Ubuntu Security Notice USN-6271-1

Ubuntu Security Notice 6271-1 - Xiang Li discovered that MaraDNS incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. Huascar Tejeda discovered that MaraDNS incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-4449-01

Red Hat Security Advisory 2023-4449-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.

Ubuntu Security Notice USN-6270-1

Ubuntu Security Notice 6270-1 - It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim incorrectly handled memory when deleting buffers in diff mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

OX App Suite SSRF / SQL Injection / Cross Site Scripting

OX App Suite suffers from remote SQL injection, server-side request forgery, cross site scripting, improper neutralization, command injection, and exposure of sensitive information vulnerabilities.

Kolibri GET request buffer Overflow [Stack Egghunter]

Posted by Mahmoud Noureldin on Aug 03

#!/usr/bin/python3
# Exploit Title: Kolibri GET request buffer Overflow [Stack Egghunter]
# Date: 2 Augst 2023
# Exploit Author: Mahmoud NourEldin @Engacker
# Vendor App:
https://www.exploit-db.com/apps/4d4e15b98e105facf94e4fd6a1f9eb78-Kolibri-2.0-win.zip
# Version: Kolibri 2.0
# Tested on: Windows 10
# Description:
# For the first time making the egghunter jumping to the begging of the
stack

import socket, time, sys, os

if len(sys.argv) != 3:...

[SYSS-2023-011]: Canon PIXMA TR4550 and other inkjet printer models - Insufficient or Incomplete Data Removal, within Hardware Component (CWE-1301)

Posted by Matthias Deeg via Fulldisclosure on Aug 03

Advisory ID: SYSS-2023-011
Product: PIXMA TR4550
Manufacturer: Canon
Affected Version(s): 1.020 / 1.080
also affects many other Canon inkjet printer
models[4]
Tested Version(s): 1.020 / 1.080
Vulnerability Type: Insufficient or Incomplete Data Removal
within Hardware Component (CWE-1301)...

[webapps] JLex GuestBook 1.6.4 - Reflected XSS

JLex GuestBook 1.6.4 - Reflected XSS

[webapps] Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

[webapps] Webedition CMS v2.9.8.8 - Stored XSS

Webedition CMS v2.9.8.8 - Stored XSS

[webapps] Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access

Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access

[webapps] WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

[dos] Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

[webapps] Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

[webapps] WordPress adivaha Travel Plugin 2.3 - SQL Injection

WordPress adivaha Travel Plugin 2.3 - SQL Injection

[webapps] PHPJabbers Night Club Booking 1.0 - Reflected XSS

PHPJabbers Night Club Booking 1.0 - Reflected XSS

[webapps] Joomla JLex Review 6.0.1 - Reflected XSS

Joomla JLex Review 6.0.1 - Reflected XSS

[webapps] PHPJabbers Taxi Booking 2.0 - Reflected XSS

PHPJabbers Taxi Booking 2.0 - Reflected XSS

[webapps] PHPJabbers Service Booking Script 1.0 - Reflected XSS

PHPJabbers Service Booking Script 1.0 - Reflected XSS

[webapps] Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

[webapps] Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

[webapps] PHPJabbers Rental Property Booking 2.0 - Reflected XSS

PHPJabbers Rental Property Booking 2.0 - Reflected XSS

[webapps] PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

[remote] ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

[webapps] Academy LMS 6.0 - Reflected XSS

Academy LMS 6.0 - Reflected XSS

[webapps] Webutler v3.2 - Remote Code Execution (RCE)

Webutler v3.2 - Remote Code Execution (RCE)

[webapps] Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

[webapps] PHPJabbers Cleaning Business 1.0 - Reflected XSS

PHPJabbers Cleaning Business 1.0 - Reflected XSS

[webapps] WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

[webapps] WordPress adivaha Travel Plugin 2.3 - Reflected XSS

WordPress adivaha Travel Plugin 2.3 - Reflected XSS

[remote] Shelly PRO 4PM v0.11.0 - Authentication Bypass

Shelly PRO 4PM v0.11.0 - Authentication Bypass

OXAS-ADV-2023-0003: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Aug 02

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference: OXUIB-2282
Type:...

RansomLord v1 / Anti-Ransomware Exploit Tool

Posted by malvuln on Aug 02

RansomLord is a proof-of-concept tool that automates the creation of PE
files, used to compromise Ransomware pre-encryption.

Lang: C

SHA256: b0dfa2377d7100949de276660118bbf21fa4e56a4a196db15f5fb344a5da33ee

Video PoC:
https://www.youtube.com/watch?v=_Ho0bpeJWqI

Download: https://github.com/malvuln/RansomLord

RansomLord generated PE files are saved to disk in the x32 or x64
directorys where the program is run from.

Goal is to exploit code...

Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)

Posted by Mahmoud Noureldin on Aug 02

This is an old app but in an easy way which not the same which in public.

Exploit Title: Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)

# Date: [30/07/2023]
# Exploit Author: [0xBOF90]
# Vendor Homepage: [link]
# Version: [app version] (3.1)
# Tested on: [Windows 10]

import socket
import sys

try:
server = b"192.168.56.102"
#\x00\x0a\x0d\x25
port = 80
size = 253
# msfvenom -p windows/shell_reverse_tcp...

Ubuntu Security Notice USN-6267-1

Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.

Red Hat Security Advisory 2023-4432-01

Red Hat Security Advisory 2023-4432-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Red Hat Security Advisory 2023-4431-01

Red Hat Security Advisory 2023-4431-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Red Hat Security Advisory 2023-4341-01

Red Hat Security Advisory 2023-4341-01 - Red Hat OpenShift bug fix and security update. Red Hat Product Security has rated this update as having a security impact of Low. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4429-01

Red Hat Security Advisory 2023-4429-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Red Hat Security Advisory 2023-4428-01

Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

EmpowerID 7.205.0.0 Authentication Bypass

EmpowerID versions 7.205.0.0 suffers from a vulnerability that allows an attacker to change a second factor flow armed with only the login and password for an account.

Red Hat Security Advisory 2023-4417-01

Red Hat Security Advisory 2023-4417-01 - CJose is C library implementing the Javascript Object Signing and Encryption.

Red Hat Security Advisory 2023-4310-01

Red Hat Security Advisory 2023-4310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-4312-01

Red Hat Security Advisory 2023-4312-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.46.

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4418-01

Red Hat Security Advisory 2023-4418-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

Red Hat Security Advisory 2023-4419-01

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4420-01

Red Hat Security Advisory 2023-4420-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 RPMs.

Stored XSS - Perch

Posted by Andrey Stoykov on Aug 01

# Exploit Title:
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 3.2
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com

XSS #1:

File: roles.edit.post.php

Line #57:

[...]
<div class="field-wrap <?php echo $Form->error('roleTitle', false);?>">
<?php echo $Form->label('roleTitle', 'Title'); ?>
<div class="form-entry">...

Pentest Paper - Introduction to Web Pentest

Posted by Andrey Stoykov on Aug 01

Just putting this for the new starters.

It is in two languages, Bulgarian and English.

https://drive.google.com/file/d/1mzYeratoSV82Oxaj_dYvu4fg7vSBuhE1/view
https://drive.google.com/file/d/1b8obLloMnmQGI1gqAablzuTyKOFBRZjb/view

Has basic configuration for Burpsuite Proxy, including basic exploitation
of XSS, SQLi, CSRF and Open redirect.

Has brief theory explanation prior to showing how to exploit each flaw.

Kind Regards,
Andrey Stoykov

Unauthorized MFA Code Delivery in EmpowerID

Posted by Patel, Nirav on Aug 01

Severity: High

Description:

An identified security flaw is present in EmpowerID versions V7.205.0.0 and prior versions, causing the system to
mistakenly send Multi-Factor Authentication (MFA) codes to unintended email addresses. To exploit this vulnerability,
an attacker would need to have access to valid and breached login details, including a username and password.

This vulnerability's root cause lies in insufficient verification of...

CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated)

Posted by Rick Verdoes via Fulldisclosure on Aug 01

=========================
Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)
Product: Gaia Portal
Vendor: Checkpoint
Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198
Tested Version: R81.10 (take 335)
Advisory Publication: July 27, 2023
Latest Update: July 72, 2023
Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]
CVE...

Trovent Security Advisory 2303-01 / CVE-2023-36255 / Authenticated remote code execution in Eramba

Posted by Stefan Pietsch on Aug 01

# Trovent Security Advisory 2303-01 #
#####################################

Authenticated remote code execution in Eramba
#############################################

Overview
########

Advisory ID: TRSA-2303-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2303-01
Affected product: Eramba
Affected version: 3.19.1 (Enterprise and Community edition)
Vendor: Eramba Limited,...

ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability

Posted by info () vulnerability-lab com on Aug 01

Document Title:
===============
ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2327

Release Date:
=============
2023-07-26

Vulnerability Laboratory ID (VL-ID):
====================================
2327

Common Vulnerability Scoring System:
====================================
4.6

Vulnerability Class:
====================...

Ubuntu Security Notice USN-6266-1

Ubuntu Security Notice 6266-1 - Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element.

Red Hat Security Advisory 2023-4411-01

Red Hat Security Advisory 2023-4411-01 - CJose is C library implementing the Javascript Object Signing and Encryption.

Red Hat Security Advisory 2023-4410-01

Red Hat Security Advisory 2023-4410-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Ubuntu Security Notice USN-6263-1

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

Red Hat Security Advisory 2023-4409-01

Red Hat Security Advisory 2023-4409-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Red Hat Security Advisory 2023-4408-01

Red Hat Security Advisory 2023-4408-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.