Ubuntu Security Notice 6915-1 - It was discovered that poppler incorrectly handled certain malformed PDF. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6915-1  
July 24, 2024

poppler vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS

Summary:

poppler could be made to denial of service if it opened a specially crafted PDF.

Software Description:  
- poppler: PDF rendering library

Details:

It was discovered that poppler incorrectly handled certain malformed PDF.  
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  libpoppler134                   24.02.0-1ubuntu9.1  
  poppler-utils                   24.02.0-1ubuntu9.1

Ubuntu 22.04 LTS  
  libpoppler118                   22.02.0-2ubuntu0.5  
  poppler-utils                   22.02.0-2ubuntu0.5

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6915-1  
  CVE-2024-6239

Package Information:  
  https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.1  
  https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.5

Ubuntu Security Notice USN-6915-1

Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

**Multi Store Inventory Management System 1.0 Insecure Direct Object Reference**

Posted Jul 25, 2024

Authored by indoushka

Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 32be0fec962b67faf38d315a9d6d5a0c83204e2e599b0319b92fa81fc435926a

Download | Favorite | View

**Multi Store Inventory Management System 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Multi Store Inventory Management System v1.0 IDOR Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/multistore_demo/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,131)
*   Arbitrary (16,828)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,001)
*   Encryption (2,389)
*   Exploit (53,073)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,169)
*   Local (14,774)
*   Magazine (586)
*   Overflow (13,149)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,616)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,588)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,903)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,527)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,402)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,689)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Multi Store Inventory Management System 1.0 Insecure Direct Object Reference

Ubuntu Security Notice 6912-1 - James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges.

    ==========================================================================Ubuntu Security Notice USN-6912-1July 24, 2024provd vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:provd could be made to run programs as an administrator.Software Description:- provd: Ubuntu Desktop Provision init backendDetails:James Henstridge discovered that provd incorrectly handled environmentvariables. A local attacker could possibly use this issue to run arbitraryprograms and escalate privileges.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   provd                           0.1.2+24.04In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6912-1   CVE-2024-6714,https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574Package Information:   https://launchpad.net/ubuntu/+source/provd/0.1.2+24.04

Ubuntu Security Notice USN-6912-1

Ubuntu Security Notice 6906-1 - It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6906-1  
July 24, 2024

python-zipp vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

python-zipp could be made to crash if certain zip files are used.

Software Description:  
- python-zipp: pathlib-compatible Zipfile object wrapper - Python 3.x

Details:

It was discovered that python-zipp did not properly handle the zip files  
with malformed names. An attacker could possibly use this issue to cause a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   python3-zipp                    1.0.0-6ubuntu0.1

Ubuntu 22.04 LTS  
   python3-zipp                    1.0.0-3ubuntu0.1

Ubuntu 20.04 LTS  
   pypy-zipp                       1.0.0-1ubuntu0.1  
   python-zipp                     1.0.0-1ubuntu0.1  
   python3-zipp                    1.0.0-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6906-1  
   CVE-2024-5569

Package Information:  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-6ubuntu0.1  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-3ubuntu0.1  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-1ubuntu0.1

Ubuntu Security Notice USN-6906-1

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

**SIM Wisuda 1.0 Insecure Direct Object Reference**

Posted Jul 24, 2024

Authored by indoushka

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 7fed84c74a95aca63927ebf377895e9a07606b145886012809d45f932101a348

Download | Favorite | View

**SIM Wisuda 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : SIM Wisuda v1.0 IDOR Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://academic.uii.ac.id/wisuda/                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /login/apps/?menu=Lulusan[+] https://www/127.0.0.1/wisuda.uika-bogor.ac.id/login/apps/?menu=LulusanGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,109)
*   Arbitrary (16,828)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,779)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,997)
*   Encryption (2,389)
*   Exploit (53,065)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,167)
*   Local (14,774)
*   Magazine (586)
*   Overflow (13,149)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,613)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,271)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,588)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,900)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,505)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,383)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,686)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

SIM Wisuda 1.0 Insecure Direct Object Reference

Ubuntu Security Notice 6910-1 - Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Peter Stoeckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6910-1  
July 23, 2024

activemq vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Apache ActiveMQ.

Software Description:  
- activemq: Java message broker - server

Details:

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain  
commands. A remote attacker could possibly use this issue to terminate  
the program, resulting in a denial of service. This issue only affected  
Ubuntu 16.04 LTS. (CVE-2015-7559)

Peter Stöckli discovered that Apache ActiveMQ incorrectly handled  
hostname verification. A remote attacker could possibly use this issue  
to perform a person-in-the-middle attack. This issue only affected Ubuntu  
16.04 LTS. (CVE-2018-11775)

Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache  
ActiveMQ incorrectly handled authentication in certain functions.  
A remote attacker could possibly use this issue to perform a  
person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,  
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920)

Gregor Tudan discovered that Apache ActiveMQ incorrectly handled  
LDAP authentication. A remote attacker could possibly use this issue  
to acquire unauthenticated access. This issue only affected Ubuntu 16.04  
LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26117)

It was discovered that Apache ActiveMQ incorrectly handled  
authentication. A remote attacker could possibly use this issue to run  
arbitrary code. (CVE-2022-41678)

It was discovered that Apache ActiveMQ incorrectly handled  
deserialization. A remote attacker could possibly use this issue to run  
arbitrary shell commands. (CVE-2023-46604)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
   activemq                        5.16.1-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.16.1-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS  
   activemq                        5.15.11-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.15.11-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS  
   activemq                        5.15.8-2~18.04.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.15.8-2~18.04.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   activemq                        5.13.2+dfsg-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.13.2+dfsg-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6910-1  
   CVE-2015-7559, CVE-2018-11775, CVE-2020-13920, CVE-2021-26117,  
   CVE-2022-41678, CVE-2023-46604

Ubuntu Security Notice USN-6910-1

Ubuntu Security Notice 6530-2 - Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

    ==========================================================================Ubuntu Security Notice USN-6530-2July 23, 2024haproxy vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:HAProxy could be made to expose sensitive information.Software Description:- haproxy: fast and reliable load balancing reverse proxyDetails:Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handledURI components containing the hash character (#). A remote attacker couldpossibly use this issue to obtain sensitive information, or to bypasscertain path_end rules.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   haproxy                         1.8.8-1ubuntu0.13+esm2                                   Available with Ubuntu ProUbuntu 16.04 LTS   haproxy                         1.6.3-1ubuntu0.3+esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6530-2   https://ubuntu.com/security/notices/USN-6530-1   CVE-2023-45539

Ubuntu Security Notice USN-6530-2

Ubuntu Security Notice 6907-1 - Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6907-1  
July 23, 2024

squid, squid3 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Squid could be made to crash if it processed specially crafted characters.

Software Description:  
- squid: Web proxy cache server  
- squid3: Web proxy cache server

Details:

Joshua Rogers discovered that Squid did not properly handle multi-byte  
characters during Edge Side Includes (ESI) processing. A remote attacker  
could possibly use this issue to cause a memory corruption error, leading  
to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   squid                           6.6-1ubuntu5.1

Ubuntu 22.04 LTS  
   squid                           5.9-0ubuntu0.22.04.2

Ubuntu 20.04 LTS  
   squid                           4.10-1ubuntu1.13

Ubuntu 18.04 LTS  
   squid                           3.5.27-1ubuntu1.14+esm3  
                                   Available with Ubuntu Pro  
   squid3                          3.5.27-1ubuntu1.14+esm3  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   squid                           3.5.12-1ubuntu7.16+esm4  
                                   Available with Ubuntu Pro  
   squid3                          3.5.12-1ubuntu7.16+esm4  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6907-1  
   CVE-2024-37894

Package Information:  
   https://launchpad.net/ubuntu/+source/squid/6.6-1ubuntu5.1  
   https://launchpad.net/ubuntu/+source/squid/5.9-0ubuntu0.22.04.2  
   https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.13

Ubuntu Security Notice USN-6907-1

Ubuntu Security Notice 6911-1 - Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6911-1  
July 23, 2024

nova vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Nova would allow unintended access to files over the network.

Software Description:  
- nova: OpenStack Compute cloud infrastructure

Details:

Arnaud Morin discovered that Nova incorrectly handled certain raw format  
images. An authenticated user could use this issue to access arbitrary  
files on the server, possibly exposing sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   nova-common                     3:29.0.1-0ubuntu1.4  
   python3-nova                    3:29.0.1-0ubuntu1.4

Ubuntu 22.04 LTS  
   nova-common                     3:25.2.1-0ubuntu2.6  
   python3-nova                    3:25.2.1-0ubuntu2.6

Ubuntu 20.04 LTS  
   nova-common                     2:21.2.4-0ubuntu2.11  
   python3-nova                    2:21.2.4-0ubuntu2.11

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6911-1  
   CVE-2024-40767

Package Information:  
   https://launchpad.net/ubuntu/+source/nova/3:29.0.1-0ubuntu1.4  
   https://launchpad.net/ubuntu/+source/nova/3:25.2.1-0ubuntu2.6  
   https://launchpad.net/ubuntu/+source/nova/2:21.2.4-0ubuntu2.11

Ubuntu Security Notice USN-6911-1

Ubuntu Security Notice 6908-1 - It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6908-1  
July 23, 2024

tomcat vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Tomcat.

Software Description:  
- tomcat7: Servlet 3.0 and JSP 2.2 Java API classes

Details:

It was discovered that the Tomcat SSI printenv command echoed user  
provided data without escaping it. An attacker could possibly use this  
issue to perform an XSS attack. (CVE-2019-0221)

It was discovered that Tomcat incorrectly handled certain uncommon  
PersistenceManager with FileStore configurations. A remote attacker could  
possibly use this issue to execute arbitrary code.  
(CVE-2020-9484, CVE-2021-25329)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
libservlet3.0-java 7.0.78-1ubuntu0.1~esm1  
Available with Ubuntu Pro

Ubuntu 16.04 LTS  
libservlet3.0-java 7.0.68-1ubuntu0.4+esm2  
Available with Ubuntu Pro  
libtomcat7-java 7.0.68-1ubuntu0.4+esm2  
Available with Ubuntu Pro  
tomcat7 7.0.68-1ubuntu0.4+esm2  
Available with Ubuntu Pro

Ubuntu 14.04 LTS  
libservlet3.0-java 7.0.52-1ubuntu0.16+esm1  
Available with Ubuntu Pro  
libtomcat7-java 7.0.52-1ubuntu0.16+esm1  
Available with Ubuntu Pro  
tomcat7 7.0.52-1ubuntu0.16+esm1  
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6908-1  
CVE-2019-0221, CVE-2020-9484, CVE-2021-25329

Tag

#ubuntu