Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.

@@ -0,0 +1,30 @@

<?php

  

namespace App\\Http\\Middleware;

  

use Closure;

use Illuminate\\Http\\Request;

use Illuminate\\Support\\Facades\\Auth;

  

class VerifyUserEnabled

{

/\*\*

\* Handle an incoming request.

\*

\* @param \\Illuminate\\Http\\Request $request

\* @param \\Closure(\\Illuminate\\Http\\Request): (\\Illuminate\\Http\\Response|\\Illuminate\\Http\\RedirectResponse) $next

\* @return \\Illuminate\\Http\\Response|\\Illuminate\\Http\\RedirectResponse

\*/

public function handle(Request $request, Closure $next)

{

if (Auth::check() && ! Auth::user()->enabled) {

Auth::logout();

$request\->session()->invalidate();

$request\->session()->regenerateToken();

  

return redirect()->route('login')->withErrors(\['msg' => \_\_('auth.disabled')\]);

}

  

return $next($request);

}

}

CVE-2022-4070: Block disabled user session auth · librenms/librenms@ce8e5f3

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

The solution for these vulnerabilities is to upgrade the Pulse Connect Secure and Pulse Policy Secure server software version to the 9.1R8. This following PCS/PPS version can be downloaded from https://my.pulsesecure.net.

Note:  The following vulnerabilities are server-side fixes only.  There is no need to upgrade the Pulse Desktop Client to resolve or mitigate the following issues. 

**CVE**

**CVSS Score (V3)**

**Summary**

CVE-2020-8206

8.1 High CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attacker can bypass the Google TOTP, if the primary credentials are exposed to attacker.   
NOTE: If PCS TOTP Auth Server is configured as Remote Server, both PCS should need to be upgraded.

CVE-2020-8218

7.2 High CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Authenticated attacker via the admin web interface can crafted URI to perform an arbitrary code execution

CVE-2020-8221

6.8 Medium CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Authenticated attacker via the administrator web interface can read arbitrary files. 

CVE-2020-8222

6.8 Medium CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Authenticated attacker via the administrator web interface can perform an arbitrary file reading vulnerability through Meeting.

CVE-2020-8219

6.6 Medium CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

A user administrator can change the password of a full Administrator.

CVE-2020-8220

6.5 Medium CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Authenticated attacker via the administrator web interface can perform command injection that cause DOS.

CVE-2020-12880

6.2 Medium  
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An insider malicious actor can manipulate kernel boot parameter to gain the root access of VA Appliances

CVE-2019-11507

6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

DOM-based link manipulation vulnerability found in the PSAL Download Page.

CVE-2020-8204

6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A Cross site scripting issue (XSS) has been found in URL used for PSAL Page.

CVE-2018-19519

5.5 Medim  
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Authenticated attacker via the administrator web interface can perform a stack-based buffer attack.

CVE-2020-8217

5.5 Medium CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

A Cross site scripting issue (XSS) has been found in URL used for Citrix ICA.

CVE-2020-8216

3.7 LOW CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

A vulnerability in meeting of Pulse Connect Secure allow an authenticated end-users to find meeting details, if they know the Meeting ID.

CVE-2020-15408

3.7 Low CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Authenticated attacker via the end user web interface access admin page console through rewrite.

 

_Document History:_  
July 27, 2020 - Initial advisory posted and software was posted to the Download Center.  
July 28, 2020 - Adding information the following issues is not applicable to Pulse Desktop Client.  
Jan 7, 2020 - Adding additional information for CVE-2020-8206.

**LEGAL DISCLAIMER**

*   THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HERE FROM IS AT THE USER’S OWN RISK.  PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
*   A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS.  THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.

CVE-2020-8218: Public KB - SA44516 - 2020-07: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure

A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.

    ==21053==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6160000014bb at pc 0x000000755961 bp 0x7ffe38d0c080 sp 0x7ffe38d0c078
    READ of size 1 at 0x6160000014bb thread T0
        #0 0x755960 in acc_ua_get_be32(void const*) /src/upx-multi/src/./miniacc.h:6099:12
        #1 0x755960 in get_be32(void const*) /src/upx-multi/src/./bele.h:78:12
        #2 0x755960 in N_BELE_RTP::BEPolicy::get32(void const*) const /src/upx-multi/src/./bele_policy.h:115:18
        #3 0x58a254 in Packer::get_te32(void const*) const /src/upx-multi/src/./packer.h:296:65
        #4 0x58a254 in PackLinuxElf32::invert_pt_dynamic(N_Elf::Dyn<N_Elf::ElfITypes<LE16, LE32, LE32, LE32, LE32> > const*) /src/upx-multi/src/p_lx_elf.cpp:1601:32
        #5 0x588959 in PackLinuxElf32::PackLinuxElf32help1(InputFile*) /src/upx-multi/src/p_lx_elf.cpp:305:13
        #6 0x5d70d4 in PackLinuxElf32Be::PackLinuxElf32Be(InputFile*) /src/upx-multi/src/./p_lx_elf.h:385:9
        #7 0x5d70d4 in PackLinuxElf32armBe::PackLinuxElf32armBe(InputFile*) /src/upx-multi/src/p_lx_elf.cpp:4969:58
        #8 0x6e50c0 in PackMaster::visitAllPackers(Packer* (*)(Packer*, void*), InputFile*, options_t const*, void*) /src/upx-multi/src/packmast.cpp:196:9
        #9 0x6e8ff1 in PackMaster::getUnpacker(InputFile*) /src/upx-multi/src/packmast.cpp:248:18
        #10 0x6e8ff1 in PackMaster::unpack(OutputFile*) /src/upx-multi/src/packmast.cpp:266:9
        #11 0x75826b in do_one_file(char const*, char*) /src/upx-multi/src/work.cpp:160:12
        #12 0x7597c2 in do_files(int, int, char**) /src/upx-multi/src/work.cpp:271:13
        #13 0x555aed in main /src/upx-multi/src/main.cpp:1538:5
        #14 0x7fcbbeced83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
        #15 0x41ce98 in _start (/out/upx-multi/upx-multi+0x41ce98)
    
    0x6160000014bb is located 4 bytes to the right of 567-byte region [0x616000001280,0x6160000014b7)
    allocated by thread T0 here:
        #0 0x49519d in malloc (/out/upx-multi/upx-multi+0x49519d)
        #1 0x569797 in MemBuffer::alloc(unsigned long long) /src/upx-multi/src/mem.cpp:194:42
    
    SUMMARY: AddressSanitizer: heap-buffer-overflow /src/upx-multi/src/./miniacc.h:6099:12 in acc_ua_get_be32(void const*)
    Shadow bytes around the buggy address:
      0x0c2c7fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c2c7fff8250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c2c7fff8260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c2c7fff8270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c2c7fff8280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    =>0x0c2c7fff8290: 00 00 00 00 00 00 07[fa]fa fa fa fa fa fa fa fa
      0x0c2c7fff82a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c2c7fff82b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c2c7fff82c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c2c7fff82d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c2c7fff82e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==21053==ABORTING
    
    

    upx 4.0.0-git-87b73e5cfdc1+
    UCL data compression library 1.03
    zlib data compression library 1.2.8
    LZMA SDK version 4.43
    Copyright (C) 1996-2020 Markus Franz Xaver Johannes Oberhumer
    Copyright (C) 1996-2020 Laszlo Molnar
    Copyright (C) 2000-2020 John F. Reiser
    Copyright (C) 2002-2020 Jens Medoch
    Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler
    Copyright (C) 1999-2006 Igor Pavlov
    UPX comes with ABSOLUTELY NO WARRANTY; for details t

CVE-2020-27799: Heap buffer overflow in acc_ua_get_be32() · Issue #391 · upx/upx

A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

    ==21202==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62f00000c530 at pc 0x00000058b076 bp 0x7ffdc9ecf670 sp 0x7ffdc9ecf668
    READ of size 4 at 0x62f00000c530 thread T0
        #0 0x58b075 in PackLinuxElf32::invert_pt_dynamic(N_Elf::Dyn<N_Elf::ElfITypes<LE16, LE32, LE32, LE32, LE32> > const*) /src/upx-multi/src/p_lx_elf.cpp:1676:25
        #1 0x588959 in PackLinuxElf32::PackLinuxElf32help1(InputFile*) /src/upx-multi/src/p_lx_elf.cpp:305:13
        #2 0x5d5e74 in PackLinuxElf32Le::PackLinuxElf32Le(InputFile*) /src/upx-multi/src/./p_lx_elf.h:395:9
        #3 0x5d5e74 in PackLinuxElf32x86::PackLinuxElf32x86(InputFile*) /src/upx-multi/src/p_lx_elf.cpp:4838:54
        #4 0x5d6261 in PackBSDElf32x86::PackBSDElf32x86(InputFile*) /src/upx-multi/src/p_lx_elf.cpp:4855:50
        #5 0x5d6261 in PackFreeBSDElf32x86::PackFreeBSDElf32x86(InputFile*) /src/upx-multi/src/p_lx_elf.cpp:4866:58
        #6 0x6e4460 in PackMaster::visitAllPackers(Packer* (*)(Packer*, void*), InputFile*, options_t const*, void*) /src/upx-multi/src/packmast.cpp:190:9
        #7 0x6e8ff1 in PackMaster::getUnpacker(InputFile*) /src/upx-multi/src/packmast.cpp:248:18
        #8 0x6e8ff1 in PackMaster::unpack(OutputFile*) /src/upx-multi/src/packmast.cpp:266:9
        #9 0x75826b in do_one_file(char const*, char*) /src/upx-multi/src/work.cpp:160:12
        #10 0x7597c2 in do_files(int, int, char**) /src/upx-multi/src/work.cpp:271:13
        #11 0x555aed in main /src/upx-multi/src/main.cpp:1538:5
        #12 0x7efe5d03d83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
        #13 0x41ce98 in _start (/out/upx-multi/upx-multi+0x41ce98)
    
    0x62f00000c532 is located 0 bytes to the right of 49458-byte region [0x62f000000400,0x62f00000c532)
    allocated by thread T0 here:
        #0 0x49519d in malloc (/out/upx-multi/upx-multi+0x49519d)
        #1 0x569797 in MemBuffer::alloc(unsigned long long) /src/upx-multi/src/mem.cpp:194:42
    
    SUMMARY: AddressSanitizer: heap-buffer-overflow /src/upx-multi/src/p_lx_elf.cpp:1676:25 in PackLinuxElf32::invert_pt_dynamic(N_Elf::Dyn<N_Elf::ElfITypes<LE16, LE32, LE32, LE32, LE32> > const*)
    Shadow bytes around the buggy address:
      0x0c5e7fff9850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c5e7fff9860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c5e7fff9870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c5e7fff9880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c5e7fff9890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    =>0x0c5e7fff98a0: 00 00 00 00 00 00[02]fa fa fa fa fa fa fa fa fa
      0x0c5e7fff98b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c5e7fff98c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c5e7fff98d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c5e7fff98e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c5e7fff98f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==21202==ABORTING
    

    upx 4.0.0-git-87b73e5cfdc1+
    UCL data compression library 1.03
    zlib data compression library 1.2.8
    LZMA SDK version 4.43
    Copyright (C) 1996-2020 Markus Franz Xaver Johannes Oberhumer
    Copyright (C) 1996-2020 Laszlo Molnar
    Copyright (C) 2000-2020 John F. Reiser
    Copyright (C) 2002-2020 Jens Medoch
    Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler
    Copyright (C) 1999-2006 Igor Pavlov
    UPX comes with ABSOLUTELY NO WARRANTY; for details t

CVE-2020-27796: Heap buffer overflow in PackLinuxElf32::invert_pt_dynamic · Issue #392 · upx/upx

As the US reconfigures its rules on abortion after the overturning of Roe v Wade, our podcast guests explain how to keep your data private.
The post In post-Roe US, experts share how to keep your data private appeared first on Malwarebytes Labs.

In the weeks since the Supreme Court of the United States removed a nationwide right to choose to have an abortion, millions of Americans have been forced to relearn what is and isn’t safe to do online, as their actions, words, and choices—many of which are tracked digitally—could potentially be used as evidence of wrongdoing in the future.

Complicating the matter is that, immediately after the Court released its decision on June 24, cybersecurity experts and novices alike flooded social media with a brand-new set of rules for those seeking and supporting abortions: Delete your period-tracking app, use a “burner” phone when attending a protest, change how you search for abortion providers, download a new secure messenger app, maybe download entirely new online tools altogether.

Pretty much, change your life.

But according to Cooper Quintin, senior staff technologist with Electronic Frontier Foundation, some of the more common pieces of advice that were first spread online, while well-intentioned, are not entirely practical or useful.

“The advice to delete your period-tracking app or use a burner phone, I think just completely misses the mark,” Quintin said on the latest episode of the Lock and Code podcast from Malwarebytes. “It’s somehow both an oversimplification and an over-complication, and \[it\] completely fails to understand the threats that people seeking abortions are actually facing.”

On Lock and Code last week, we discussed those exact threats with Quintin and his colleague, staff attorney Saira Hussain. The full discussion, which can be heard below, reveals how the Supreme Court’s most recent decision could impact data privacy practices for millions of people in the United States.

Underpinning much of this potential shift in data privacy is, of course, the new, legal uncertainty sweeping across the country.  

Myriad, statewide legislative efforts to ban abortion outright or to place new restrictions around it have moved forward, with neighboring states sometimes implementing different rules just miles apart. In Alabama, South Dakota, Arkansas, and Missouri, abortion is now banned with no exceptions for rape or incest, and in North Dakota, Tennessee, and Wyoming, similarly broad abortion bans are expected this summer. But in Louisiana, Kentucky, and Utah, wide-ranging abortion bans been challenged in court, with judges in each state placing temporary holds on those laws before they may go into effect.

How these laws will overlap, or how individual states will enforce their own laws across state lines—if at all—is unknown, Hussain said.

“This is what legal experts and reproductive rights experts have been warning about for years—that our system is not equipped to handle issues like this,” Hussain said on the podcast, explaining that the federal right to choose to have an abortion at least provided somewhat a bulwark against decades of state interventions to restrict and limit access to abortions. “Now, all of that has been undone, and the entire question of whether somebody can seek an abortion or somebody can help provide abortion services has been left entirely to the states.”

Succinctly, Hussain warned: “It’s essentially legal chaos.”

With few answers on what will and won’t be explicitly illegal, both Hussain and Quintin shared the following, key pieces of advice on Lock and Code for those who are worried about how to secure their reproductive choices:

*   Above all else, limit any sensitive information that you share with others and that you store on your own devices.
*   Practice extra caution on social media and don’t post about seeking or providing abortion services.
*   Use a privacy-preserving search engine that won’t record your history when looking up abortion services.
*   Use a secure messenger app with disappearing messages when discussing abortion with friends or family.
*   Read the resources on abortion and reproductive health privacy provided by Digital Defense Fund and Electronic Frontier Foundation.

The next year in America could include not only a test of legal theories, but of data privacy, as law enforcement agencies will potentially rely on forms of data that are everywhere around them but that, at least until now, have not been used at an immense scale to prove whether or not someone obtained or performed an abortion.

For Hussain, the lack of clarity is worrying.

“We don’t know what the landscape will look like in this post-Roe world, but as a privacy attorney, I’m deeply concerned about the surveillance tools that law enforcement will use to investigate alleged abortions.”

****It’s about more than period-tracking apps****

The weekend after the Supreme Court issued its decision in Dobbs v. Jackson Women’s Health Organization, users of period-tracking apps scrambled to either delete their data or find a way to lock it down. The companies that make period-tracking apps themselves also responded to the new landscape, with at least one company promising to provide an anonymous mode for users so that any legal requests for user data could not meaningfully be fulfilled.

On Lock and Code, Quintin said that, while the supposed catch-all advice for users to delete period-tracking apps lacks some nuance, the concern around these apps makes sense.

“The reason that people are worried about period-tracking apps, in specific, is that these apps are collecting a ton of data about you, which, could potentially be used to prove that you were at some point pregnant, and then, at some point, stopped being pregnant, without actually having a child,” Quintin said.

But, Quintin added, “period-tracking apps aren’t the only apps that are problematic.”

“The fact is that the majority of apps are harvesting data about you. Location data, data that you put into the apps, personal data. And that data is being fed to data brokers, to people who sell location data, to advertisers, to analytics companies, and we’re building these giant warehouses of data that could eventually be trawled through by law enforcement for dragnet searches.”

In recent years, this data has been used to not only reveal pregnancies and advertise around them, but to also target those who potentially considered receiving an abortion.

In 2012, the New York Times reported that a teenager’s pregnancy had been revealed to her father because of her shopping habits at Target. By analyzing the teenager’s recently purchased items, Target determined that she was likely pregnant and then, as a follow up, sent coupons to her home for things like cribs and baby clothes.

In 2015, the evangelical adoption agency Bethany Christian Services, which opposes abortion, found a way to send anti-abortion ads to the phones of women who physically visited Planned Parenthood locations.

In 2016, after a woman diligently tracked her pregnancy in a pregnancy-tracking app, she miscarried. But along the way, the app she used had been sharing her data with marketing groups. But her miscarriage, which she also reported, was not shared with those same groups, and so, weeks before what would have been her due date, she received a package of baby formula in the mail, under a likely assumption that all pregnancies end the same way, with a baby.

Though the stories could alarm people, Quintin and Hussain stressed that this type of algorithmic data matching is far from the norm for how most abortions are revealed. Instead of any behind-the-scenes technology, Hussain said that when law enforcement have investigated an allegedly illegal abortion, they have first been tipped off by an informant.

Quintin added:

“If you talk to the people on the front lines of the abortion fight, they’ll tell you that the way people are being prosecuted right now is first and foremost through informants. Friends, family, spouses, medical professionals—who disagree with their decision—deciding to notify law enforcement.”

Once an informant has shared information with law enforcement, then, Quintin said, will “secondary evidence come into play.” That includes things like Google search history, posts and direct messages on social media, text messages, and emails.

“Those pieces of information are what’s being used to build a case and convict somebody, typically after they’ve already been informed on,” Quintin said.

To limit that information, our guests offered several recommendations.

****Limit your circle of trust****

Both Hussain and Quintin emphasized that one of the most important things that people can do right now to secure their reproductive choices is to limit their circle of trust. That means that people should be careful with any online and digital interactions that could reveal whether or not they plan to get an abortion.

In practice, Quintin said that means not posting about getting an abortion or providing abortion services on social media. That also means not talking about the same topics over text messages.

But the information shared with other people isn’t the only type of information that should be locked down, said Quintin. People concerned with their digital privacy should also find ways to limit the data they have on their own devices that could be used as evidence by law enforcement.

For starters, people can look up abortion services using a search engine that does not record their search history, Quintin said, naming the service DuckDuckGo.

Second, people can also download a secure messenger app with disappearing messages, so that even if people are discussing abortion options with one another, the messages themselves will disappear. Here, Quintin named the end-to-end encrypted app Signal.

Quintin stressed that these are not necessarily easy changes to make, as many are based on changing a person’s behavior as much as they are about adopting new technologies. In a society that has trained the public to broadcast so many parts of their day-to-day lives, choosing silence can be unfamiliar, Quintin said, and that includes the many individuals who are merely trying to show support on social media even if they are not personally considering an abortion.

“I think part of the reason people are doing this, and part of what’s so hard right now, is that ever since social media has become ubiquitous in our culture, we’ve been incentivized into sort of shout about everything we do,” Quintin said. “The culture has shifted to be one of always saying what you’re doing.”

But Quintin stressed the importance of this moment to change habits and to opt for saying less online. Not only could these posts get people in trouble, Quintin said, but they could also make it harder for people to find help from the organizations that are already doing this work and have been doing it, quietly, for years.

“I think that shouting that you have a whisper network is not the way to go about this,” Quintin said.

This video cannot be displayed because your _Functional Cookies_ are currently disabled.

To enable them, please visit our _privacy policy_ and search for the Cookies section. Select _“Click Here”_ to open the Privacy Preference Center and select _“Functional Cookies”_ in the menu. You can switch the tab back to _“Active”_ or disable by moving the tab to _“Inactive.”_ Click _“Save Settings.”_

In post-Roe US, experts share how to keep your data private

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-45102

Dell Data Protection Central versions 19.1 through 19.7 contain a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary 'Host' header values to poison a web cache or trigger redirections. 

5.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-45102

Dell Data Protection Central versions 19.1 through 19.7 contain a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary 'Host' header values to poison a web cache or trigger redirections. 

5.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Data Protection Central

19.1

19.8

To upgrade your Dell Data Protection Central system, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions.

See the latest 'Data Protection Central OS Update' file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.

See the latest 'Data Protection Central OS Updates Release Notes' in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.

19.2

19.8

19.3

19.8

19.4

19.8

19.5

19.8

19.6

19.8

19.7

19.8

PowerProtect DP Series Appliance (Integration Data Protection Appliance)

2.5

2.7.x

To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions.

See the latest 'Data Protection Central OS Update' file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.

See the latest 'Data Protection Central OS Updates Release Notes' in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.

2.6.x

2.7.x

2.7.x

2.7.x

 

 

**NOTE:** For PowerProtect DP Series Appliance (Integration Data Protection Appliance), the appliance should first be upgraded to any 2.7.x version (version 2.7.2 is preferred) and then the previously mentioned Data Protection Central patch should be applied.

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Data Protection Central

19.1

19.8

To upgrade your Dell Data Protection Central system, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions.

See the latest 'Data Protection Central OS Update' file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.

See the latest 'Data Protection Central OS Updates Release Notes' in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.

19.2

19.8

19.3

19.8

19.4

19.8

19.5

19.8

19.6

19.8

19.7

19.8

PowerProtect DP Series Appliance (Integration Data Protection Appliance)

2.5

2.7.x

To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions.

See the latest 'Data Protection Central OS Update' file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.

See the latest 'Data Protection Central OS Updates Release Notes' in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.

2.6.x

2.7.x

2.7.x

2.7.x

 

 

**NOTE:** For PowerProtect DP Series Appliance (Integration Data Protection Appliance), the appliance should first be upgraded to any 2.7.x version (version 2.7.2 is preferred) and then the previously mentioned Data Protection Central patch should be applied.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-12-15

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

PowerProtect Data Protection Appliance, Data Protection Central, PowerProtect Data Protection Software

15 jouluk. 2022

CVE-2022-45102: DSA-2022-348: Dell Data Protection Central Security Update for Proprietary Code Vulnerability

Car parts provider Advance Auto Parts seems to be the next victim of a major data breach related to cloud provider Snowflake.

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers.

Allegedly the customer data includes:

*   Names
*   Email addresses
*   Phone numbers
*   Physical address
*   Orders
*   Loyalty and gas card numbers
*   Sales history

The data set allegedly also includes information about 358,000 employees and candidates—which is a lot more than are currently employed by Advance Auto Parts (69,000 in 2023).

The cybercriminal is asking $1.5 Million for the data set.

Cybercriminal offering Advance Auto Parts data for sale

Advance Auto Parts has not disclosed any information about a possible data breach and has not responded to inquiries. But BleepingComputer confirms that a large number of the Advance Auto Parts sample customer records are legitimate.

Interestingly enough, the seller claims in their post that the data comes from Snowflake, a cloud company used by thousands of companies to manage their data. On May 31st, Snowflake said it had recently observed and was investigating an increase in cyber threat activity targeting some of its customers’ accounts. It didn’t mention which customers.

At the time, everybody focused on Live Nation / Ticketmaster, another client of Snowflake which said it had detected unauthorized activity within a “third-party cloud database environment” containing company data.

The problem allegedly lies in the fact that Snowflake lets each customer manage the security of their environments, and does not enforce multi-factor authentication (MFA).

Online media outlet TechCrunch says it has:

> “Seen hundreds of alleged Snowflake customer credentials that are available online for cybercriminals to use as part of hacking campaigns, suggesting that the risk of Snowflake customer account compromises may be far wider than first known.”

TechCrunch also says it found more than 500 credentials containing employee usernames and passwords, along with the web addresses of the login pages for Snowflake environments, belonging to Santander, Ticketmaster, at least two pharmaceutical giants, a food delivery service, a public-run freshwater supplier, and others.

Meanwhile, Snowflake has urged its customers to immediately switch on MFA for their accounts.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**Check your exposure**

While the Advance Auto Parts data has yet to be confirmed, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Advance Auto Parts customer data posted for sale 

fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.

Detail:  
![2](https://user-images.githubusercontent.com/54835964/139025297-0b560dac-053e-4c5d-81ab-458d303b01eb.png)  
\`image.png  
POST /fastadmin/public/UCAdNKmOnG.php/ajax/upload HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0  
Accept: application/json  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
Cache-Control: no-cache  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data; boundary=---------------------------261389892721156981001433602982  
Content-Length: 23583  
Origin: http://localhost  
Connection: close  
Cookie: Phpstorm-40b5128e=37cc58fa-2924-474e-95a3-1066d7c6bcfd; PHPSESSID=obk19k61dd4jmat3ljhkihr00h; think\_var=zh-cn  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin

\-----------------------------261389892721156981001433602982  
Content-Disposition: form-data; name="file"; filename="1.png"  
Content-Type: image/png

�PNG  
�  
\`  
application/common/library/Upload.php Line 312:  
![3](https://user-images.githubusercontent.com/54835964/139025532-f34122ca-5fb7-42b3-bb5a-cb39884d8c71.png)  
Four method ,analyse one by one  
application/common/library/Upload.php#checkSize Line 120: check upload file size is not bigger than default  
![4](https://user-images.githubusercontent.com/54835964/139025581-e5ad7711-aba7-4573-99b1-a9ebea8f67bc.png)  
application/common/library/Upload.php#checkExecutable Line 82: PHP file and HTML file is not allowed to upload  
![5](https://user-images.githubusercontent.com/54835964/139025627-1c83d3c3-53d6-4a19-99be-8d6b287ff2e9.png)  
application/common/library/Upload.php#checkMimetype Line 91: check file type,$mimetypeArr is default value,$mimetypeArr =$this->config\['mimetype'\]=\[jpg,png,bmp,jpeg,gif,zip,rar,xls,xlsx,wav,mp4,mp3,pdf\],file type must in this array  
![6](https://user-images.githubusercontent.com/54835964/139025689-61d2a197-d85e-4450-bb2a-2e21ae6069b1.png)  
application/common/library/Upload.php#checkImage Line 103:check upload file is a picture,because judgment is logical or,as long as type value in\_array return true,we can upload other PHP suffix file that can be parsed，such as php5,phtml,php3 and so on  
![7](https://user-images.githubusercontent.com/54835964/139025818-e4455585-3712-4bc7-8de0-ff466ed375ac.png)  
change the content-type to gif,filename to xx.phtml  
![8](https://user-images.githubusercontent.com/54835964/139025875-14825380-af01-4de8-81d3-dba28e60eed8.png)  
however,phtml can't be parsed,I find that if the CMS is build with Debian or Ubuntu environment,attack can be succeed.Debian or Ubuntu apache2 configuration file write as follow,it will contains mods-enabled/\*.conf file automatically，which default parse phtml as php  
![9](https://user-images.githubusercontent.com/54835964/139025928-3076580a-9997-4283-a635-02754dddee26.png)  
![10](https://user-images.githubusercontent.com/54835964/139025947-132095db-6ba2-4a6c-b0a1-ab6bfad86fae.png)  
so,access the shell address to complete the attack,this ip is my debian's ip address  
![11](https://user-images.githubusercontent.com/54835964/139025994-fef79609-2feb-4ee7-9066-1811f2d81c1c.png)

CVE-2021-43117: fastadmin v1.2.1 file upload getshell · Issue #1 · ambitiousleader/some-automated-script

GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

*   I looked for a similar issue and couldn't find any.
*   I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
*   I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line ...). I can share files anonymously with this dropbox: https://www.mediafire.com/filedrop/filedrop\_hosted.php?drop=eec9e058a9486fe4e99c33021481d9e1826ca9dbc242a6cfaab0fe95da5e5d95

Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/

**Description**

Forget to check the return value of gf_swf_read_header in gf\_sm\_load\_init\_swf. gf_swf_read_header should fall fast if error is detected.

gf\_swf\_read\_header(read);
load->ctx->scene\_width = FIX2INT(read->width);
load->ctx->scene\_height = FIX2INT(read->height);
load->ctx->is\_pixel\_metrics = 1;

**Verison info**

    MP4Box - GPAC version 2.1-DEV-rev574-g9d5bb184b-master
    (c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
    
    Please cite our work in your research:
    	GPAC Filters: https://doi.org/10.1145/3339825.3394929
    	GPAC: https://doi.org/10.1145/1291233.1291452
    
    GPAC Configuration: --enable-sanitizer
    Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB  GPAC_DISABLE_3D
    

**Reproduce**

compile with

    ./configure --enable-sanitizer
    make
    

run with poc.swf (in attachment)

    ./MP4Box import -add poc.swf
    

crash triggered

    [TXTLoad] Unknown text format for poc.swf
    Failed to connect filter fin PID poc.swf to filter txtin: Feature Not Supported
    Blacklisting txtin as output from fin and retrying connections
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==215517==ERROR: AddressSanitizer: SEGV on unknown address 0x615100000035 (pc 0x7f022cad9afb bp 0x7ffdc954ed70 sp 0x7ffdc954dc40 T0)
    ==215517==The signal is caused by a READ memory access.
        #0 0x7f022cad9afb in gf_sm_load_init_swf scene_manager/swf_parse.c:2667
        #1 0x7f022ca5125f in gf_sm_load_init scene_manager/scene_manager.c:692
        #2 0x7f022d169cea in ctxload_process filters/load_bt_xmt.c:476
        #3 0x7f022cecfbcc in gf_filter_process_task filter_core/filter.c:2750
        #4 0x7f022ce8faf3 in gf_fs_thread_proc filter_core/filter_session.c:1859
        #5 0x7f022ce9c3ee in gf_fs_run filter_core/filter_session.c:2120
        #6 0x7f022c8defd1 in gf_media_import media_tools/media_import.c:1551
        #7 0x56297ebccaec in import_file /home/sumuchuan/Desktop/gpac_fuzz/gpac/applications/mp4box/fileimport.c:1498
        #8 0x56297eb813db in do_add_cat /home/sumuchuan/Desktop/gpac_fuzz/gpac/applications/mp4box/mp4box.c:4508
        #9 0x56297eb813db in mp4box_main /home/sumuchuan/Desktop/gpac_fuzz/gpac/applications/mp4box/mp4box.c:6124
        #10 0x7f0229e69d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
        #11 0x7f0229e69e3f in __libc_start_main_impl ../csu/libc-start.c:392
        #12 0x56297eb5dcb4 in _start (/home/sumuchuan/Desktop/gpac_fuzz/gpac/bin/gcc/MP4Box+0xabcb4)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV scene_manager/swf_parse.c:2667 in gf_sm_load_init_swf
    ==215517==ABORTING
    

**Gdb**

    Program received signal SIGSEGV, Segmentation fault.
    0x00007f2d4fe54afb in gf_sm_load_init_swf (load=load@entry=0x6110000084f0) at scene_manager/swf_parse.c:2667
    2667		load->ctx->scene_width = FIX2INT(read->width);
    LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
    ───────────────────────────────────────────────────────────────────────[ REGISTERS / show-flags off / show-compact-regs off ]────────────────────────────────────────────────────────────────────────
    *RAX  0x611000008508 —▸ 0x604000002a90 —▸ 0x616000001280 ◂— 0x0
     RBX  0xfffecf4d70a ◂— 0x0
     RCX  0xfffecf4d6ea ◂— 0x0
     RDX  0x0
    *RDI  0x615100000035 ◂— 0x0
     RSI  0x0
    *R8   0x611000008528 ◂— 0xa9
     R9   0x610000000bd0 —▸ 0x200000002 ◂— 0x0
     R10  0x610000000bd4 —▸ 0x20000000002 ◂— 0x0
     R11  0x610000000bd0 —▸ 0x200000002 ◂— 0x0
     R12  0x6110000084f0 ◂— 9 /* '\t' */
    *R13  0x6150fffffffd ◂— 0x0
    *R14  0x615000013e4c —▸ 0xb40000000a9 ◂— 0x0
    *R15  0x611000008508 —▸ 0x604000002a90 —▸ 0x616000001280 ◂— 0x0
    *RBP  0x7fff67a6c940 —▸ 0x7fff67a6ca60 —▸ 0x7fff67a6dd60 —▸ 0x7fff67a6ddf0 —▸ 0x7fff67a6def0 ◂— ...
    *RSP  0x7fff67a6b810 ◂— 0xf4dc4ae
    *RIP  0x7f2d4fe54afb (gf_sm_load_init_swf+747) ◂— cvttss2si ecx, dword ptr [r13 + 0x38]
    ────────────────────────────────────────────────────────────────────────────────[ DISASM / x86-64 / set emulate on ]─────────────────────────────────────────────────────────────────────────────────
     ► 0x7f2d4fe54afb <gf_sm_load_init_swf+747>    cvttss2si ecx, dword ptr [r13 + 0x38]
       0x7f2d4fe54b01 <gf_sm_load_init_swf+753>    shr    rax, 3
       0x7f2d4fe54b05 <gf_sm_load_init_swf+757>    cmp    byte ptr [rax + 0x7fff8000], 0
       0x7f2d4fe54b0c <gf_sm_load_init_swf+764>    jne    gf_sm_load_init_swf+2550                <gf_sm_load_init_swf+2550>
     
       0x7f2d4fe54b12 <gf_sm_load_init_swf+770>    mov    rsi, qword ptr [r12 + 0x18]
       0x7f2d4fe54b17 <gf_sm_load_init_swf+775>    test   rsi, rsi
       0x7f2d4fe54b1a <gf_sm_load_init_swf+778>    je     gf_sm_load_init_swf+2570                <gf_sm_load_init_swf+2570>
     
       0x7f2d4fe54b20 <gf_sm_load_init_swf+784>    test   sil, 7
       0x7f2d4fe54b24 <gf_sm_load_init_swf+788>    jne    gf_sm_load_init_swf+2570                <gf_sm_load_init_swf+2570>
     
       0x7f2d4fe54b2a <gf_sm_load_init_swf+794>    lea    rdx, [rsi + 0x18]
       0x7f2d4fe54b2e <gf_sm_load_init_swf+798>    cmp    rsi, -0x18
    ──────────────────────────────────────────────────────────────────────────────────────────[ SOURCE (CODE) ]──────────────────────────────────────────────────────────────────────────────────────────
    In file: /home/sumuchuan/Desktop/gpac_fuzz/gpac/src/scene_manager/swf_parse.c
       2662         read->flags = load->swf_import_flags;
       2663         read->flat_limit = FLT2FIX(load->swf_flatten_limit);
       2664         load->loader_priv = read;
       2665 
       2666         gf_swf_read_header(read);
     ► 2667         load->ctx->scene_width = FIX2INT(read->width);
       2668         load->ctx->scene_height = FIX2INT(read->height);
       2669         load->ctx->is_pixel_metrics = 1;
       2670 
       2671         if (!(load->swf_import_flags & GF_SM_SWF_SPLIT_TIMELINE) ) {
       2672                 swf_report(read, GF_OK, "ActionScript disabled");
    ──────────────────────────────────────────────────────────────────────────────────────────────[ STACK ]──────────────────────────────────────────────────────────────────────────────────────────────
    00:0000│ rsp 0x7fff67a6b810 ◂— 0xf4dc4ae
    01:0008│     0x7fff67a6b818 —▸ 0x7fff67a6c910 —▸ 0x7fff67a6c9b0 —▸ 0x60e000667773 ◂— 0x0
    02:0010│     0x7fff67a6b820 —▸ 0x61100000852c —▸ 0x2b000000000 ◂— 0x0
    03:0018│     0x7fff67a6b828 —▸ 0x611000008528 ◂— 0xa9
    04:0020│     0x7fff67a6b830 —▸ 0x7fff67a6b850 ◂— 0x41b58ab3
    05:0028│     0x7fff67a6b838 —▸ 0x611000008530 —▸ 0x6020000002b0 ◂— '/tmp/gpac_cache'
    06:0030│     0x7fff67a6b840 —▸ 0x611000008548 —▸ 0x615000013e00 —▸ 0x6110000084f0 ◂— 9 /* '\t' */
    07:0038│     0x7fff67a6b848 —▸ 0x7fff67a6b850 ◂— 0x41b58ab3
    ────────────────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]────────────────────────────────────────────────────────────────────────────────────────────
     ► f 0   0x7f2d4fe54afb gf_sm_load_init_swf+747
       f 1   0x7f2d4fdcc260 gf_sm_load_init+896
       f 2   0x7f2d504e4ceb ctxload_process+2283
       f 3   0x7f2d5024abcd gf_filter_process_task+3181
       f 4   0x7f2d5020aaf4 gf_fs_thread_proc+2244
       f 5   0x7f2d502173ef gf_fs_run+447
       f 6   0x7f2d4fc59fd2 gf_media_import+16210
       f 7   0x565119c9faed import_file+15133
    ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
    
    

**Backtrace**

    pwndbg> bt
    #0  0x00007f2d4fe54afb in gf_sm_load_init_swf (load=load@entry=0x6110000084f0) at scene_manager/swf_parse.c:2667
    #1  0x00007f2d4fdcc260 in gf_sm_load_init (load=load@entry=0x6110000084f0) at scene_manager/scene_manager.c:692
    #2  0x00007f2d504e4ceb in ctxload_process (filter=<optimized out>) at filters/load_bt_xmt.c:476
    #3  0x00007f2d5024abcd in gf_filter_process_task (task=0x607000001520) at filter_core/filter.c:2750
    #4  0x00007f2d5020aaf4 in gf_fs_thread_proc (sess_thread=sess_thread@entry=0x616000000410) at filter_core/filter_session.c:1859
    #5  0x00007f2d502173ef in gf_fs_run (fsess=fsess@entry=0x616000000380) at filter_core/filter_session.c:2120
    #6  0x00007f2d4fc59fd2 in gf_media_import (importer=importer@entry=0x7fff67a6ee20) at media_tools/media_import.c:1551
    #7  0x0000565119c9faed in import_file (dest=<optimized out>, inName=inName@entry=0x7fff67a832c8 "fake.swf", import_flags=0, force_fps=..., frames_per_sample=0, fsess=fsess@entry=0x0, mux_args_if_first_pass=<optimized out>, mux_sid_if_first_pass=<optimized out>, tk_idx=<optimized out>) at fileimport.c:1498
    #8  0x0000565119c543dc in do_add_cat (argv=<optimized out>, argc=<optimized out>) at mp4box.c:4508
    #9  mp4box_main (argc=<optimized out>, argv=<optimized out>) at mp4box.c:6124
    #10 0x00007f2d4d1e4d90 in __libc_start_call_main (main=main@entry=0x565119c30bc0 <main>, argc=argc@entry=4, argv=argv@entry=0x7fff67a82d98) at ../sysdeps/nptl/libc_start_call_main.h:58
    #11 0x00007f2d4d1e4e40 in __libc_start_main_impl (main=0x565119c30bc0 <main>, argc=4, argv=0x7fff67a82d98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff67a82d88) at ../csu/libc-start.c:392
    #12 0x0000565119c30cb5 in _start ()
    

**Credit**

xdchase

**POC**

poc-segfault.zip

CVE-2022-47086: missing check in gf_sm_load_init_swf, causing Segmentation fault · Issue #2337 · gpac/gpac

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

WatchTowerHQ Website Monitoring: Done Right  
Fed up with using tools that get sold to GoDaddy, lose their founding team, and slowly die?  
Tired of half-assed customer service that takes 72-144 hours to get a response?  
Looking for one solution to cut the costs of many tools?  
Our founding team is intact and not only focused on a world-class customer service experience, we’re focused on making WatchTowerHQ the best tool agencies and companies turn to when managing multiple websites.

**Automated Updates**

Set it and forget it by scheduling WordPress theme and plugin updates in advance. Every Tuesday at 7am? Not a problem with WatchTowerHQ

**Performance Insights**

Wondering why no one stays on your website? It’s probably because it’s slow…like Ford Fiesta slow. Figure out what you need to do to transform it into the Porsche it deserves to be.

**Daily Backups**

Take them daily, store them for a year. Don’t be at the mercy of the intern who accidentally deleted all of your blog posts from the last 6 years. Restore them quickly from one of your backups. Automate these as you would like, or take them manually.

**Historical Data Tracking**

A snapshot in time is great for some. You’re not some. Most are like you, they want to see how data looks over time. Screen shots from last May? Easy peasy. Site speed today relative to 2 months ago? One click.

**Notifications?**

We’ve got you covered. You control who gets alerts, which alerts they get, and when. All for you to control within your account.

**Domain and SSL Registration Monitoring**

The dreaded call from a client at 12:47am when they realize their domain has expired and a 12 year old North Korean is holding it hostage for 72 BTC. Don’t let that happen to you or your clients. Always know when your domain or SSL certificate are about to expire so you can proactively renew.

**Real-time Uptime Monitoring**

Kiss false positives good-bye. Set your limits, get updated when they’re triggered.

**One-Click Access**

Access your WordPress site or staging environment with one click right from the website dashboard.  
WatchTowerHQ is the most robust website monitoring and management tool. Increase operational efficiency by eliminating wasted time, improving your security, and taking preventive action.

**Custom User Roles**

Select from one of WatchTowerHQ’s user roles with granular permissions selection or create custom roles to fit your organizational needs.

Please note that WatchTowerHQ tracks information about your site including:  
\* Domain information (Registrar, DNS, SSL, Blacklist Status, Site & Proxy IP addresses)  
\* WordPress plugins, themes, and core  
\* Google Lighthouse & Google Analytics data  
\* Screen captures  
\* CSS & JavaScript code

After installing the WatchTowerHQ plugin you will need to do a few things to start monitoring your site.  
1\. Activate the WatchTowerHQ plugin.  
2\. Copy the access token found in the WatchTowerHQ Settings (you will need this in a future step).  
3\. Go to WatchTowerHQ to sign up for an account.  
4\. Fill in information about your websites – including the access token that you’d copied earlier.  
5\. Save the website’s information once complete. Happy monitoring!

If you’ve already signed up on WatchTowerHQ, you can also follow the alternative installation:  
1\. Download the WatchTowerHQ client from the Settings dropdown menu  
2\. Go to the Plugins tab in WordPress and select “Add New Plugin”.  
3\. Click the “Upload Plugin” button and upload the zip file you downloaded from WatchTowerHQ.  
4\. Click to activate the client and copy the access token from the WatchTowerHQ settings.  
5\. Go to the “Add new website” form found on the Websites page of your WatchTowerHQ dashboard.  
6\. Select WordPress as your CMS and paste the access token in the space.

**Can I have multiple environments on WatchTowerHQ?**

Yes, you can include your development and other environments to your WatchTowerHQ account for convenient one-click access.

**What does WatchTowerHQ do with my site’s information?**

The information tracked by WatchTowerHQ is used to provide real-time analytics and alerts on your site’s status including vulnerabilities, site downtime, and performance. As well as to notify you about WordPress-specific issues such as abandoned plugins.

**How much is WatchTowerHQ?**

To view our plans and get started with WatchTowerHQ check out our website.

**Can I limit access to other users?**

We have a number of standard roles, that many users requested, along with that we’ve created custom user roles. With custom user roles the options are endless to the access that you can give any one user. Custom User roles are included in all plans at no additional cost.

It's packed with features. One of the best tools available to manage my websites.

Read all 1 review

“WatchTowerHQ” is open source software. The following people have contributed to this plugin.

Contributors

*    watchtowerhq

**3.6.20**

*   remove unused code

**3.6.19**

*   db backup fix

**3.6.18**

*   WordPress 6.1.x compatibility declaration update

**3.6.17**

*   Fix security issue

**3.6.16**

*   Fix security issue

**3.6.15**

*   Fix theme updates info

**3.6.13**

*   Fix plugin updates info

**3.6.12**

*   Fix plugin slug

**3.6.11**

*   Fix plugin slug

**3.6.10**

*   WP 6.x compatibility declaration

**3.6.7**

*   WP 5.9.x compatibility declaration

**3.6.6**

*   fix open basedir warnings

**3.6.1**

*   Add endpoint for removing database backup file

**3.6.0**

*   updated action scheduler

**3.5.69**

*   WP Engine – exception

**3.5.67**

*   code improvements

**3.5.65**

*   code improvements
*   fetch info about debug log

**3.5.1**

*   update action scheduler

**3.5.0**

*   new backup system

**3.4.16**

*   WordPress 5.8 compatibility

**3.4.15**

*   fix UI issue

**3.4.13**

*   better settings UI

**3.4.12**

*   allow resume downloading backup
*   include backup integrity checksum to confirm error free transfer

**3.4.10**

*   code refactoring

**3.4.9**

*   update composer properties

**3.4.8**

*   WordPress 5.7 compatibility

**3.4.4**

*   new backup queue file limits

**3.4.2**

*   increase timeout

**3.4.0**

*   added ZipArchive fallback

**3.3.10**

*   fix curl timeout

**3.3.7**

*   minimum PHP version: 7.1

**3.3.6**

*   readme improvements

**3.3.0**

*   WordPress.org first release.
*   removed custom updates library

Search

lenovo warranty check/lookup | check warranty status | lenovo support us