker could possibly use this issue to cause a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   python3-zipp                    1.0.0-6ubuntu0.1

Ubuntu 22.04 LTS  
   python3-zipp                    1.0.0-3ubuntu0.1

Ubuntu 20.04 LTS  
   pypy-zipp                       1.0.0-1ubuntu0.1  
   python-zipp                     1.0.0-1ubuntu0.1  
   python3-zipp                    1.0.0-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6906-1  
   CVE-2024-5569

Package Information:  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-6ubuntu0.1  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-3ubuntu0.1  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-1ubuntu0.1

Ubuntu Security Notice USN-6906-1

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

**SIM Wisuda 1.0 Insecure Direct Object Reference**

Posted Jul 24, 2024

Authored by indoushka

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 7fed84c74a95aca63927ebf377895e9a07606b145886012809d45f932101a348

Download | Favorite | View

**SIM Wisuda 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : SIM Wisuda v1.0 IDOR Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://academic.uii.ac.id/wisuda/                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /login/apps/?menu=Lulusan[+] https://www/127.0.0.1/wisuda.uika-bogor.ac.id/login/apps/?menu=LulusanGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,109)
*   Arbitrary (16,828)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,779)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,997)
*   Encryption (2,389)
*   Exploit (53,065)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,167)
*   Local (14,774)
*   Magazine (586)
*   Overflow (13,149)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,613)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,271)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,588)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,900)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,505)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,383)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,686)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

SIM Wisuda 1.0 Insecure Direct Object Reference

SLiMS CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : SLiMS CMS v2.0 Sql injection Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://slims.web.id/web/news/slims-competition-plugin-and-template/                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : "index.php?p=show_detail&id=471"<===== inject here[+] https://www/127.0.0.1/libman1blitarschid/index.php?p=show_detail&id=471Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

SLiMS CMS 2.0 SQL Injection

Ubuntu Security Notice 6910-1 - Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Peter Stoeckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6910-1  
July 23, 2024

activemq vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Apache ActiveMQ.

Software Description:  
- activemq: Java message broker - server

Details:

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain  
commands. A remote attacker could possibly use this issue to terminate  
the program, resulting in a denial of service. This issue only affected  
Ubuntu 16.04 LTS. (CVE-2015-7559)

Peter Stöckli discovered that Apache ActiveMQ incorrectly handled  
hostname verification. A remote attacker could possibly use this issue  
to perform a person-in-the-middle attack. This issue only affected Ubuntu  
16.04 LTS. (CVE-2018-11775)

Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache  
ActiveMQ incorrectly handled authentication in certain functions.  
A remote attacker could possibly use this issue to perform a  
person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,  
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920)

Gregor Tudan discovered that Apache ActiveMQ incorrectly handled  
LDAP authentication. A remote attacker could possibly use this issue  
to acquire unauthenticated access. This issue only affected Ubuntu 16.04  
LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26117)

It was discovered that Apache ActiveMQ incorrectly handled  
authentication. A remote attacker could possibly use this issue to run  
arbitrary code. (CVE-2022-41678)

It was discovered that Apache ActiveMQ incorrectly handled  
deserialization. A remote attacker could possibly use this issue to run  
arbitrary shell commands. (CVE-2023-46604)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
   activemq                        5.16.1-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.16.1-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS  
   activemq                        5.15.11-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.15.11-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS  
   activemq                        5.15.8-2~18.04.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.15.8-2~18.04.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   activemq                        5.13.2+dfsg-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.13.2+dfsg-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6910-1  
   CVE-2015-7559, CVE-2018-11775, CVE-2020-13920, CVE-2021-26117,  
   CVE-2022-41678, CVE-2023-46604

Ubuntu Security Notice USN-6910-1

Ubuntu Security Notice 6530-2 - Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

    ==========================================================================Ubuntu Security Notice USN-6530-2July 23, 2024haproxy vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:HAProxy could be made to expose sensitive information.Software Description:- haproxy: fast and reliable load balancing reverse proxyDetails:Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handledURI components containing the hash character (#). A remote attacker couldpossibly use this issue to obtain sensitive information, or to bypasscertain path_end rules.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   haproxy                         1.8.8-1ubuntu0.13+esm2                                   Available with Ubuntu ProUbuntu 16.04 LTS   haproxy                         1.6.3-1ubuntu0.3+esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6530-2   https://ubuntu.com/security/notices/USN-6530-1   CVE-2023-45539

Ubuntu Security Notice USN-6530-2

StarTask CRM version 1.9 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : StarTask CRM v1.9 Auth by Pass Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.1 (64 bits)                                                   || # Vendor    : http://p30vel.ir.domains.blog.ir/                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer&Pass : 1' or 1=1 -- -[+] https://www/127.0.0.1/rkexpress.in/dash.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

StarTask CRM 1.9 SQL Injection

UBM CMS version 1.2 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : UBM CMS v1.2 IDOR Vulnerability                                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.1 (64 bits)                                                   || # Vendor    : https://ubminfotech.com/                                                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /admin/header.php [+] https://www/127.0.0.1/orrerydrugs.com/admin/header.php [+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

UBM CMS 1.2 Insecure Direct Object Reference

Ubuntu Security Notice 6907-1 - Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6907-1  
July 23, 2024

squid, squid3 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Squid could be made to crash if it processed specially crafted characters.

Software Description:  
- squid: Web proxy cache server  
- squid3: Web proxy cache server

Details:

Joshua Rogers discovered that Squid did not properly handle multi-byte  
characters during Edge Side Includes (ESI) processing. A remote attacker  
could possibly use this issue to cause a memory corruption error, leading  
to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   squid                           6.6-1ubuntu5.1

Ubuntu 22.04 LTS  
   squid                           5.9-0ubuntu0.22.04.2

Ubuntu 20.04 LTS  
   squid                           4.10-1ubuntu1.13

Ubuntu 18.04 LTS  
   squid                           3.5.27-1ubuntu1.14+esm3  
                                   Available with Ubuntu Pro  
   squid3                          3.5.27-1ubuntu1.14+esm3  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   squid                           3.5.12-1ubuntu7.16+esm4  
                                   Available with Ubuntu Pro  
   squid3                          3.5.12-1ubuntu7.16+esm4  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6907-1  
   CVE-2024-37894

Package Information:  
   https://launchpad.net/ubuntu/+source/squid/6.6-1ubuntu5.1  
   https://launchpad.net/ubuntu/+source/squid/5.9-0ubuntu0.22.04.2  
   https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.13

Ubuntu Security Notice USN-6907-1

TAIF LMS version 5.8.0 suffers from a remote shell upload vulnerability.

    ====================================================================================================================================| # Title     : TAIF LMS v5.8.0 shell upload Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : http://lmsv3.mmgulf.com/public/                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] TAIF learning script contain arbitrary file upload[+] registered user can upload .php files in profile picture section without any security[+] profile link : localhost/demo/public/profile/show/[+] profile link : /demo/public/profile/show/[+] edit profile photo and upload php files and inspect element your php direction[+] uploaded file direction :local host /demo/public/images/user_img/16067501901.php <---- random id[+] just right click the photo and use inspect element you will have your directionGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Tag

#vulnerability